This post looks at interesting COM object methods exposed in properties and sub-properties of COM objects.

A highly advanced China-nexus espionage group exploited a 2023 VMware vulnerability as far back as 2021.

Hancitor uses several capabilities within malicious macros that support malware installation and data theft. These capabilities include leveraging uncommon APIs and obscuring malicious PowerShell commands, tactics that make it a challenge to detect.

We observed attackers leveraging the latest code execution and persistence techniques to distribute malicious macro-based documents to individuals in Asia and the Middle East.

This is the second of two blogs that discuss the implementation of the Windows console architecture from years past, with a primary focus on the current implementation present on modern versions of Windows.

CLINKSINK drainer is being distributed to steal funds and tokens from Solana (SOL) cryptocurrency users.

We have discovered a new backdoor uploaded by a U.S.-based entity to a public malware repository in August 2020 that we have named SUNSHUTTLE.

FLARE VM is a freely available and open sourced Windows-based security distribution designed for reverse engineers, malware analysts, incident responders, forensicators, and penetration testers.

This ICS/OT attack represents the latest evolution in Russia's cyber physical attack capability.

We detail UNC2975 campaigns that leveraged malicious advertisements to deliver backdoor malware.