Malicious code in vue-template-compiler-plugin (npm)

Full C2 implant disguised as vue-template-compiler fork. postinstall-run.cjs loads tooling-bootstrap.cjs which contains base64-encoded C2 agent. Decoded payload: registers victim hostname, username, OS to Cloudflare tunnel C2 at maiden-apply-looks-education.trycloudflare.com, beacons for tasks,...

Malicious code in tableate (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 762292d92c617c287b3c6b54f7c4a8b8630e7dd893b40dd05bade462fec7ca26 This package is malicious and typosquating the legitimate pyspellchecker library. This package will deploy a remote-access trojan that...

CVE-2002-2361

The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing...

Modular Java Backdoor Dropped in Cleo Exploitation Campaign

Many thanks to Rapid7 MDR and incident response teams for their contributions to this analysis. While investigating incidents related to Cleo software exploitation, Rapid7 Labs and MDR observed a novel, multi-stage attack that deploys an encoded Java Archive JAR payload. Our investigation reveale...

Fruity Trojan Uses Deceptive Software Installers to Spread Remcos RAT

Threat actors are creating fake websites hosting trojanized software installers to trick unsuspecting users into downloading a downloader malware called Fruity with the goal of installing remote trojans tools like Remcos RAT. "Among the software in question are various instruments for fine-tuning...

PHPCMS V9.6.3 CSRF Vulnerability and Arbitrary File Write Vulnerability in the Backend

PHPCMS is a web content management system based on PHP and Mysql architecture. PHPcms V9.6.3 version of the backend exists CSRF vulnerability and arbitrary file write vulnerability. Attackers can use this vulnerability to remotely write Trojan horse files to obtain web server administrative...

Eznet 3.5.0 - Remote Stack Overflow and Denial of Service Exploit

No description provided by source. !/usr/bin/perl -w Stack Overflow in eZnet.exe - Remote Exploit Will download a trojan from any address which you provide on the target system, then will execute the trojan. For this exploit I have tried several strategies to increase reliability and performance:...

Eznet 3.5.0 - Remote Stack Overflow Denial of Service

Eznet 3.5.0 - Remote Stack Overflow Denial of Service !/usr/bin/perl -w Stack Overflow in eZnet.exe - Remote Exploit Will download a trojan from any address which you provide on the target system, then will execute the trojan. For this exploit I have tried several strategies to increase reliabili...

Eznet 3.5.0 - Remote Stack Overflow / Denial of Service

!/usr/bin/perl -w Stack Overflow in eZnet.exe - Remote Exploit Will download a trojan from any address which you provide on the target system, then will execute the trojan. For this exploit I have tried several strategies to increase reliability and performance: + Jump to a static 'call esp' +...

Eznet v3.5.0 Remote Stack Overflow and Denial of Service Exploit

Exploit for unknown platform in category remote exploits ================================================================ Eznet v3.5.0 Remote Stack Overflow and Denial of Service Exploit ================================================================ !/usr/bin/perl -w Stack Overflow in eZnet.exe...