In mid-2025, a malicious driver file was discovered on Asian computer systems, signed with a compromised digital certificate. This driver injects a backdoor Trojan and protects malicious files, processes, and registry keys. The final payload is a new variant of the ToneShell backdoor, associated with the HoneyMyte APT group. The attacks, which began in February 2025, primarily target government organizations in Southeast and East Asia, especially Myanmar and Thailand. The malware uses various techniques to evade detection, including API obfuscation, process protection, and registry key protection. The ToneShell backdoor communicates with command-and-control servers using fake TLS headers and supports remote operations such as file transfer and shell access.

AlienVault OTX General

Detailed information about The HoneyMyte APT now protects malware with a kernel-mode rootkit. Get real-time updates, technical details, and mitigation strategie

The HoneyMyte APT now protects malware with a kernel-mode rootkit - Live Threat Intelligence - Threat Radar | OffSeq.com

The HoneyMyte APT now protects malware with a kernel-mode rootkit

A security flaw has been discovered in D-Link DWR-M920 up to 1.1.50. Impacted is the function sub_42261C of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be exploited.

CVE Database V5

Detailed information about CVE-2025-15190: Stack-based Buffer Overflow in D-Link DWR-M920 affecting D-Link DWR-M920. Get real-time updates, technical details, a

CVE-2025-15190: Stack-based Buffer Overflow in D-Link DWR-M920 - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-15190: Stack-based Buffer Overflow in D-Link DWR-M920

A vulnerability was identified in D-Link DWR-M920 up to 1.1.50. This issue affects the function sub_464794 of the file /boafrm/formDefRoute. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used.

Detailed information about CVE-2025-15189: Buffer Overflow in D-Link DWR-M920 affecting D-Link DWR-M920. Get real-time updates, technical details, and mitigatio

CVE-2025-15189: Buffer Overflow in D-Link DWR-M920 - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-15189: Buffer Overflow in D-Link DWR-M920

A vulnerability was determined in Campcodes Complete Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/search-invoices.php. Executing manipulation of the argument searchdata can lead to cross site scripting. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.

Detailed information about CVE-2025-15188: Cross Site Scripting in Campcodes Complete Online Beauty Parlor Management System affecting Campcodes Complete Online

CVE-2025-15188: Cross Site Scripting in Campcodes Complete Online Beauty Parlor Management System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-15188: Cross Site Scripting in Campcodes Complete Online Beauty Parlor Management System

Critical 0day flaw Exposes 70,000 XSpeeder Devices as Vendor Ignores Alert

Source: https://hackread.com/xspeeder-0day-flaw-devices-vendor-ignores-alert/

Reddit InfoSec News

Detailed information about Critical 0day flaw Exposes 70,000 XSpeeder Devices as Vendor Ignores Alert. Get real-time updates, technical details, and mitigation 

Critical 0day flaw Exposes 70,000 XSpeeder Devices as Vendor Ignores Alert - Live Threat Intelligence - Threat Radar | OffSeq.com

Critical 0day flaw Exposes 70,000 XSpeeder Devices as Vendor Ignores Alert

Reddit Discussion: Critical 0day flaw Exposes 70,000 XSpeeder Devices as Vendor Ignores Alert

The ‘download’ button on the official EmEditor website served a malicious installer. The post Infostealer Malware Delivered in EmEditor Supply Chain Attack appeared first on SecurityWeek .

SecurityWeek

Detailed information about Infostealer Malware Delivered in EmEditor Supply Chain Attack. Get real-time updates, technical details, and mitigation strategies.

Infostealer Malware Delivered in EmEditor Supply Chain Attack

Infostealer Malware Delivered in EmEditor Supply Chain Attack

Description

Community Reviews

Related Threats

The HoneyMyte APT now protects malware with a kernel-mode rootkit

Evasive Panda cyberespionage campaign uses DNS poisoning to install MgBot backdoor

ThreatFox IOCs for 2025-12-28

ThreatFox IOCs for 2025-12-27

ThreatFox IOCs for 2025-12-26

Actions

External Links

Need more coverage?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility