Malicious code in yam-wsf-project (npm)

The package yam-wsf-project was found to contain malicious code...

MAL-2025-40186 Malicious code in yam-wsf-project (npm)

The package yam-wsf-project was found to contain malicious code...

CVE-2024-48983

An issue was discovered in MBed OS 6.16.0. During processing of HCI packets, the software dynamically determines the length of the packet data by reading 2 bytes from the packet header. A buffer is then allocated to contain the entire packet, the size of which is calculated as the length of the...

PT-2024-33312 · Arm · Mbed Os

Name of the Vulnerable Software and Affected Versions: MBed OS version 6.16.0 Description: An issue was discovered in the processing of HCI packets, where the software dynamically determines the packet data length by reading 2 bytes from the packet header. A buffer is allocated based on this...

Raspberry Robin Expands Reach via WSF

...

Raspberry Robin Returns: New Malware Campaign Spreading Through WSF Files

Cybersecurity researchers have discovered a new Raspberry Robin campaign wave that has been propagating the malware through malicious Windows Script Files WSFs since March 2024. "Historically, Raspberry Robin was known to spread through removable media like USB drives, but over time its...

A New Face of AsyncRAT Utilizes WSF Scripts to Spread

Summary: AsyncRAT is a remote access trojan RAT malware known for stealing credentials and executing various malicious activities since 2019. Its recent variant, distributed through WSF script files, employs sophisticated fileless techniques, emphasizing the importance of user caution and robust...

QBot changes tactic, remains a menace to business networks

QBot, an infostealer-turned-dropper that aids criminal gangs in their malicious campaigns, is now being distributed as part of a phishing campaign using PDFs and Windows Script Files WSF, according to recent discoveries by malware hunter Proxylife @pr0xylife and the Cryptolaemus group...

Emotet resumes spam operations, switches to OneNote

Emotet resumed spamming operations on March 7, 2023, after a months-long hiatus. Initially leveraging heavily padded Microsoft Word documents to attempt to evade sandbox analysis and endpoint protection, the botnets switched to distributing malicious OneNote documents on March 16. Since returning...

SharpShooter - Payload Generation Framework

SharpShooter is a payload creation framework for the retrieval and execution of arbitrary CSharp source code. SharpShooter is capable of creating payloads in a variety of formats, including HTA, JS, VBS and WSF. It leverages James Forshaw's DotNetToJavaScript tool to invoke methods from the...

Payload Generation Framework: SharpShooter

SharpShooter is a payload creation framework for the retrieval and execution of arbitrary CSharp source code. SharpShooter is capable of creating payloads in a variety of formats, including HTA, JS, VBS and WSF. It leverages James Forshaw’s DotNetToJavaScript tool to invoke methods from the...

Nemucod dot dot..WSF

The latest Nemucod campaign shows the malware distributing a spam email attachment with a .wsf extension, specifically ..wsf with a double dot extension. It is a variation of what has been observed since last year 2015 – the TrojanDownloader:JS/Nemucod malware downloader using JScript. It still...

Microsoft Windows wscript.exe (XP) DLL Hijacking Exploit (wshfra.dll)

Exploit for windows platform in category local exploits ===================================================================== Microsoft Windows wscript.exe XP DLL Hijacking Exploit wshfra.dll ===================================================================== Microsoft Windows wscript.exe XP DL...

Code injection

The SaveBarCode function in the Taltech Tal Bar Code ActiveX control allows remote attackers to cause a denial of service disk consumption by uploading multiple bar codes, as demonstrated by a WSF package...