Lucene search
+L

330 matches found

Qualys Blog
Qualys Blog
added 2025/05/15 4:22 p.m.33 views

Fileless Execution: PowerShell Based Shellcode Loader Executes Remcos RAT

Cybercriminals are progressively turning PowerShell to launch stealthy attacks that evade traditional antivirus and endpoint defenses. By running code directly in memory, these threats leave minimal evidence on disk, making them particularly challenging to detect. A recent example is Remcos RAT, ...

7.9AI score
Exploits0
HackRead
HackRead
added 2025/05/15 3:22 p.m.15 views

Fileless Remcos RAT Attack Evades Antivirus Using PowerShell Scripts

A new wave of attacks uses PowerShell and LNK files to secretly install Remcos RAT, enabling full remote…...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2025/03/28 10:0 a.m.12 views

Gamaredon campaign abuses LNK files to distribute Remcos backdoor

Cisco Talos is actively tracking an ongoing campaign targeting users in Ukraine with malicious LNK files, which run a PowerShell downloader, since at least November 2024. The file names use Russian words related to the movement of troops in Ukraine as a lure. The PowerShell downloader contacts...

8AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2025/03/18 12:0 a.m.14 views

(0Day) Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

7CVSS7.1AI score0.63102EPSS
Exploits3
Trellix
Trellix
added 2024/11/07 12:0 a.m.11 views

New Stealer Uses Invalid Cert To Compromise Systems

New Stealer Uses Invalid Cert To Compromise Systems By Mohinder Gill, Mallikarjun Wali and Sangram Mohapatro · November 07, 2024 A new Stealer has been making the rounds. Its name: Fickle. Fickle Stealer is a new Rust-based information stealer that spreads through various attack vectors, includin...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/11/01 1:0 p.m.16 views

Finding the LNK: Techniques and methodology for advanced analysis with Velociraptor

Malicious exploitation of LNK files, commonly known as Windows shortcuts, is a well-established technique used by threat actors for delivery and persistence. While the value of LNK forensics for cyber threat intelligence CTI is fairly well-understood, analysts may overlook less well-known data...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2024/10/17 10:15 a.m.63 views

SideWinder APT Strikes Middle East and Africa With Stealthy Multi-Stage Attack

An advanced persistent threat APT actor with suspected ties to India has sprung forth with a flurry of attacks against high-profile entities and strategic infrastructures in the Middle East and Africa. The activity has been attributed to a group tracked as SideWinder, which is also known as...

9.3CVSS8.8AI score0.99945EPSS
Exploits33
The Hacker News
The Hacker News
added 2024/10/16 7:20 a.m.13 views

Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack

A new spear-phishing campaign targeting Brazil has been found delivering a banking malware called Astaroth aka Guildma by making use of obfuscated JavaScript to slip past security guardrails. "The spear-phishing campaign's impact has targeted various industries, with manufacturing companies, reta...

7.8AI score
Exploits0
The Hacker News
The Hacker News
added 2024/10/02 3:8 p.m.20 views

Fake Job Applications Deliver Dangerous More_eggs Malware to HR Professionals

A spear-phishing email campaign has been observed targeting recruiters with a JavaScript backdoor called Moreeggs, indicating persistent efforts to single out the sector under the guise of fake job applications. "A sophisticated spear-phishing lure tricked a recruitment officer into downloading a...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/09/10 8:49 p.m.79 views

Patch Tuesday - September 2024

Microsoft is addressing 79 vulnerabilities this September 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for four of the vulnerabilities published today; at time of writing, all four are listed on CISA KEV. Microsoft is also patching four critical...

