EUVD-2025-31107

Malicious code in bioql PyPI...

CVE-2025-10541

iMonitor EAM 9.6394 installs a system service eamusbsrv64.exe that runs with NT AUTHORITY\SYSTEM privileges. This service includes an insecure update mechanism that automatically loads files placed in the C:\sysupdate\ directory during startup. Because any local user can create and write to this...

CVE-2025-10541

iMonitor EAM 9.6394 installs a system service eamusbsrv64.exe that runs with NT AUTHORITY\SYSTEM privileges. This service includes an insecure update mechanism that automatically loads files placed in the C:\sysupdate\ directory during startup. Because any local user can create and write to this...

CVE-2025-10541 Local Privilege Escalation via Insecure Update Mechanism in iMonitor EAM

iMonitor EAM 9.6394 installs a system service eamusbsrv64.exe that runs with NT AUTHORITY\SYSTEM privileges. This service includes an insecure update mechanism that automatically loads files placed in the C:\sysupdate\ directory during startup. Because any local user can create and write to this...

CVE-2025-10541 Local Privilege Escalation via Insecure Update Mechanism in iMonitor EAM

iMonitor EAM 9.6394 installs a system service eamusbsrv64.exe that runs with NT AUTHORITY\SYSTEM privileges. This service includes an insecure update mechanism that automatically loads files placed in the C:\sysupdate\ directory during startup. Because any local user can create and write to this...

CVE-2025-10541

CVE-2025-10541 affects iMonitor EAM 9.6394, where the installed system service eamusbsrv64.exe runs with NT AUTHORITY\SYSTEM privileges. The service uses an insecure update mechanism that loads files placed in the C:\sysupdate\ directory during startup. Any local user can create/write to this dir...

PT-2025-39390

Name of the Vulnerable Software and Affected Versions iMonitor EAM version 9.6394 Description The iMonitor EAM software version 9.6394 installs a system service, eamusbsrv64.exe, that operates with NT AUTHORITYSYSTEM privileges. This service contains an insecure update mechanism that automaticall...

China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies

Government and telecom entities have been subjected to a new wave of attacks by a China-linked threat actor tracked as Budworm using an updated malware toolset. The intrusions, targeting a Middle Eastern telecommunications organization and an Asian government, took place in August 2023, with the...

Iron Tiger APT Group Updates SysUpdate Malware to Target Linux Platforms

Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary The Iron Tiger aka APT27 group updated their custom malware, SysUpdate, to target Linux platforms and evade security solutions. They specifically targeted a...

SysUpdate Malware Strikes Again with Linux Version and New Evasion Tactics

The threat actor known as Lucky Mouse has developed a Linux version of a malware toolkit called SysUpdate, expanding on its ability to target devices running the operating system. The oldest version of the updated artifact dates back to July 2022, with the malware incorporating new features...

SysUpdate Malware Strikes Again with Linux Version and New Evasion Tactics

The threat actor known as Lucky Mouse has developed a Linux version of a malware toolkit called SysUpdate, expanding on its ability to target devices running the operating system. The oldest version of the updated artifact dates back to July 2022, with the malware incorporating new features...

Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting

We detail the update that advanced persistent threat APT group Iron Tiger made on the custom malware family SysUpdate. In this version, we also found components that enable the malware to compromise Linux systems...

Chinese Hackers Backdoored MiMi Chat App to Target Windows, Linux, macOS Users

A pair of reports from cybersecurity firms SEKOIA and Trend Micro sheds light on a new campaign undertaken by a Chinese threat actor named Lucky Mouse that involves leveraging a trojanized version of a cross-platform messaging app to backdoor systems. Infection chains leverage a chat application...

LuckyMouse Hackers Target Banks, Companies and Governments in 2020

An adversary known for its watering hole attacks against government entities has been linked to a slew of newly detected intrusions targeting various organizations in Central Asia and the Middle East. The malicious activity, collectively named "EmissarySoldier," has been attributed to a threat...

Iron Tiger APT Updates Toolkit With Evolved SysUpdate Malware

This blog details how Iron Tiger threat actors have updated their toolkit with an updated SysUpdate malware variant that now uses five files in its infection routine instead of the usual three...

Ann Day honey network capture“use of the ElasticSearch Groovy vulnerability Monroe coin(Dog)mining”event analysis-vulnerability warning-the black bar safety net

1, Overview 2019 6 May 13, Ann Day honey network capture to use CVE-2015-1427ElasticSearch Groovyremote command execution vulnerability attacks. The vulnerability principle is Elaticsearch groovy as a scripting language, and based on the use of black and white lists of the sandbox mechanism to...

RSAC 2019: Bronze Union APT Updates Remote Access Trojans in Fresh Wave of Attacks

The notorious Chinese-linked threat group, dubbed Bronze Union, has been spotted in a widespread 2018 campaign updating its arsenal of cyberweapons by breathing new life into old tools. The threat group was spotted in 2018 using updated source code to target data owned by political, technology,...