Inside a malicious infrastructure delivering EtherRAT, phishing pages, and malicious software

During our recent threat hunting activities, we found EtherRAT malware being distributed by a website with a strange homepage. This homepage allowed us to discover a vast malicious infrastructure distributing malware, malicious documents, remote desktop software, and phishing pages. EtherRAT is a...

CVE-2026-48104 GHSL-2026-120: 7-Zip SquashFS BlockToNode uninitialized heap read

7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain an uninitialized heap read in the SquashFS archive handler caused by a sparsely populated index array. In the SquashFS handler, blockToNode is allocated with capacity for every metadata block but populated...

Astra Linux – Vulnerability in Linux, Linux 5.10

A issue was discovered in fs/nfs/dir.c in the Linux kernel before version 5.16.5. If an application sets the ODIRECTORY flag and attempts to open a regular file, nfsatomicopen performs a regular lookup. If a regular file is found, ENOTDIR should be returned; however, the server instead returns...

CRLF Injection

Overview basic-ftp is a FTP client for Node.js, supports FTPS over TLS, IPv6, Async/Await, and Typescript. Affected versions of this package are vulnerable to CRLF Injection via the login and openDir methods. An attacker can execute arbitrary FTP commands by injecting control characters into...

CVE-2018-4470

A privacy issue in the handling of Open Directory records was addressed with improved indexing. This issue affected versions prior to macOS High Sierra 10.13.6...

EUVD-2015-1290

Malware in sbrugna...

EUVD-2010-1405

Malware in sbrugna...

EUVD-2011-3398

Malware in sbrugna...

EUVD-2018-6669

Malware in sbrugna...

EUVD-2005-3698

Malware in sbrugna...

EUVD-2018-16003

Malware in sbrugna...

EUVD-2010-0552

Malware in sbrugna...

EUVD-2007-5704

Malware in sbrugna...

EUVD-2018-16256

Malware in sbrugna...

EUVD-2011-3190

Malware in sbrugna...

EUVD-2014-5866

Malware in sbrugna...

ksmbd: discard write access to the directory open

...

ERMAC V3.0 Banking Trojan Source Code Leak Exposes Full Malware Infrastructure

Cybersecurity researchers have detailed the inner workings of an Android banking trojan called ERMAC 3.0, uncovering serious shortcomings in the operators' infrastructure. "The newly uncovered version 3.0 reveals a significant evolution of the malware, expanding its form injection and data theft...

Security update for perl

This update for perl fixes the following issues: CVE-2025-40909: do not change the current directory when cloning an open directory handle bsc1244079 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternative...

A tale of enumeration, and why pen testing can’t be automated

TL;DR In an engagement we found an open directory on the internet belonging to our client By enumerating it we found a zip archive with a configuration file holding usernames and passwords That file gave us access to the client’s ArcGIS instance This contained a treasure trove of information abou...