Tsundere Botnet Expands Using Game Lures and Ethereum-Based C2 on Windows

Cybersecurity researchers have warned of an actively expanding botnet dubbed Tsundere that's targeting Windows users. Active since mid-2025, the threat is designed to execute arbitrary JavaScript code retrieved from a command-and-control C2 server, Kaspersky researcher Lisandro Ubiedo said in an...

CVE-2025-11535 MongoDB Connector for BI installation MSI leave ACLs unset on custom installation directories

MongoDB Connector for BI installation via MSI on Windows leaves ACLs unset on custom install directories allows Privilege Escalation.This issue affects MongoDB Connector for BI: from 2.0.0 through 2.14.24...

EUVD-2020-5032

Malware in sbrugna...

EUVD-2020-8229

Malware in sbrugna...

EUVD-2024-33163

Malicious code in bioql PyPI...

EUVD-2024-47737

Malicious code in bioql PyPI...

EUVD-2022-45079

Malicious code in bioql PyPI...

EUVD-2024-35262

Malicious code in bioql PyPI...

CVE-2025-10491 MongoDB Windows installation MSI may leave ACLs unset on custom installation directories

The MongoDB Windows installation MSI may leave ACLs unset on custom installation directories allowing a local attacker to introduce executable code to MongoDB's process via DLL hijacking. This issue affects MongoDB Server v6.0 version prior to 6.0.25, MongoDB Server v7.0 version prior to 7.0.21 a...

CVE-2023-1314

A vulnerability has been discovered in cloudflared's installer = 2023.3.0 for Windows 32-bits devices that allows a local attacker with no administrative permissions to escalate their privileges on the affected device. This vulnerability exists because the MSI installer used by cloudflared relied...

CVE-2022-41975

RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Windows allow local privilege escalation via MSI installer Repair mode...

CVE-2024-42050

The MSI installer for Splashtop Streamer for Windows before 3.7.0.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM via an oplock on CredProviderInst.reg...

CVE-2024-10526

Rapid7 Velociraptor MSI Installer versions below 0.73.3 suffer from a vulnerability whereby it creates the installation directory with WRITEDACL permission to the BUILTIN\Users group. This allows local users who are not administrators to grant themselves the Full Control permission on...

CVE-2024-10526

The provided data confirms CVE-2024-10526 affects Rapid7 Velociraptor MSI Installer before version 0.73.3. The issue stems from the installer creating the installation directory with WRITE_DACL permissions for BUILTIN\Users, enabling non-admin local users to grant themselves Full Control on Veloc...

Rapid7 Velociraptor MSI Installer 安全漏洞

Rapid7 Velociraptor MSI Installer is a unique, advanced, open source endpoint monitoring, digital forensics, and cyber response platform from Rapid7 USA. A security vulnerability exists in Rapid7 Velociraptor MSI Installer prior to version 0.73.3 that originates from the execution of arbitrary co...

CVE-2024-35288

Nitro PDF Pro before 13.70.8.82 and 14.x before 14.26.1.0 allows Local Privilege Escalation in the MSI Installer because custom actions occur unsafely in repair mode. CertUtil is run in a conhost.exe window, and there is a mechanism allowing CTRL+o to launch cmd.exe as NT AUTHORITY\SYSTEM...

CVE-2024-35288

Nitro PDF Pro before 13.70.8.82 and 14.x before 14.26.1.0 allows Local Privilege Escalation in the MSI Installer because custom actions occur unsafely in repair mode. CertUtil is run in a conhost.exe window, and there is a mechanism allowing CTRL+o to launch cmd.exe as NT AUTHORITY\SYSTEM...

CVE-2024-35288

CVE-2024-35288 affects Nitro PDF Pro, specifically versions prior to 13.70.8.82 and 14.x prior to 14.26.1.0. The root cause is unsafe custom actions in the MSI installer when in repair mode, enabling Local Privilege Escalation. CertUtil runs in a conhost.exe window, and there is a mechanism allow...

CVE-2024-35288

Nitro PDF Pro before 13.70.8.82 and 14.x before 14.26.1.0 allows Local Privilege Escalation in the MSI Installer because custom actions occur unsafely in repair mode. CertUtil is run in a conhost.exe window, and there is a mechanism allowing CTRL+o to launch cmd.exe as NT AUTHORITY\SYSTEM...

Nitro PDF Pro Local Privilege Escalation

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Local Privilege Escalation via MSI Installer product: Nitro PDF Pro vulnerable version: 14.26.1.0 13.70.8.82 fixed version: 14.26.1.0 or higher 13.70.8.82 or higher CVE...