Lucene search
K

216 matches found

Rapid7 Blog
Rapid7 Blog
added 2026/03/10 1:0 p.m.19 views

When Trusted Websites Turn Malicious: WordPress Compromises Advance Global Stealer Operation

Overview Rapid7 Labs has identified and analyzed an ongoing, widespread compromise of legitimate, potentially highly trusted WordPress websites, misused by an unidentified threat actor to inject a ClickFix implant impersonating a Cloudflare human verification challenge CAPTCHA. The lure is design...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/06 2:33 p.m.16 views

Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT

Cybersecurity researchers have disclosed details of a multi-stage malware campaign that uses batch scripts as a pathway to deliver various encrypted remote access trojan RATs payloads that correspond to XWorm, AsyncRAT, and Xeno RAT. The stealthy attack chain has been codenamed VOIDGEIST by...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/06 12:0 a.m.6 views

Targeted Bit-Flip Attacks on LLM-Based Agents

Targeted bit-flip attacks BFAs exploit hardware faults to manipulate model parameters, posing a significant security threat. While prior work targets single-step inference models e.g., image classifiers, LLM-based agents with multi-stage pipelines and external tools present new attack surfaces,...

5.8AI score
Exploits0
Securelist
Securelist
added 2026/02/17 9:0 a.m.16 views

Divide and conquer: how the new Keenadu backdoor exposed links between major Android botnets

In April 2025, we reported on a then-new iteration of the Triada backdoor that had compromised the firmware of counterfeit Android devices sold across major marketplaces. The malware was deployed to the system partitions and hooked into Zygote – the parent process for all Android apps – to infect...

6.7AI score
Exploits0
Trellix
Trellix
added 2026/02/17 12:0 a.m.9 views

Technical Deep Dive: The Monero Mining Campaign

Technical Deep Dive: The Monero Mining Campaign By Aswath A · February 17, 2026 Executive summary In the contemporary threat landscape, while ransomware grabs headlines with high-impact disruptions, cryptojacking operations have quietly evolved into sophisticated, persistent threats. This report...

7.8CVSS8.2AI score0.00605EPSS
Exploits1
The Hacker News
The Hacker News
added 2026/02/09 2:42 p.m.12 views

SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers

Microsoft has revealed that it observed a multi‑stage intrusion that involved the threat actors exploiting internet‑exposed SolarWinds Web Help Desk WHD instances to obtain initial access and move laterally across the organization's network to other high-value assets. That said, the Microsoft...

9.8CVSS8.2AI score0.8833EPSS
Exploits7
Microsoft Secure
Microsoft Secure
added 2026/02/07 1:8 a.m.14 views

Analysis of active exploitation of SolarWinds Web Help Desk

The Microsoft Defender Research Team observed a multi‑stage intrusion where threat actors exploited internet‑exposed SolarWinds Web Help Desk WHD instances to get an initial foothold and then laterally moved towards other high-value assets within the organization. However, we have not yet confirm...

9.8CVSS9.6AI score0.8833EPSS
Exploits5
Github Security Blog
Github Security Blog
added 2026/02/06 7:37 p.m.14 views

A single post-release of dydx-v4-client contained obfuscated multi-stage loader

A PyPI user account compromised by an attacker and was able to upload a malicious version 1.1.5.post1 of the dydx-v4-client package. This version contains a highly obfuscated multi-stage loader that ultimately executes malicious code on the host system. While the final payload is not visible...

5.8AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/02/06 7:37 p.m.8 views

GHSA-4F84-67CV-QRV3 A single post-release of dydx-v4-client contained obfuscated multi-stage loader

A PyPI user account compromised by an attacker and was able to upload a malicious version 1.1.5.post1 of the dydx-v4-client package. This version contains a highly obfuscated multi-stage loader that ultimately executes malicious code on the host system. While the final payload is not visible...

9.3CVSS5.8AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/06 1:25 a.m.7 views

CVE-2025-68643

Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...

5.4CVSS5.4AI score0.00177EPSS
Exploits0References1
OSV
OSV
added 2026/02/05 5:16 p.m.5 views

CVE-2025-68643

Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...

5.4CVSS5.8AI score0.00177EPSS
Exploits0References2
CVE
CVE
added 2026/02/05 12:0 a.m.11 views

CVE-2025-68643

Axigen Mail Server prior to 10.5.57 is affected by a stored XSS in the timeFormat account preference. The vulnerability allows an attacker to inject a malicious JavaScript payload into timeFormat, which is later loaded from storage and inserted into the DOM when the WebMail interface is accessed,...

5.4CVSS5.4AI score0.00177EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/02/05 12:0 a.m.6 views

EUVD-2025-206860

Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...

5.4AI score0.00177EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/05 12:0 a.m.27 views

CVE-2025-68643

Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...

0.00177EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/05 12:0 a.m.4 views

CVE-2025-68643

Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...

5.5AI score0.00177EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/05 12:0 a.m.4 views

CVE-2025-68643

Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...

5.4AI score0.00177EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2026/02/02 5:47 a.m.8 views

eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware

The update infrastructure for eScan antivirus, a security solution developed by Indian cybersecurity company MicroWorld Technologies, has been compromised by unknown attackers to deliver a persistent downloader to enterprise and consumer systems. "Malicious updates were distributed through eScan'...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/23 8:25 a.m.10 views

Microsoft Flags Multi-Stage AitM Phishing and BEC Attacks Targeting Energy Firms

Microsoft has warned of a multi‑stage adversary‑in‑the‑middle AitM phishing and business email compromise BEC campaign targeting multiple organizations in the energy sector. "The campaign abused SharePoint file‑sharing services to deliver phishing payloads and relied on inbox rule creation to...

5.9AI score
Exploits0
GithubExploit
GithubExploit
added 2026/01/21 7:51 a.m.224 views

Exploit for Out-of-bounds Write in Msi Afterburner

VortexCry-Ransomware VortexCry is an advanced ransomware that...

7.8CVSS5.5AI score0.18188EPSS
Exploits5
The Hacker News
The Hacker News
added 2026/01/13 9:8 a.m.14 views

New Malware Campaign Delivers Remcos RAT Through Multi-Stage Windows Attack

Cybersecurity researchers have disclosed details of a new campaign dubbed SHADOWREACTOR that employs an evasive multi-stage attack chain to deliver a commercially available remote administration tool called Remcos RAT and establish persistent, covert remote access. "The infection chain follows a...

6.9AI score
Exploits0
Rows per page
Query Builder