Learning to Look Benign: Targeted Evasion of Malware Detectors Via API Import Injection

Machine learning-based malware detectors are widely deployed in antivirus and endpoint detection systems, yet their reliance on static features makes them vulnerable to adversarial manipulation. This paper investigates whether a malware sample can be intentionally misclassified as a specific beni...

CVE-2026-0230

CVE-2026-0230 affects the Palo Alto Networks Cortex XDR agent on macOS. A flaw in the agent’s protection mechanism lets a local administrator disable the agent, potentially enabling malware to operate without detection. The exposure is local (vector: LOCAL) with high privileges required (PR:H) an...

Palo Alto Networks Cortex XDR Broker VM 安全漏洞

Palo Alto Networks Cortex XDR Broker VM is a secure virtual machine developed by Palo Alto Networks. It integrates with Cortex XDR and can bridge networks with Cortex XDR. There is a security vulnerability in the Palo Alto Networks Cortex XDR agent. This vulnerability stems from issues with the...

CVE-2025-61303

Hatching Triage Sandbox Windows 10 build 2004 2025-08-14 and Windows 10 LTSC 20212025-08-14 contains a vulnerability in its Windows behavioral analysis engine that allows a submitted malware sample to evade detection and cause denial-of-analysis. The vulnerability is triggered when a sample...

EUVD-2004-0918

Malware in sbrugna...

GhostContainer backdoor: malware compromising Exchange servers of high-value organizations in Asia

In a recent incident response IR case, we discovered highly customized malware targeting Exchange infrastructure within government environments. Analysis of detection logs and clues within the sample suggests that the Exchange server was likely compromised via a known N-day vulnerability. Our...

Dark web threats and dark market predictions for 2025

Review of last year's predictions The number of services providing AV evasion for malware cryptors will increase We continuously monitor underground markets for the emergence of new "cryptors," which are tools specifically designed to obfuscate the code within malware samples. The primary purpose...

Flying Under the Radar - Security Evasion Techniques

Dive into the evolution of phishing and malware evasion techniques and understand how attackers are using increasingly sophisticated methods to bypass security measures. The Evolution of Phishing Attacks "I really like the saying that 'This is out of scope' said no hacker ever. Whether it's trick...

Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice

A new phishing campaign has been observed leveraging a novel loader malware to deliver an information stealer and keylogger called Agent Tesla. Trustwave SpiderLabs said it identified a phishing email bearing this attack chain on March 8, 2024. The message masquerades as a bank payment...

CVE-2024-0581

An Uncontrolled Resource Consumption vulnerability has been found on Sandsprite Scdbg.exe, affecting version 1.0. This vulnerability allows an attacker to send a specially crafted shellcode payload to the '/foff' parameter and cause an application shutdown. A malware program could use this...

Code injection

An Uncontrolled Resource Consumption vulnerability has been found on Sandsprite Scdbg.exe, affecting version 1.0. This vulnerability allows an attacker to send a specially crafted shellcode payload to the '/foff' parameter and cause an application shutdown. A malware program could use this...

Mustang Panda APT targets Europe with customized PlugX malware

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The Mustang Panda APT group has been targeting government and public sector organizations across Asia and Europe since at least 2019. Recently, the group has shifted from using archive files to using...

Win32.Ransom.Conti MVID-2022-0662 Cryptography Logic Flaw

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/99e55ce93392068c970384ab24a0e13d.txt Contact: [email protected] Media: twitter.com/malvuln Backup media: infosec.exchange/@malvuln Threat: Win32.Ransom.Conti Vulnerability: Crypto Logic Fla...

Microsoft Warns Rise in XorDdos Malware Targeting Linux Devices

A Linux botnet malware known as XorDdos has witnessed a 254% surge in activity over the last six months, according to latest research from Microsoft. The trojan, so named for carrying out denial-of-service attacks on Linux systems and its use of XOR-based encryption for communications with its...

TrickBot Malware Using New Techniques to Evade Web Injection Attacks

The cybercrime operators behind the notorious TrickBot malware have once again upped the ante by fine-tuning its techniques by adding multiple layers of defense to slip past antimalware products. "As part of that escalation, malware injections have been fitted with added protection to keep...

A New Jupyter Malware Version is Being Distributed via MSI Installers

Cybersecurity researchers have charted the evolution of Jupyter, a .NET infostealer known for singling out healthcare and education sectors, which make it exceptional at defeating most endpoint security scanning solutions. The new delivery chain, spotted by Morphisec on September 8, underscores...

Google Warns of a New Way Hackers Can Make Malware Undetectable on Windows

Cybersecurity researchers have disclosed a novel technique adopted by a threat actor to deliberately evade detection with the help of malformed digital signatures of its malware payloads. "Attackers created malformed code signatures that are treated as valid by Windows but are not able to be...

Threat actors using CAPTCHA to evade phishing, malware detection

By Waqas According to researchers, cybercriminals are abusing legitimate challenge and response services like Google’s reCAPTCHA or deploying customized fake CAPTCHA-like validation. This is a post from HackRead.com Read the original post: Threat actors using CAPTCHA to evade phishing, malware...

Attack AI systems in Machine Learning Evasion Competition

Today, we are launching MLSEC.IO, an educational Machine Learning Security Evasion Competition MLSEC for the AI and security communities to exercise their muscle to attack critical AI systems in a realistic setting. Hosted and sponsored by Microsoft, alongside NVIDIA, CUJO AI, VM-Ray, and MRG...

Attack AI systems in Machine Learning Evasion Competition

Today, we are launching MLSEC.IO, an educational Machine Learning Security Evasion Competition MLSEC for the AI and security communities to exercise their muscle to attack critical AI systems in a realistic setting. Hosted and sponsored by Microsoft, alongside NVIDIA, CUJO AI, VM-Ray, and MRG...