New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD Attack

Cybersecurity researchers have disclosed details of a new ransomware family called Osiris that targeted a major food service franchisee operator in Southeast Asia in November 2025. The attack leveraged a malicious driver called POORTRY as part of a known technique referred to as bring your own...

Malicious code in @odoreltd/osiris-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 32a73b3fd49b5ad7e472425aec55d80718039bee3d41c8a3f9eb7d5fccfed450 The OpenSSF Package Analysis project identified '@odoreltd/osiris-api' @ 5.5.9 npm as malicious. It is considered malicious because: - The packa...

EUVD-2025-35024

Malicious code in @odoreltd/osiris-api npm...

MAL-2025-48517 Malicious code in @odoreltd/osiris-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 32a73b3fd49b5ad7e472425aec55d80718039bee3d41c8a3f9eb7d5fccfed450 The OpenSSF Package Analysis project identified '@odoreltd/osiris-api' @ 5.5.9 npm as malicious. It is considered malicious because: - The packa...

EUVD-2006-3117

Malware in sbrugna...

Popular Malware Families Using 'Process Doppelgänging' to Evade Detection

The fileless code injection technique called Process Doppelgänging is actively being used by not just one or two but a large number of malware families in the wild, a new report shared with The Hacker News revealed. Discovered in late 2017, Process Doppelgänging is a fileless variation of Process...

Osiris Banking Trojan Displays Modern Malware Innovation

After staying dormant for few years, the Kronos banking trojan resurfaced in July in a form dubbed Osiris. A wider analysis of how the banking trojan is evolving shows innovative development on the part of its authors, with an eye to broader malware trends. Osiris first appeared in July in three...

Process Doppelgänging meets Process Hollowing in Osiris dropper

One of the Holly Grails for malware authors is a perfect way to impersonate a legitimate process. That would allow them to run their malicious module under the cover, being unnoticed by antivirus products. Over the years, various techniques have emerged in helping them to get closer to this goal...

Kronos Banking Trojan Surfaces After Years of Silence

The Kronos banking trojan is back from the malware dustbin. After years of lying dormant, hackers have reworked the underlying code and are actively targeting victims in Germany, Japan and Poland. The latest variant has incorporated a new command-and-control feature designed to work with the Tor...

Debian Security Advisory DSA 1129-1 (orisis)

The remote host is missing an update to orisis announced via advisory DSA 1129-1. Ulf Harnhammar and Max Vozeler from the Debian Security Audit Project have found several format string security bugs in osiris, a network-wide system integrity monitor control interface. A remote attacker could...

Debian: Security Advisory (DSA-1129)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Osiris Logging.C格式串漏洞

Osiris是一款网络系统完整性监视控制接口。 Osiris Logging.c不正确处理参数数据，远程攻击者可以利用漏洞进行格式串攻击，可能以进程权限执行任意指令 Shmoo Osiris 4.2 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1...

Debian DSA-1129-1 : osiris - format string

Ulf Harnhammar and Max Vozeler from the Debian Security Audit Project have found several format string security bugs in osiris, a network-wide system integrity monitor control interface. A remote attacker could exploit them and cause a denial of service or execute arbitrary code. %NASLMINLEVEL...

CVE-2006-3120

Format string vulnerability in Brian Wotring Osiris before 4.2.1 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via unspecified attack vectors related to the logging functions...

CVE-2006-3120

Format string vulnerability in Brian Wotring Osiris before 4.2.1 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via unspecified attack vectors related to the logging functions...

CVE-2006-3120

Osiris (osiris) vulnerable to a format-string flaw in its logging functions prior to version 4.2.1. A remote attacker could cause a denial of service (application crash) and potentially execute arbitrary code. Debian advisories indicate fixes: 4.0.6-1sarge1 for the stable (sarge) release and 4.2....

CVE-2006-3120

Format string vulnerability in Brian Wotring Osiris before 4.2.1 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via unspecified attack vectors related to the logging functions...

[SECURITY] [DSA 1129-1] New osiris packages fix arbitrary code execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1129-1 [email protected] http://www.debian.org/security/ Martin Schulze July 28th, 2006 http://www.debian.org/security/faq -...

Osiris system integrity monitor format string vulnerability

No description provided...

[SECURITY] [DSA 1129-1] New osiris packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 1129-1 [email protected] http://www.debian.org/security/ Martin Schulze July 28th, 2006 http://www.debian.org/security/faq -...