Threat Research

Attackers leveraged a Cisco SNMP vulnerability (CVE-2025-20352) to install Linux rootkits on outdated and unsecured systems. This allowed them to achieve remote code execution (RCE) and maintain persistent, unauthorized access by setting universal passwords and embedding hooks into the IOSd memory space....

A major botnet campaign, dubbed RondoDox, is actively exploiting over 50 known vulnerabilities in routers, DVRs, NVRs, CCTV systems, and web servers from more than 30 vendors. Organizations with internet-facing infrastructure face heightened risks of data theft, persistent access, and operational disruption....

Our team recently identified a high-severity phishing campaign targeting users of outdated Microsoft Office applications through malicious email attachments. The emails contain an Excel file that exploits the CVE-2017-0199 vulnerability in the OLE (Object Linking and Embedding) feature of older Office versions....

We detailed the campaign’s launch through a phishing email that exploited the CVE-2017-11882 vulnerability to run a 64-bit DLL. This DLL then downloaded and decrypted a FormBook variant concealed in a fake PNG file. Finally, we explained how the DLL used process hollowing to inject the FormBook payload into ImagingDevices.exe and execute it....

We observed a phishing campaign in the wild distributing a malicious Word document attachment crafted to exploit the CVE-2017-11882 vulnerability. Upon deeper analysis, we identified that the campaign was delivering a new variant of Formbook malware....