exploits Archives

Threat Intelligence

BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA

November 15, 2024

Callum Roxan, Charlie Gardner, and Paul Rascagneres

[Update: At the time of publication, this vulnerability had not been addressed by Fortinet. On December 18, 2024, Fortinet published a public acknowledgement of the issue, affected versions, as well […]

Threat Intelligence

Operation EmailThief: Active Exploitation of Zero-day XSS Vulnerability in Zimbra

February 3, 2022

Steven Adair and Tom Lancaster

[UPDATE] On February 4, 2022, Zimbra provided an update regarding this zero-day exploit vulnerability and reported that a hotfix for 8.8.15 P30 would be available on February 5, 2022. This vulnerability […]

Threat Intelligence

North Korean APT InkySquid Infects Victims Using Browser Exploits

August 17, 2021

Damien Cash, Josh Grunzweig, Matthew Meltzer, Steven Adair, and Tom Lancaster

Volexity recently investigated a strategic web compromise (SWC) of the website of the Daily NK (www.dailynk[.]com), a South Korean online newspaper that focuses on issues relating to North Korea. Malicious […]

Threat Intelligence

Vulnerable Private Networks: Corporate VPNs Exploited in the Wild

September 11, 2019

Sean Koessel and Steven Adair

The details of multiple, critical Pulse Secure SSL VPN vulnerabilities are well known; they were disclosed in detail by two security researchers as part of a talk at Black Hat […]

Threat Intelligence

Drupalgeddon 2: Profiting from Mass Exploitation

April 16, 2018

Matthew Meltzer and Steven Adair

On March 28, 2018, a patch for a highly critical vulnerability, which facilitates remote code execution against the Drupal content management system was released. The vulnerability was identified by Jasper […]

Threat Intelligence

Virtual Private Keylogging: Cisco Web VPNs Leveraged for Access and Persistence

October 7, 2015

Volexity

In the world of information security, there is never a dull moment. Part of the fun of working in this space is that you always get to see attackers do […]

Threat Intelligence

APT Group Wekby Leveraging Adobe Flash Exploit (CVE-2015-5119)

July 8, 2015

Volexity

As if the recent breach and subsequent public data dump involving the Italian company Hacking Team wasn’t bad enough, it all gets just a little bit worse. Emerging from the […]

Threat Intelligence

Afghan Government Compromise: Browser Beware

June 12, 2015

Volexity

Visiting a wide-ranging number of websites associated with the Government of Afghanistan may yield visitors an unwanted surprise. For the second time this year, malicious code has surfaced on, cdn.afghanistan.af, […]

Threat Intelligence

A New Shellshock Worm on the Loose

April 9, 2015

Volexity

In a blog post from September last year, we described some of the early Shellshock activity we were seeing in the wild. Since then we have continued to observe periodic […]

Threat Intelligence

Drupal Vulnerability: Mass Scans & Targeted Exploitation

October 16, 2014

Volexity

Yesterday (October 15, 2014), a critical SQL injection vulnerability in version 7 of the popular open source content management system (CMS) Drupal was disclosed by Stefan Horst and detailed in […]