Research by: Alexey Bukhteyev Key takeaways XLoader remains one of the most challenging malware families to analyze. Its code decrypts only at runtime and is protected by multiple layers of encryption, each locked with a different key hidden somewhere else in the binary. Even sandboxes are no help: evasions block malicious branches, and the real…
For the latest discoveries in cyber research for the week of 3rd November, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The Everest ransomware group has claimed responsibility for a series of attacks impacting AT&T, Dublin Airport, and Air Arabia. The ransomware gang exfiltrated sensitive data including 576,000 AT&T applicant records, 1.5 million…
ISC Stormcast For Monday, November 3rd, 2025 https://isc.sans.edu/podcastdetail/9682, (Mon, Nov 3rd) Source link
Sensors reporting firewall logs detected a significant increase in scans for port 8530/TCP and 8531/TCP over the course of last week. Some of these reports originate from Shadowserver, and likely other researchers, but there are also some that do not correspond to known research-related IP addresses. CVE-2025-59287 is exploited by connecting to affected WSUS servers…
Background Check Point Research (CPR) identified three security vulnerabilities in the Graphics Device Interface (GDI) in Windows. We promptly reported these issues to Microsoft, and they were addressed in the Patch Tuesday updates in May, July, and August 2025. These are the vulnerabilities: CVE-2025-30388, rated important and considered more likely to be exploited; CVE-2025-53766, classified as critical severity…
# Exploit Title: Flowise 3.0.4 – Remote Code Execution (RCE) # Date: 10/11/2025 # Exploit Author: [nltt0] (https://github.com/nltt-br)) # Vendor Homepage: https://flowiseai.com/ # Software Link: https://github.com/FlowiseAI/Flowise # Version: < 3.0.5 # CVE: CVE-2025-59528 from requests import post, session from argparse import ArgumentParser banner = r””” _____ _ _____ / __ \ |…
ISC Stormcast For Friday, October 31st, 2025 https://isc.sans.edu/podcastdetail/9680, (Fri, Oct 31st) Source link
This week, I noticed some new HTTP request headers that I had not seen before: X-Request-Purpose: Research and X-Hackerone-Research: plusultra X-Bugcrowd-Ninja: plusultra X-Bug-Hunter: true The purpose of these headers appears to be to identify them as being sent as part of a bug bounty. Some companies request the use of these…
Attack automation is accelerating, widening the window between detection and response. Qualys TRU telemetry reveals how these attacks unfold and what defenders can do next. The Qualys Threat Research Unit (TRU) has identified a sharp increase in attacks targeting PHP servers, IoT devices, and cloud gateways, primarily driven by botnets such as Mirai, Gafgyt, and…
ISC Stormcast For Thursday, October 30th, 2025 https://isc.sans.edu/podcastdetail/9678, (Thu, Oct 30th) Source link
