Analyzing Void Dokkaebi’s Cython-Compiled InvisibleFerret Malware

Void Dokkaebi, a North Korea-aligned intrusion set, has updated its information-stealing malware, InvisibleFerret, shifting its delivery format to evade script-based detections...

GRAudit Grep Auditing Tool 4.0

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very...

CVE-2025-8028

On arm64, a WASM brtable instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1,...

Iranian Hackers Targeting Turkey and Arabian Peninsula in New Malware Campaign

The Iranian state-sponsored threat actor known as MuddyWater has been attributed to a new swarm of attacks targeting Turkey and the Arabian Peninsula with the goal of deploying remote access trojans RATs on compromised systems. "The MuddyWater supergroup is highly motivated and can use unauthoriz...

Rustpad - Multi-Threaded Padding Oracle Attacks Against Any Service

A multi-threaded what now? rustpad is a multi-threaded successor to the classic padbuster, written in Rust. It abuses a Padding Oracle vulnerability to decrypt any cypher text or encrypt arbitrary plain text without knowing the encryption key! Features Decryption of cypher texts Encryption of...

Old Gatekeeper bypass vulnerability in macOS exploited

THREAT LEVEL: Amber For a detailed advisory, download the pdf file here A gatekeeper bypass vulnerability exists in macOS Big Sur and has been assigned CVE-2021-30853. An attacker can exploit this issue by using a specially-crafted script-based application downloaded from the Internet. This allow...

VMware Carbon Black First to Block Hidden Malicious Commands in Obfuscated Scripts

For a long time now, our Threat Analysts have flagged the growing threat of script-based attacks, especially from Microsoft PowerShell and Windows Management Interface script commands, and their ability to escape notice in many antivirus solutions. Increasingly, these types of attacks have become...

DNS-Shell - An Interactive Shell Over DNS Channel

DNS-Shell is an interactive Shell over DNS channel. The server is Python based and can run on any operating system that has python installed, the payload is an encoded PowerShell command. Understanding DNS-Shell The Payload is generated when the sever script is invoked and it simply utilizes...

Qualys BrowserCheck CoinBlocker Protects Users From Active Cryptojacking Campaigns

Qualys Malware Research Labs recently released the Qualys BrowserCheck CoinBlocker Chrome Extension. We have seen enthusiastic adoption from users across the globe in the first week since its release, which has given us enough telemetry data to indicate success in protecting users from popular...

Windows Defender ATP machine learning and AMSI: Unearthing script-based attacks that ‘live off the land’

Scripts are becoming the weapon of choice of sophisticated activity groups responsible for targeted attacks as well as malware authors who indiscriminately deploy commodity threats. Scripting engines such as JavaScript, VBScript, and PowerShell offer tremendous benefits to attackers. They run...

Windows Defender ATP machine learning and AMSI: Unearthing script-based attacks that ‘live off the land’

Scripts are becoming the weapon of choice of sophisticated activity groups responsible for targeted attacks as well as malware authors who indiscriminately deploy commodity threats. Scripting engines such as JavaScript, VBScript, and PowerShell offer tremendous benefits to attackers. They run...

Windows Defender ATP machine learning and AMSI: Unearthing script-based attacks that ‘live off the land’

Scripts are becoming the weapon of choice of sophisticated activity groups responsible for targeted attacks as well as malware authors who indiscriminately deploy commodity threats. Scripting engines such as JavaScript, VBScript, and PowerShell offer tremendous benefits to attackers. They run...

2532/Gigs 1.2.2 - Stable Remote Command Execution Exploit

No description provided by source. ?php / ---------------------------------------------------------------- 2532|Gigs 1.2.2 Stable Remote Command Execution Exploit ---------------------------------------------------------------- by athos - stakerathotmaildotit works regardless php.ini settings...

[Microsoft Network Monitor 3.4] Tool to allow capturing and protocol analysis of network traffic

Microsoft's Network Monitor is a tools that allow capturing and protocol analysis of network traffic. Network Monitor 3 is a protocol analyzer. It enables you to capture, to view, and to analyze network data. You can use it to help troubleshoot problems with applications on the network. This...

NoScript Anywhere Released, Supports Firefox Mobile on Android Devices

The new version of NoScript, the popular browser add-on that blocks JavaScript and other embedded objects from running on Web pages, is out in alpha form and it can now run on Android-based smartphones, giving users protection against script-based attacks on their mobile devices. The release of...

Joomla Component com_rokdownloads - Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications ====================================================================== Joomla Component comrokdownloads - Local File Inclusion Vulnerability ====================================================================== .:. Author : AtT4CKxT3rR0r1...

[SECURITY] Fedora 12 Update: pdfedit-0.4.3-4.fc12

Free pdf editing using PdfEdit. Complete editing of pdf documents is made possible with PDFedit. You can change either raw pdf objects for advanced users or use predefined gui functions. Functions can be easily added as everything is based on a script...

With all the 0day,the current through the kill all versions-bug warning-the black bar safety net

Program code SCRIPTwindow. onerror=functionreturn true;/SCRIPT SCRIPT document. writeln"object classid="clsid:61F5C358-60FB-4A23-A312 - D2B556620F20" style='display:none' id='Kazakh'/object"; document. writeln"SCRIPT language="javascript""; document. writeln"var...

XBL scripts ran even when Javascript disabled — Mozilla

Scripts in XBL controls from web content continued to be run even when Javascript was disabled. By itself this causes no harm, but it could be combined with most script-based exploits to attack people running vulnerable versions who thought disabling javascript would protect them...