9.9CVSS9.1AI score0.8399EPSS
Exploits3
The Hacker News
The Hacker News
added 2024/08/23 3:2 p.m.27 views

PEAKLIGHT Downloader Deployed in Attacks Targeting Windows with Malicious Movie Downloads

Cybersecurity researchers have uncovered a never-before-seen dropper that serves as a conduit to launch next-stage malware with the ultimate goal of infecting Windows systems with information stealers and loaders. "This memory-only dropper decrypts and executes a PowerShell-based downloader,"...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2024/08/12 3:43 a.m.26 views

EastWind Attack Deploys PlugY and GrewApacha Backdoors Using Booby-Trapped LNK Files

The Russian government and IT organizations are the target of a new campaign that delivers a number of backdoors and trojans as part of a spear-phishing campaign codenamed EastWind. The attack chains are characterized by the use of RAR archive attachments containing a Windows shortcut LNK file...

7.9AI score
Exploits0
The Hacker News
The Hacker News
added 2024/06/21 1:42 p.m.36 views

Chinese Hackers Deploy SpiceRAT and SugarGh0st in Global Espionage Campaign

A previously undocumented Chinese-speaking threat actor codenamed SneakyChef has been linked to an espionage campaign primarily targeting government entities across Asia and EMEA Europe, Middle East, and Africa with SugarGh0st malware since at least August 2023. "SneakyChef uses lures that are...

7.4AI score
Exploits0
Talos Blog
Talos Blog
added 2024/06/21 12:0 p.m.20 views

Unveiling SpiceRAT: SneakyChef's latest tool targeting EMEA and Asia

Cisco Talos discovered a new remote access trojan RAT dubbed SpiceRAT, used by the threat actor SneakyChef in a recent campaign targeting government agencies in EMEA and Asia. We observed that SneakyChef launched a phishing campaign, sending emails delivering SugarGh0st and SpiceRAT with the same...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2024/04/18 10:31 a.m.30 views

How to Conduct Advanced Static Analysis in a Malware Sandbox

Sandboxes are synonymous with dynamic malware analysis. They help to execute malicious files in a safe virtual environment and observe their behavior. However, they also offer plenty of value in terms of static analysis. See these five scenarios where a sandbox can prove to be a useful tool in yo...

7.6AI score
Exploits0
Talos Blog
Talos Blog
added 2024/04/11 6:0 p.m.19 views

The internet is already scary enough without April Fool’s jokes

I feel like over the past several years, the "holiday" that is April Fools Day has really died down. At this point, there are few headlines you can write that would be more ridiculous than something youd find on a news site any day of the week. And there are so many more serious issues that are...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/03/20 10:0 p.m.38 views

The Updated APT Playbook: Tales from the Kimsuky threat actor group

Co-authors are Christiaan Beek and Raj Samani Within Rapid7 Labs we continually track and monitor threat groups. This is one of our key areas of focus as we work to ensure that our ability to protect customers remains constant. As part of this process, we routinely identify evolving tactics from...

7.8AI score
Exploits0
The Hacker News
The Hacker News
added 2024/01/30 1:45 p.m.42 views

China-Linked Hackers Target Myanmar's Top Ministries with Backdoor Blitz

The China-based threat actor known as Mustang Panda is suspected to have targeted Myanmar's Ministry of Defence and Foreign Affairs as part of twin campaigns designed to deploy backdoors and remote access trojans. The findings come from CSIRT-CTI, which said the activities took place in November...

7.2AI score
Exploits0
Trellix
Trellix
added 2024/01/18 12:0 a.m.16 views

JAVA-based Sophisticated Stealer Using Discord Bot as EventListener

JAVA-Based Sophisticated Stealer Using Discord Bot as EventListener By Trellix · January 18, 2024 This blog was written by Gurumoorthi Ramanathan Executive Summary: In mid-November 2023, Trellix Advanced Research Center team members observed a Java-based stealer being spread through cracked...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2024/01/04 8:55 a.m.27 views

UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RAT

The threat actor known as UAC-0050 is leveraging phishing attacks to distribute Remcos RAT using new strategies to evade detection from security software. "The group's weapon of choice is Remcos RAT, a notorious malware for remote surveillance and control, which has been at the forefront of its...

7.1AI score
Exploits0
Rows per page
Query Builder