Exploit for CVE-2025-52691

CVE-2025-52691 PoC: SmarterMail Arbitrary File Upload RCE APT...

Abusing VBS Enclaves to Create Evasive Malware

...

New Linux Rootkit PUMAKIT Uses Advanced Stealth Techniques to Evade Detection

Cybersecurity researchers have uncovered a new Linux rootkit called PUMAKIT that comes with capabilities to escalate privileges, hide files and directories, and conceal itself from system tools, while simultaneously evading detection. "PUMAKIT is a sophisticated loadable kernel module LKM rootkit...

Volt Typhoon Chinese Espionage Group Targets U.S. Government

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Volt Typhoon, a state-sponsored threat group from China, employs stealthy techniques, exploits vulnerabilities, and focuses on espionage in cyber operations targeting critical infrastructure organizations...

Chinese Hackers Caught Stealing Intellectual Property from Multinational Companies

An elusive and sophisticated cyberespionage campaign orchestrated by the China-backed Winnti group has managed to fly under the radar since at least 2019. Dubbed "Operation CuckooBees" by Israeli cybersecurity company Cybereason, the massive intellectual property theft operation enabled the threa...

Mekotio Banking Trojan Resurfaces with New Attacking and Stealth Techniques

The operators behind the Mekotio banking trojan have resurfaced with a shift in its infection flow so as to stay under the radar and evade security software, while staging nearly 100 attacks over the last three months. "One of the main characteristics … is the modular attack which gives the...

New 'Silver Sparrow' Malware Infected Nearly 30,000 Apple Macs

Days after the first malware targeting Apple M1 chips was discovered in the wild, researchers have disclosed yet another previously undetected piece of malicious software that was found in about 30,000 Macs running Intel x8664 and the iPhone maker's M1 processors. However, the ultimate goal of th...

Evaluating Your Security Controls? Be Sure to Ask the Right Questions

Testing security controls is the only way to know if they are truly defending your organization. With many different testing frameworks and tools to choose from, you have lots of options. But what do you specifically want to know? And how are the findings relevant to the threat landscape you face...

Carbanak Using Google Services for Command and Control

Carbanak certainly has not sat idly by after years of advanced criminal campaigns targeting primarily financial institutions. The outfit, alleged to have stolen from more than 100 banks worldwide, has popped up again with a new means of managing command and control over its malware and implants...

Asprox Malware Borrowing Stealth from APT Campaigns

Cybercriminals and advanced attackers are freely borrowing from one another’s repertoires to great success. The latest example involves spammers firing off up to a half-million email messages during limited campaign segments without triggering any detection alarms. Security company FireEye said t...

Hacking knowledge series of Trojans stealth techniques-vulnerability warning-the black bar safety net

The most basic hidden: invisible forms + hidden files Trojan anyway mysterious, but it all boils, and is still the Win32 platform under a program. Windows common program in two ways: 1. Win32 applicationsWin32 Application, such as QQ, Office, etc. all belong to the ranks. 2. Win32 console...