CVE-2026-2450

.NET misconfiguration: use of impersonation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant Privilege Access: through 1.5.0...

Exploit for CVE-2025-2783

Chromium CVE-2025-2783: Sandbox Escape & Full-Chain RCE Exploi...

Darktrace AI Halts Thread Hijacking Attack Targeting Major Company

Darktrace AI detected and stopped a thread hijacking attack in real-time, preventing email account compromise and data theft.…...

Thread Hijacking: Phishes That Prey on Your Curiosity

Thread hijacking attacks. They happen when someone you know has their email account compromised, and you are suddenly dropped into an existing conversation between the sender and someone else. These missives draw on the recipients natural curiosity about being copied on a private discussion, whic...

Warning: Thread Hijacking Attack Targets IT Networks, Stealing NTLM Hashes

The threat actor known as TA577 has been observed using ZIP archive attachments in phishing emails with an aim to steal NT LAN Manager NTLM hashes. The new attack chain "can be used for sensitive information gathering purposes and to enable follow-on activity," enterprise security firm Proofpoint...

Alert: Water Curupira Hackers Actively Distributing PikaBot Loader Malware

A threat actor called Water Curupira has been observed actively distributing the PikaBot loader malware as part of spam campaigns in 2023. "PikaBot's operators ran phishing campaigns, targeting victims via its two components — a loader and a core module — which enabled unauthorized remote access...

ICYMI: Emotet Reappeared Early This Year, Unfortunately

ICYMI: Emotet Reappeared Early This Year, Unfortunately By Adithya Chandra and Joao Marques · September 1, 2023 This blog was also written by Raghav Kapoor Executive Summary Emotet first appeared in 2014 and continues to be a dangerous and resilient malware, despite attempts by law enforcement...

Evasive QBot Malware Leverages Short-lived Residential IPs for Dynamic Attacks

An analysis of the "evasive and tenacious" malware known as QBot has revealed that 25% of its command-and-control C2 servers are merely active for a single day. What's more, 50% of the servers don't remain active for more than a week, indicating the use of an adaptable and dynamic C2...

Evasive QBot Malware Leverages Short-lived Residential IPs for Dynamic Attacks

An analysis of the "evasive and tenacious" malware known as QBot has revealed that 25% of its command-and-control C2 servers are merely active for a single day. What's more, 50% of the servers don't remain active for more than a week, indicating the use of an adaptable and dynamic C2...

New QBot Banking Trojan Campaign Hijacks Business Emails to Spread Malware

A new QBot malware campaign is leveraging hijacked business correspondence to trick unsuspecting victims into installing the malware, new findings from Kaspersky reveal. The latest activity, which commenced on April 4, 2023, has primarily targeted users in Germany, Argentina, Italy, Algeria, Spai...

After four months of idleness, Emotet reappears and deploys loaders

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Emotet banking Trojan was initially found in 2014 as one of the most expensive and damaging malware. The phishing efforts that spread Emotet used the same email thread hijacking approach to deceive...

Notorious Emotet Malware Returns With High-Volume Malspam Campaign

The notorious Emotet malware has returned with renewed vigor as part of a high-volume malspam campaign designed to drop payloads like IcedID and Bumblebee. "Hundreds of thousands of emails per day" have been sent since early November 2022, enterprise security company Proofpoint said last week,...

What Talos Incident Response learned from a recent Qakbot attack hijacking old email threads

By Nate Pors and Terryn Valikodath. Executive summary In a recent malspam campaign delivering the Qakbot banking trojan, Cisco Talos Incident Response CTIR observed the adversary using aggregated, old email threads from multiple organizations that we assess were likely harvested during the 2021...

Cybercriminals Using New Malware Loader 'Bumblebee' in the Wild

Cybercriminal actors previously observed delivering BazaLoader and IcedID as part of their malware campaigns are said to have transitioned to a new loader called Bumblebee that's under active development. "Based on the timing of its appearance in the threat landscape and use by multiple...

Exchange Servers Speared in IcedID Phishing Campaign

The ever-evolving banking trojan IcedID is back again with a phishing campaign that uses previously compromised Microsoft Exchange servers to send emails that appear to come from legitimate accounts. Attackers also are using stealthy new payload-delivery tactics to spread the modular malware...

LittleCorporal - A C# Automated Maldoc Generator

LittleCorporal: A C Automated Maldoc Generator C:\LittleCorporal\bin\ReleaseLittleCorporal.exe C:\beacon.bin explorer.exe . . . . | | ||/ |/ || | \ \ | | | | | \ \ \ | / / \ / / \ \ \ / \ \ \ | | | || || | | | | |\ /\ \ | / | | // | | | ||| || |/\ \ //|| | / /|| // / / / || / / \ / o\ /...

Emotet Returns to Hit 100K Mailboxes Per Day

After a lull of nearly two months, the Emotet botnet has returned with updated payloads and a campaign that is hitting 100,000 targets per day. Emotet started life as a banking trojan in 2014 and has continually evolved to become a full-service threat-delivery mechanism. It can install a collecti...

Threat Source newsletter for July 2, 2020

Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Our latest research you should catch up on is the Valak malware. This information-stealer sneaks its way onto victim machines by hijacking legitimate email threads. The threat actors send their phishing emails and attachments in...

ThreadBoat - Program Uses Thread Execution Hijacking To Inject Native Shellcode Into A Standard Win32 Application

Program uses Thread Hijacking to Inject Native Shellcode into a Standard Win32 Application. With Thread Hijacking, it allows the hijacker.exe program to suspend a thread within the target.exe program allowing us to write shellcode to a thread. Usage int main System sys; Interceptor incp; Exceptio...