107 matches found
Exploit for CVE-2026-31431
CVE-20...
From fake Proton VPN sites to gaming mods, this Windows infostealer is everywhere
We’ve uncovered multiple campaigns distributing an infostealer we track as NWHStealer , using everything from fake VPN downloads to hardware utilities and gaming mods. What makes this campaign stand out isn’t just the malware, but how widely and convincingly it’s being spread. Once installed, it...
DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files
Threat hunters have disclosed details of a new, stealthy malware campaign dubbed DEADVAX that employs a mix of "disciplined tradecraft and clever abuse of legitimate system features" to bypass traditional detection mechanisms and deploy a remote access trojan RAT known as AsyncRAT. "The attack...
EUVD-2020-10101
Malware in sbrugna...
EUVD-2024-32093
Malicious code in bioql PyPI...
ProcessInjection
It is an offensive tool for Windows. This repository contains proof-of-concept PoC code for injecting a DLL into a running process on Windows. The primary CVE ID is not explicitly stated, but the code appears to target a vulnerability in the Windows operating system. The target product/service is...
sudo_inject
Linux Privilege Escalation by injecting process possessing sudo tokens Inject process that have valid sudo token and activate our own sudo token Introduction We all noticed that sometimes sudo doesn't ask us for a password because he remembers us. How does he remember us and how does he identifie...
Charon Ransomware Hits Middle East Sectors Using APT-Level Evasion Tactics
Cybersecurity researchers have discovered a new campaign that employs a previously undocumented ransomware family called Charon to target the Middle East's public sector and aviation industry. The threat actor behind the activity, according to Trend Micro, exhibited tactics mirroring those of...
New Ransomware Charon Uses Earth Baxia APT Techniques To Target Enterprises
We uncovered Charon, a new ransomware strainfamily that uses advanced APT-style techniques, including DLL sideloading, process injection, and anti-EDR capabilities, to target organizations with customized ransom demands...
New Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises
We uncovered Charon, a new ransomware strainfamily that uses advanced APT-style techniques, including DLL sideloading, process injection, and anti-EDR capabilities, to target organizations with customized ransom demands...
sudo_inject
Linux Privilege Escalation by injecting process possessing sudo tokens Inject process that have valid sudo token and activate our own sudo token Introduction We all noticed that sometimes sudo doesn't ask us for a password because he remembers us. How does he remember us and how does he identifie...
CVE-2020-18174
A process injection vulnerability in setup.exe of AutoHotkey 1.1.32.00 allows attackers to escalate privileges...
The Definitive Guide to Linux Process Injection
...
Blind Eagle Hackers Exploit Spear-Phishing to Deploy RATs in Latin America
Cybersecurity researchers have shed light on a threat actor known as Blind Eagle that has persistently targeted entities and individuals in Colombia, Ecuador, Chile, Panama, and other Latin American nations. Targets of these attacks span several sectors, including governmental institutions,...
PoolParty - A Set Of Fully-Undetectable Process Injection Techniques Abusing Windows Thread Pools
A collection of fully-undetectable process injection techniques abusing Windows Thread Pools. Presented at Black Hat EU 2023 Briefings under the title - injection-techniques-using-windows-thread-pools-35446"The Pool Party You Will Never Forget: New Process Injection Techniques UsingWindows Thread...
CVE-2024-3507
Improper privilege management vulnerability in Lunar software that affects versions 6.0.2 through 6.6.0. This vulnerability allows an attacker to perform a secondary process injection into the Lunar application and abuse those rights to access sensitive user information...
CVE-2024-3507
CVE-2024-3507 affects Lunar software versions 6.0.2 through 6.6.0. The issue is an improper privilege management flaw that enables a secondary process injection into the Lunar application, allowing an attacker to abuse rights to access sensitive user information. Documented impact is high for con...
CVE-2024-3507 Privilege escalation vulnerability in Lunar
Improper privilege management vulnerability in Lunar software that affects versions 6.0.2 through 6.6.0. This vulnerability allows an attacker to perform a secondary process injection into the Lunar application and abuse those rights to access sensitive user information...
CVE-2024-3507 Privilege escalation vulnerability in Lunar
Improper privilege management vulnerability in Lunar software that affects versions 6.0.2 through 6.6.0. This vulnerability allows an attacker to perform a secondary process injection into the Lunar application and abuse those rights to access sensitive user information...
PT-2024-26306 · Lunar · Lunar
Name of the Vulnerable Software and Affected Versions: Lunar software versions 6.0.2 through 6.6.0 Description: The issue is related to improper privilege management in the Lunar software, allowing an attacker to perform a secondary process injection into the application. This can lead to the abu...