5G Puppeteer: Chaining Hidden Command and Control Channels in 5G Core Networks

Mobile networks are essential for modern societies. The most recent generation of mobile networks will be even more ubiquitous than previous ones. Therefore, the security of these networks as part of the critical infrastructure with essential communication services is of the uttermost importance...

Exploit for Out-of-bounds Write in Mediatek Software_Development_Kit

What is Registry Exploit? Phantom-Registry-Exploit-Cve2025-20...

LLM Watermarking Using Mixtures and Statistical-To-Computational Gaps

Given a text, can we determine whether it was generated by a large language model LLM or by a human? A widely studied approach to this problem is watermarking. We propose an undetectable and elementary watermarking scheme in the closed setting. Also, in the harder open setting, where the adversar...

Windows Downgrade Attack Risks Exposing Patched Systems to Old Vulnerabilities

Microsoft said it is developing security updates to address two loopholes that it said could be abused to stage downgrade attacks against the Windows update architecture and replace current versions of the operating system files with older versions. The vulnerabilities are listed below -...

PoolParty - A Set Of Fully-Undetectable Process Injection Techniques Abusing Windows Thread Pools

A collection of fully-undetectable process injection techniques abusing Windows Thread Pools. Presented at Black Hat EU 2023 Briefings under the title - injection-techniques-using-windows-thread-pools-35446"The Pool Party You Will Never Forget: New Process Injection Techniques UsingWindows Thread...

Microsoft Azure Exploited to Create Undetectable Cryptominer

By Deeba Ahmed esearchers have labeled this as the "ultimate cryptominer." This is a post from HackRead.com Read the original post: Microsoft Azure Exploited to Create Undetectable Cryptominer...

Researchers Uncover Undetectable Crypto Mining Technique on Azure Automation

Cybersecurity researchers have developed what's the first fully undetectable cloud-based cryptocurrency miner leveraging the Microsoft Azure Automation service without racking up any charges. Cybersecurity company SafeBreach said it discovered three different methods to run the miner, including o...

RecycledInjector - Native Syscalls Shellcode Injector

Currently Fully Undetected same-process native/.NET assembly shellcode injector based on RecycledGate by thefLink, which is also based on HellsGate + HalosGate + TartarusGate to ensure undetectable native syscalls even if one technique fails. To remain stealthy and keep entropy on the final...

Cybercriminals Using Powerful BatCloak Engine to Make Malware Fully Undetectable

A fully undetectable FUD malware obfuscation engine named BatCloak is being used to deploy various malware strains since September 2022, while persistently evading antivirus detection. The samples grant "threat actors the ability to load numerous malware families and exploits with ease through...

Cybercriminals Using Powerful BatCloak Engine to Make Malware Fully Undetectable

A fully undetectable FUD malware obfuscation engine named BatCloak is being used to deploy various malware strains since September 2022, while persistently evading antivirus detection. The samples grant "threat actors the ability to load numerous malware families and exploits with ease through...

Analyzing the FUD Malware Obfuscation Engine BatCloak

We look into BatCloak engine, its modular integration into modern malware, proliferation mechanisms, and interoperability implications as malicious actors take advantage of its fully undetectable FUD capabilities...

Putting Undetectable Backdoors in Machine Learning Models

This is really interesting research from a few months ago: Abstract: Given the computational cost and technical expertise required to train machine learning models, users may delegate the task of learning to a service provider. Delegation of learning has clear benefits, and at the same time raise...

Gmailc2 - A Fully Undetectable C2 Server That Communicates Via Google SMTP To Evade Antivirus Protections And Network Traffic Restrictions

A Fully Undetectable C2 Server That Communicates Via Google SMTP to evade Antivirus Protections and Network Traffic Restrictions Note: This RAT communicates Via Gmail SMTP or u can use any other smtps as well but Gmail SMTP is valid because most of the companies block unknown traffic so gmail...

How to Detect New Threats via Suspicious Activities

Unknown malware presents a significant cybersecurity threat and can cause serious damage to organizations and individuals alike. When left undetected, malicious code can gain access to confidential information, corrupt data, and allow attackers to gain control of systems. Find out how to avoid...

Headcrab malware is targeting Redis servers worldwide to mine Monero

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary HeadCrab is a new and severe malware that is infiltrating and residing on servers worldwide. It is a custom-made Redis-based malware that is undetectable by traditional anti-virus solutions and has...

TrickGate: Malicious Software Outwitting Antivirus for 6 Years

By Habiba Rashid According to researchers, there are a few key points that allow a packer such as TrickGate to remain efficient and undetectable for so many years. This is a post from HackRead.com Read the original post: TrickGate: Malicious Software Outwitting Antivirus for 6 Years...

OSRipper - AV Evading OSX Backdoor And Crypter Framework

OSripper is a fully undetectable Backdoor generator and Crypter which specialises in OSX M1 malware. It will also work on windows but for now there is no support for it and it IS NOT FUD for windows yet at least and for now i will not focus on windows. You can also PM me on discord for support or...

Reddit: Admin can create a hidden admin account which even the owner can not detect and remove and do administrative actions on the application.

ads.reddit.com is an ads creating and managing application for reddit. The application has the feature to invite other members to the organization and give different roles at ad management. Testing around the role management functionalities, I have noticed that a user with the same email can get...

Undetectable Backdoors in Machine-Learning Models

New paper: "Planting Undetectable Backdoors in Machine Learning Models": Abstract: Given the computational cost and technical expertise required to train machine learning models, users may delegate the task of learning to a service provider. We show how a malicious learner can plant an undetectab...

Mitsubishi (CVE-2020-14521) (deprecated)

Plugin deprecated because mitsubishielectric software is not detectable in this way This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2023/03/10...