Lucene search
K

50 matches found

Microsoft Secure
Microsoft Secure
added 2026/05/19 3:7 p.m.17 views

Exposing Fox Tempest: A malware-signing service operation

In this article 1. Fox Tempest’s role and impact 2. Fox Tempest’s malware signing as a service infrastructure 3. Defending against Fox Tempest-enabled attacks 4. Microsoft Defender detections 5. Indicators of compromise Fox Tempest is a financially motivated threat actor that operates a...

5.9AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/05/19 3:7 p.m.37 views

Exposing Fox Tempest: A malware-signing service operation

In this article 1. Fox Tempest’s role and impact 2. Fox Tempest’s malware signing as a service infrastructure 3. Defending against Fox Tempest-enabled attacks 4. Microsoft Defender detections 5. Indicators of compromise Fox Tempest is a financially motivated threat actor that operates a...

5.9AI score
Exploits0
Oracle linux
Oracle linux
added 2026/04/08 12:0 a.m.7 views

grub2 security update

2.02-0.87.0.29.el7.14 - Unregister gettext command on module unload CVE-2025-61662Orabug: 39112125 2.02-0.87.0.27.el7.14 - Fix OOB write in grubnetsearchconfigfile CVE-2025-0624 Orabug: 37770226 - Also adds implementation of grubstrlcpy for clean backport 2.02-0.87.0.26.el7.14 - Replace...

7.8CVSS6AI score0.01373EPSS
Exploits0
Oracle linux
Oracle linux
added 2026/03/18 12:0 a.m.11 views

grub2 security update

2.06-114.0.1.el97.1 - Update grub2 dependencies to match new Secure Boot certificate chain of trust Orabug: 37766761 - Fix typo in SBAT metadata Orabug: 37693946 - Allow installation of grub2 only with shim-aa64 that allows booting it Orabug: 37693946 - net/dns: Fix removal of DNS server Orabug:...

7.8CVSS5.8AI score0.00872EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/12/11 5:22 a.m.3 views

CVE-2025-66506

A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service DoS due to excessive memory allocation when processing a malicious OpenID Connect OIDC identity token containing numerous period characters...

7.5CVSS6AI score0.00191EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2025/11/20 4:6 a.m.18 views

TamperedChef Malware Spreads via Fake Software Installers in Ongoing Global Campaign

Threat actors are leveraging bogus installers masquerading as popular software to trick users into installing malware as part of a global malvertising campaign dubbed TamperedChef. The end goal of the attacks is to establish persistence and deliver JavaScript malware that facilitates remote acces...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2013-0024

Malware in sbrugna...

2.1CVSS6.1AI score0.00238EPSS
Exploits0References14
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2014-4939

Malware in sbrugna...

6.8CVSS6.7AI score0.00573EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/09/15 12:0 a.m.3 views

Oracle Linux 10 : kernel (ELSA-2025-15662)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-15662 advisory. 6.12.0-55.32.1.0.1 - nvme-pci: remove two deallocate zeroes quirks Orabug: 37756650 - Add new Oracle Linux Driver Signing key 1 certificate Orabug: 37985782 -...

7.4CVSS7.6AI score0.01345EPSS
Exploits8References2
RedhatCVE
RedhatCVE
added 2025/07/10 11:22 a.m.6 views

CVE-2025-23364

A vulnerability has been identified in TIA Administrator All versions V3.0.6. The affected application improperly validates code signing certificates. This could allow an attacker to bypass the check and exceute arbitrary code during installations...

8.4CVSS7.6AI score0.00069EPSS
Exploits0References1
OSV
OSV
added 2025/07/08 11:15 a.m.5 views

CVE-2025-23364

A vulnerability has been identified in TIA Administrator All versions V3.0.6. The affected application improperly validates code signing certificates. This could allow an attacker to bypass the check and exceute arbitrary code during installations...

8.4CVSS5.9AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/08 10:34 a.m.5 views

CVE-2025-23364

A vulnerability has been identified in TIA Administrator All versions V3.0.6. The affected application improperly validates code signing certificates. This could allow an attacker to bypass the check and exceute arbitrary code during installations...

6.9CVSS7.5AI score0.00069EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:18 p.m.4 views

CVE-2020-0601

A spoofing vulnerability exists in the way Windows CryptoAPI Crypt32.dll validates Elliptic Curve Cryptography ECC certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted,...

8.1CVSS6.9AI score0.89436EPSS
Exploits14References1
Oracle linux
Oracle linux
added 2024/12/11 12:0 a.m.270 views

kernel security update

5.14.0-503.16.15.OL9 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug:...

6.2CVSS8.2AI score0.00529EPSS
Exploits1
The Hacker News
The Hacker News
added 2024/10/15 6:43 a.m.15 views

Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates

Cybersecurity researchers have disclosed a new malware campaign that delivers Hijack Loader artifacts that are signed with legitimate code-signing certificates. French cybersecurity company HarfangLab, which detected the activity at the start of the month, said the attack chains aim to deploy an...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/02/13 4:38 p.m.30 views

Remote Monitoring & Management software used in phishing attacks

Remote Monitoring & Management RMM software, including popular tools like AnyDesk, Atera, and Splashtop, are invaluable for IT administrators today, streamlining tasks and ensuring network integrity from afar. However, these same tools have caught the eye of cybercriminals, who exploit them to...

7.7AI score
Exploits0
MSRC
MSRC
added 2023/12/28 8:0 a.m.44 views

Microsoft addresses App Installer abuse

28 October 2024 Update Microsoft disabled the ms-appinstaller URI scheme handler by default in App Installer on 28 December 2023 as a security response to protect customers from attackers’ evolving techniques against previous safeguards for CVE-2021-43890. Microsoft is pleased to announce that we...

7.1CVSS7.3AI score0.10295EPSS
Exploits1
The Hacker News
The Hacker News
added 2023/10/02 11:21 a.m.58 views

LUCR-3: Scattered Spider Getting SaaS-y in the Cloud

LUCR-3 overlaps with groups such as Scattered Spider, Oktapus, UNC3944, and STORM-0875 and is a financially motivated attacker that leverages the Identity Provider IDP as initial access into an environment with the goal of stealing Intellectual Property IP for extortion. LUCR-3 targets Fortune 20...

7.7AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2023/09/13 12:0 a.m.15 views

RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware

In this blog, we investigate how threat actors used information-stealing malware with EV code signing certificates and later delivered ransomware payloads to its victims via the same delivery method...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2023/07/11 5:4 p.m.38 views

Old certificate, new signature: Open-source tools forge signature timestamps on Windows drivers

Cisco Talos has observed threat actors taking advantage of a Windows policy loophole that allows the signing and loading of cross-signed kernel mode drivers with signature timestamp prior to July 29, 2015. Actors are leveraging multiple open-source tools that alter the signing date of kernel mode...

7.3AI score
Exploits0
Rows per page
Query Builder