31 matches found
Argamal: Malware hidden in hentai games
In April 2026, we discovered a new malware campaign targeting players of "hentai" games. Once launched, the infected games install a previously unknown malicious implant on the user's machine. After a few days, the implant downloads and executes a Trojan, resulting in full system compromise and...
Malicious code in chainutils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 149995e4a1c4d289fa58be2adcab4095dca7c429097ad6735afef8270e7e4cb3 During import, package triggers malicious code. First, it ensures persistency e.g., through the autostart registry key. Then, based on the encrypted config, an...
Malicious code in pynosist (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ef7a4db1443361fe93b268c7ad8f38c5c290d5334162b57c2b534c97acbc2b5d The campaign is built from a benign-like package e.g. genosys and the malicious dependency e.g. pynosist. The dependency uses a PTH file to trigger malicious...
Windows Persistence via UserInitMprLogonScript
This module establishes persistence by setting the UserInitMprLogonScript value in HKCU\Environment. During user logon, userinit.exe checks this value and executes the specified command or binary. The module writes a payload executable to disk and points UserInitMprLogonScript to that payload...
PYSEC-2026-3 Two telnyx versions published containing credential harvesting malware
After an API token exposure from an exploited Trivy dependency, two new releases of telnyx were uploaded to PyPI containing automatically activated malware, harvesting sensitive credentials and files, and exfiltrating to a remote API. Compromised versions execute code during importing the telnyx...
Two telnyx versions published containing credential harvesting malware
After an API token exposure from an exploited Trivy dependency,two new releases of telnyx were uploaded to PyPI containing automatically activated malware,harvesting sensitive credentials and files, and exfiltrating to a remote API.Compromised versions execute code during importing the telnyx...
DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage
Ukrainian entities have emerged as the target of a new campaign likely orchestrated by threat actors linked to Russia, according to a report from S2 Grupo's LAB52 threat intelligence team. The campaign, observed in February 2026, has been assessed to share overlaps with a prior campaign mounted b...
OPENSUSE-SU-2026:20260-1 Security update for mosquitto
This update for mosquitto fixes the following issues: Changes in mosquitto: - update to 2.0.23 boo1258671 Fix handling of disconnected sessions for perlistenersettings true Check return values of openssl getexdata and setexdata to prevent possible crash. This could occur only in extremely unlikel...
Malicious code in config-toolkit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f672e0a6f875d710a8851da211ff30828bda3755c9f9aebcb56fd0430b134ae5 During installation, package installs a script that listens for remote commands and executes them. The script is also added to autostart configuration and...
Malicious code in adminbypasser (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 867991d0e6c74f15c2f231c002867172a4e03044a328676cf9b2ec07a7e48f68 Package silently downloads remote code and adds its execution to the autostart. During analysis, the remote domain no longer existed. --- Category: MALICIOUS -...
Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088
Google on Tuesday revealed that multiple threat actors, including nation-state adversaries and financially motivated groups, are exploiting a now-patched critical security flaw in RARLAB WinRAR to establish initial access and deploy a diverse array of payloads. "Discovered and patched in July 202...
Burp Extension Persistence
This module adds a java based malicious extension to the Burp Suite configuration file. When burp is opened, the extension will be loaded and the payload will be executed. Tested against Burp Suite Community Edition v2024.9.4, on Ubuntu Desktop 24.04. Tested against Burp Suite Community Edition...
Accessibility Features (Sticky Keys) Persistence via Debugger Registry Key
This module makes it possible to apply the 'sticky keys' hack to a session with appropriate rights. The hack provides a means to get a SYSTEM shell using UI-level interaction at an RDP login screen or via a UAC confirmation dialog. The module modifies the Debug registry setting for certain...
New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code
Cybersecurity researchers have disclosed details of a new Python-based information stealer called VVS Stealer also styled as VVS $tealer that's capable of harvesting Discord credentials and tokens. The stealer is said to have been on sale on Telegram as far back as April 2025, according to a repo...
Exploit for Path Traversal in Rarlab Winrar
CVE-2025-8088 WinRAR path traversal tool ⚠ This tool is...
📄 Notepad++ 8.8.7 DLL Hijacking
Notepad++ version 8.8.7 DLL hijacking proof of concept exploit. ============================================================================================================================================= | Title : Notepad++ 8.8.7 Unsafe Plugin Persistence AutoLoad | | Author : indoushka | |...
Exploit for Path Traversal in Rarlab Winrar
CVE-2025-8088 WinRAR path traversal tool ⚠ This tool is c...
Google Uncovers PROMPTFLUX Malware That Uses Gemini AI to Rewrite Its Code Hourly
Google on Wednesday said it discovered an unknown threat actor using an experimental Visual Basic Script VB Script malware dubbed PROMPTFLUX that interacts with its Gemini artificial intelligence AI model API to write its own source code for improved obfuscation and evasion. "PROMPTFLUX is writte...
Windows Persistent Startup Folder
This Metasploit module establishes persistence by creating a payload in the user or system startup folder. Works on Vista and newer systems...
Exploit for Path Traversal in Rarlab Winrar
🚨 CVE-2025-8088 WinRAR Exploit Tool !Pythonhttps://img.s...