Silent Harvest: Extracting Windows Secrets Under the Radar

Source: https://sud0ru.ghost.io/silent-harvest-extracting-windows-secrets-under-the-radar/

The threat titled "Silent Harvest: Extracting Windows Secrets Under the Radar" appears to describe a technique or set of techniques aimed at stealthily extracting sensitive information from Windows systems. Although detailed technical specifics are not provided in the source information, the title and context imply that the threat involves covert methods to access Windows secrets, which could include credentials, cryptographic keys, or other sensitive authentication material stored or cached on Windows machines. Such techniques often leverage legitimate Windows APIs, memory scraping, or subtle exploitation of system components to avoid detection by traditional security tools. The lack of affected versions and patch links suggests this might be a newly observed or theoretical method rather than a disclosed vulnerability with a known fix. The source being a Reddit NetSec post linked to an external blog indicates the information is emerging and may be based on research or proof-of-concept demonstrations rather than widespread exploitation. The minimal discussion and low Reddit score further suggest this is early-stage intelligence rather than a broadly recognized or exploited threat. However, the medium severity rating implies that if leveraged, this technique could enable attackers to gain unauthorized access to critical Windows secrets, potentially facilitating lateral movement, privilege escalation, or persistent access within compromised environments.

Reddit NetSec

Detailed information about Silent Harvest: Extracting Windows Secrets Under the Radar. Get real-time updates, technical details, and mitigation strategies.

Silent Harvest: Extracting Windows Secrets Under the Radar - Live Threat Intelligence - Threat Radar | OffSeq.com

Silent Harvest: Extracting Windows Secrets Under the Radar

Reddit Discussion: Silent Harvest: Extracting Windows Secrets Under the Radar

Tenda O3V2 1.0.0.12(3880) is vulnerable to Buffer Overflow in the fromSafeSetMacFilter function via the mac parameter.

CVE-2025-55613 is a buffer overflow vulnerability identified in the Tenda O3V2 device firmware version 1.0.0.12(3880). The flaw exists in the fromSafeSetMacFilter function, which processes the 'mac' parameter. Buffer overflow vulnerabilities occur when a program writes more data to a buffer than it can hold, potentially overwriting adjacent memory. In this case, improper handling of the 'mac' parameter input allows an attacker to overflow the buffer, which can lead to arbitrary code execution, denial of service, or system instability. The vulnerability is located in a network device firmware, which typically operates with elevated privileges and network exposure, increasing the risk. No CVSS score has been assigned yet, and no known exploits have been reported in the wild. The affected version is specifically 1.0.0.12(3880), with no other versions explicitly listed. The lack of patch links suggests that no official fix has been publicly released at the time of this report. Because the vulnerability involves a network-facing function related to MAC filtering, it could be exploited remotely if the device's management interface is accessible, potentially without authentication if the function is exposed. This elevates the risk of exploitation in environments where these devices are deployed without adequate network segmentation or access controls.

CVE Database V5

Detailed information about CVE-2025-55613: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-55613: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-55613: n/a

Fake Mac fixes trick users into installing new Shamos infostealer

Source: https://www.bleepingcomputer.com/news/security/fake-mac-fixes-trick-users-into-installing-new-shamos-infostealer/

The reported threat involves a new variant of the Shamos infostealer malware that is being distributed through deceptive phishing campaigns targeting macOS users. Attackers are leveraging fake 'Mac fixes'—likely fraudulent software updates, patches, or system repair tools—to trick users into downloading and installing the Shamos infostealer. Once installed, this malware is designed to stealthily harvest sensitive information from the infected system, which may include credentials, personal data, browser histories, and other confidential information. The delivery method relies heavily on social engineering, exploiting user trust in purported system fixes to bypass typical security awareness. Although no specific affected software versions are mentioned, the threat targets macOS environments, which traditionally have been less targeted than Windows but are increasingly attractive due to their growing market share and perceived security. The absence of known exploits in the wild suggests this campaign might be in early stages or limited distribution, but the high severity rating indicates significant potential impact if widely deployed. The technical details confirm the source as a Reddit InfoSec news post linking to a trusted cybersecurity news outlet, BleepingComputer, which lends credibility to the report. However, minimal discussion and low Reddit score imply limited current visibility or spread. Overall, this threat represents a sophisticated phishing vector combined with a potent infostealer payload aimed at macOS users, emphasizing the evolving threat landscape for Apple platforms.

Reddit InfoSec News

Detailed information about Fake Mac fixes trick users into installing new Shamos infostealer. Get real-time updates, technical details, and mitigation strategie

Fake Mac fixes trick users into installing new Shamos infostealer - Live Threat Intelligence - Threat Radar | OffSeq.com

Fake Mac fixes trick users into installing new Shamos infostealer

Reddit Discussion: Fake Mac fixes trick users into installing new Shamos infostealer

Investigation Report: APT36 Malware Campaign Using Desktop Entry Files and Google Drive Payload Delivery

CIRCL OSINT Feed

seemysitelive.store: Enriched via the dns module

Detailed information about Investigation Report: APT36 Malware Campaign Using Desktop Entry Files and Google Drive Payload Delivery. Get real-time updates, tech

Investigation Report: APT36 Malware Campaign Using Desktop Entry Files and Google Drive Payload Delivery - Live Threat Intelligence - Threat Radar | OffSeq.com

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 through 2024.Q4.6, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.20 and 7.4 GA through update 92 allows an remote authenticated attacker to inject JavaScript into the PortalUtil.escapeRedirect

Detailed information about CVE-2025-43760: CWE-79: Cross-site Scripting in Liferay Portal affecting Liferay Portal. Get real-time updates, technical details, an

CVE-2025-43760: CWE-79: Cross-site Scripting in Liferay Portal

CVE-2025-43760: CWE-79: Cross-site Scripting in Liferay Portal

Description

Technical Details

Related Threats

CVE-2025-55613: n/a

CVE-2025-57800: CWE-523: Unprotected Transport of Credentials in advplyr audiobookshelf

CVE-2025-55637: n/a

CVE-2025-55634: n/a

CVE-2025-55631: n/a

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility