Post-exploitation framework now also delivered via npm

Incident description The first version of the AdaptixC2 post-exploitation framework, which can be considered an alternative to the well-known Cobalt Strike, was made publicly available in early 2025. In spring of 2025, the framework was first observed being used for malicious means. In October...

CVE-2024-7263

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 exclusive on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.1.0.17119 to mitigate CVE-2024-7262 was not restrictive enough...

CVE-2024-11957

Kingsoft WPS Office on Windows is affected by CVE-2024-11957 due to improper verification of the digital signature in ksojscore.dll, with affected versions 12.1.0.18276 and earlier. This allows loading of arbitrary Windows libraries. The patch released in 12.2.0.16909 to address CVE-2024-7262 was...

MS16-025: Security update for Windows library loading to address remote code execution: March 8, 2016

MS16-025: Security update for Windows library loading to address remote code execution: March 8, 2016 Summary This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Microsoft Windows fails to properly validate input before loadin...