PT-2026-27630

Name of the Vulnerable Software and Affected Versions PinchTab versions prior to 0.8.5 Description PinchTab, a standalone HTTP server for controlling a Chrome browser with AI agents, contains a Windows-only command injection issue within the orphaned Chrome cleanup path. The issue arises because...

PT-2026-3035

MTPutty 1.0.1.21 contains a sensitive information disclosure vulnerability that allows local attackers to view SSH connection passwords through Windows PowerShell process listing. Attackers can run a PowerShell command to retrieve the full command line of MTPutty processes, exposing plaintext SSH...

WMI Event Subscription Interval Persistence

This Metasploit module will create a permanent WMI event subscription to achieve file-less persistence using an event filter that triggers the payload after the specified CALLBACKINTERVAL. If the persistence is not installed, it will keep triggering payloads to spawn. Additionally a custom comman...

GHSA-WPHJ-FX3Q-84CH systeminformation has a Command Injection vulnerability in fsSize() function on Windows

Summary The fsSize function in systeminformation is vulnerable to OS Command Injection CWE-78 on Windows systems. The optional drive parameter is directly concatenated into a PowerShell command without sanitization, allowing arbitrary command execution when user-controlled input reaches this...

CVE-2025-68154

systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the fsSize function in systeminformation is vulnerable to OS command injection on Windows systems. The optional drive parameter is directly concatenated into a PowerShell command without...

CVE-2025-68154 Command Injection in fsSize() on Windows

systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the fsSize function in systeminformation is vulnerable to OS command injection on Windows systems. The optional drive parameter is directly concatenated into a PowerShell command without...

Ukraine Aid Groups Targeted Through Fake Zoom Meetings and Weaponized PDF Files

Cybersecurity researchers have disclosed details of a coordinated spear-phishing campaign dubbed PhantomCaptcha targeting organizations associated with Ukraine's war relief efforts to deliver a remote access trojan that uses a WebSocket for command-and-control C2. The activity, which took place o...

EUVD-2020-21918

Malware in sbrugna...

CVE-2020-9326

BeyondTrust Privilege Management for Windows and Mac aka PMWM; formerly Avecto Defendpoint 5.1 through 5.5 before 5.5 SR1 mishandles command-line arguments with PowerShell .ps1 file extensions present, leading to a DefendpointService.exe crash...

CVE-2020-29552

An issue was discovered in URVE Build 24.03.2020. By using the internal/pc/vpro.php?mac=0=0=0=0=0%3bpowershell+-c+" substring, it is possible to execute a Powershell command and redirect its output to a file under the web root...

Authenticated Command Injection

github.com/nrkno/terraform-provider-windns is vulnerable to Authenticated command injection. The vulnerability is due to lack of input sanitization in the windnsrecord resource. Specifically, user-supplied inputs were not properly sanitized before being passed to the underlying PowerShell command...

CVE-2025-46735 Terraform WinDNS Provider improperly sanitizes input variables in `windns_record`

Terraform WinDNS Provider allows users to manage their Windows DNS server resources through Terraform. A security issue has been found in Terraform WinDNS Provider before version 1.0.5. The windnsrecord resource did not sanitize the input variables. This could lead to authenticated command...

An error occurs when specifying the license server by IP address in Citrix Studio

In Citrix Studio, select Licensing from the left-hand tree and click Change License Server, when entering IP address in the "Change License Server" window that appears, the message "Connected to a trusted server" is displayed. However, when returning to Studio, the error message "Cannot connect t...

APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware

An advanced persistent threat APT group with ties to Pakistan has been attributed to the creation of a fake website masquerading as India's public sector postal system as part of a campaign designed to infect both Windows and Android users in the country. Cybersecurity company CYFIRMA has...

PVS Configuration Wizard Error: Insufficient Privileges

When creating a new PVS farm by running configuration wizard, and selecting option to register the PVS server with a CVAD farm, configuration wizard returns an error: The current user needs to be a Machine catalog Administrator or higher on the Citrix Virtual Desktops Controller at "servername"...

VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware

Cybersecurity researchers have uncovered two malicious extensions in the Visual Studio Code VSCode Marketplace that are designed to deploy ransomware that's under development to its users. The extensions, named "ahban.shiba" and "ahban.cychelloworld," have since been taken down by the marketplace...

SMB Windows Full Build Number

Gets the full build number of a Windows operating system using PowerShell via SMB. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if descripti...

"Windows Script Host must be enabled for the duration of setup process"

Challenge While attempting to Install or Upgrade Veeam Backup & Replication, the installer displays the message: Windows Script Host must be enabled for the duration of setup process, Refer to KB4699 for more information https:// www.veeam.com/kb4699. Cause This message is displayed when the...

Unmasking Lumma Stealer: Analyzing Deceptive Tactics with Fake CAPTCHA

Summary Lumma Stealer is an information-stealing malware available through a Malware-as-a-Service MaaS. It specializes in stealing sensitive data such as passwords, browser information, and cryptocurrency wallet details. The attacker has advanced its tactics, moving from traditional phishing to...

This Windows PowerShell Phish Has Scary Potential

ManyGitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing...