CloudZ RAT potentially steals OTP messages using Pheno plugin

Cisco Talos discovered an intrusion, active since at least January 2026, where an unknown attacker implanted a CloudZ remote access tool RAT and a previously undocumented plugin called "Pheno." According to the functionalities of the CloudZ RAT and Pheno plugin, this was with the intention of...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that mirrors the TeamPCP LiteLLM technique. What the postinstall payload does: - Harvests environment variables matching 40+ patterns AWS, GCP, Azure, GitHub, OpenAI, Stripe, etc. - Reads SSH keys, .npmrc,...

CDK

This is an open-sourced container penetration toolkit called CDK, designed for offering stable exploitation in different slimmed containers without any OS dependency. It comes with useful net-tools and many powerful PoCs/EXPs to help escape container and takeover K8s cluster easily. The toolkit i...

Microsoft Windows Defender AV: Turn on process scanning whenever real-time protection is enabled

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winavprocessscanningrealtimeprotection.nasl 11495 2018-09-20 10:06:25Z emoss $ Check value for Turn on process scanning whenever real-time protection is enabled Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone...

Reputation of Linux Executables: Never seen process(es)

Binary data linuxneverseenprocessbefore.nbin...