PT-2026-29252

InfCode's terminal auto-execution module contains a critical command filtering vulnerability that renders its blacklist security mechanism completely ineffective. The predefined blocklist fails to cover native high-risk commands in Windows PowerShell such as powershell, and the matching algorithm...

CVE-2026-30309

InfCode's terminal auto-execution module contains a critical command filtering vulnerability that renders its blacklist security mechanism completely ineffective. The predefined blocklist fails to cover native high-risk commands in Windows PowerShell such as powershell, and the matching algorithm...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the Windows cleanup routine when a crafted profile name containing PowerShell metacharacters is used. An attacker can execute arbitrary PowerShell commands with the privileges of the application process user by...

Dust Specter Targets Iraqi Officials with New SPLITDROP and GHOSTFORM Malware

A suspected Iran-nexus threat actor has been attributed to a campaign targeting government officials in Iraq by impersonating the country's Ministry of Foreign Affairs to deliver a set of never-before-seen malware. Zscaler ThreatLabz, which observed the activity in January 2026, is tracking the...

New ClickFix Attack Targets Crypto Wallets and 25+ Browsers with Infostealer

Researchers at CyberProof have identified a new fake captcha campaign linked to the ClickFix operation. This stealthy infostealer targets over 25 browsers, cryptocurrency wallets like MetaMask, and gaming accounts by tricking users into executing malicious PowerShell commands...

Researchers Expose TA585's MonsterV2 Malware Capabilities and Attack Chain

Cybersecurity researchers have shed light on a previously undocumented threat actor called TA585 that has been observed delivering an off-the-shelf malware called MonsterV2 via phishing campaigns. The Proofpoint Threat Research Team described the threat activity cluster as sophisticated, leveragi...

XWorm 6.0 Returns with 35+ Plugins and Enhanced Data Theft Capabilities

Cybersecurity researchers have charted the evolution of XWorm malware, turning it into a versatile tool for supporting a wide range of malicious actions on compromised hosts. "XWorm's modular design is built around a core client and an array of specialized components known as plugins," Trellix...

EUVD-2020-2419

Malware in sbrugna...

EUVD-2024-20962

Malicious code in bioql PyPI...

Microsoft/Windows Defender Detection (Windows SMB Login)

Detects and gathers information of Microsoft/Windows Defender on Windows operating systems. Supports Windows 7 and Server 2008 onwards. The information is retrieved via Powershell. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and a...

Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers

Microsoft is calling attention to an ongoing malvertising campaign that makes use of Node.js to deliver malicious payloads capable of information theft and data exfiltration. The activity, first detected in October 2024, uses lures related to cryptocurrency trading to trick users into installing ...

5 Active Malware Campaigns in Q1 2025

The first quarter of 2025 has been a battlefield in the world of cybersecurity. Cybercriminals continued launching aggressive new campaigns and refining their attack methods. Below is an overview of five notable malware families, accompanied by analyses conducted in controlled environments...

Threat Actors Exploit ClickFix to Deploy NetSupport RAT in Latest Cyber Attacks

Threat actors have observed the increasingly common ClickFix technique to deliver a remote access trojan named NetSupport RAT since early January 2025. NetSupport RAT, typically propagated via bogus websites and fake browser updates, grants attackers full control over the victim's host, allowing...

CVE-2024-23464

In certain cases, Zscaler Internet Access ZIA can be disabled by PowerShell commands with admin rights. This affects Zscaler Client Connector on Windows 4.2.1...

Coyote Malware Expands Reach: Now Targets 1,030 Sites and 73 Financial Institutions

Brazilian Windows users are the target of a campaign that delivers a banking malware known as Coyote. "Once deployed, the Coyote Banking Trojan can carry out various malicious activities, including keylogging, capturing screenshots, and displaying phishing overlays to steal sensitive credentials,...

Backup or Backup Copy Job for SharePoint, OneDrive, or Teams Data Fails With: "Cannot find object"

Challenge After upgrading Veeam Backup for Microsoft 365 to v8 builds 8.0.2.159 or 8.0.2.200, an incremental backup or a backup copy job protecting SharePoint, OneDrive, or Teams data fails with the error: Cannot find object ... Cause In Object Storage Repositories, the metadata saved for the...

Imperva Protects Against the Exploited CVEs in the Cleo Data Theft Attacks

The Clop ransomware group has once again demonstrated its ability to exploit vulnerabilities to compromise sensitive systems. As Cleo—a managed file transfer provider for businesses—grapples with the aftermath of Clop’s targeted attack on their systems, the spotlight turns to CVE-2024-50623 and...

⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips

This past week has been packed with unsettling developments in the world of cybersecurity. From silent but serious attacks on popular business tools to unexpected flaws lurking in everyday devices, there's a lot that might have flown under your radar. Attackers are adapting old tricks, uncovering...

Cleo多款产品 安全漏洞

Cleo LexiCom and others are products of Cleo Corporation.Cleo LexiCom is an integration platform.Cleo Harmony is a file integration solution.Cleo VLTrader is a secure hosted file transfer software. A security vulnerability exists in various Cleo products that originates from the ability of an...

CVE-2024-55956

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory...