CERTFR-2026-AVI-0241: Vulnérabilité dans ClamAV
https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0241/
05.03.2026 15:18
👍 3
🔁 3
💬 0
📌 0
CERTFR-2026-AVI-0241: Vulnérabilité dans ClamAV
https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0241/
Another antivirus 🛡️, another unfulfilled promise 😣. @kaluche_ turns Avira's protection into a privilege escalation playground. This time: 3 LPE vectors 🆙 via symlink abuse (CVE-2026-27748, CVE-2026-27750) and unsafe deserialization (CVE-2026-27749).
Find out more: blog.quarkslab.com/avira-deseri...
Honestly, AI slop PRs are becoming increasingly draining and demoralizing for #Godot maintainers.
If you want to help, more funding so we can pay more maintainers to deal with the slop (on top of everything we do already) is the only viable solution I can think of:
fund.godotengine.org
How can we detect malicious documents exploiting CVE-2026-21509, the recent 0-day vulnerability in MS Office ?
I designed a YARA rule for this, which detects all the malicious files that have been reported.
To get the YARA rule and all the explanations: decalage.info/CVE-2026-215...
🦔 📹 New Video: Can office files be malicious without Macros?
➡️ VSTO Add-Ins
➡️ External Templates
➡️ Checklist for Office analysis
#MalwareAnalysisForHedgehogs
www.youtube.com/watch?v=RtHH...
Nice examples! I also maintain a list of the various attack techniques vs. file formats in the oletools wiki:
github.com/decalage2/ol...
reverse-2026.sessionize.com/session/1082... with @mad5quirrel.bsky.social
Blind trust: what is hidden behind the process of creating your PDF file?
swarm.ptsecurity.com/blind-trust-...
#vulnerability #cve #exploitation #infosec
🦀 Looking for Rust malware samples to practice analyzing? Our Rust Malware Sample Gallery just received a major update, with 20 new families added! github.com/decoderloop/...
#rust #rustlang #malware #infosec #ReverseEngineering #MalwareAnalysis #reversing
MacOS Infection Vector: Using AppleScripts to bypass Gatekeeper:
pberba.github.io/security/202...
#macOS #infosec #applescript #cybersecurity #exploitation #hacking
Videos and papers from this year's @virusbtn.bsky.social in Berlin are now available online. Amazing conference and looking forward to the next one: www.youtube.com/@virusbtn
There's some really big caveats to this. A thread.
Using .LNK files as lolbins
www.hexacorn.com/blog/2025/10...
At hack.lu I gave a presentation about "How to better identify (weaponized) file formats":
- Why do we need to identify file formats accurately?
- Why can the current tools (libmagic, magika) sometimes be bypassed?
- How can we do better?
You can now see it here: youtu.be/Qp5GDh2sj6A
#HackLu
I've put together a website which indexes all the recordings my rigs have made thus-far as well as those currently planned:
administraitor.video
(minimalist - I'm a mid-/backend dev! 😋)
How To Better Identify (Weaponized) File Formats With Ftguess - Philippe Lagadec
youtu.be/Qp5GDh2sj6A
#HackLu
This week I'm going to hack.lu, to give a presentation about file format identification:
Why do we need to identify file formats accurately?
Why can the current tools sometimes be bypassed, or make mistakes?
How can we do better?
2025.hack.lu/agenda/
Send me a DM if you'd like to meet there.
I'm happy to share that LIEF 0.17.0 is out: lief.re/blog/2025-09...
#ESETresearch has discovered #HybridPetya ransomware on VirusTotal: a UEFI-compatible copycat of the infamous Petya/NotPetya malware. HybridPetya is capable of bypassing UEFI Secure Boot on outdated systems. www.welivesecurity.com/en/eset-rese... 1/8
#ESETResearch has discovered the first known AI-powered ransomware, which we named #PromptLock. The PromptLock malware uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts on the fly, which it then executes 1/7
This explanation of Passkeys and FIDO2 is really good 👍
michaelwaterman.nl/2025/04/02/h...
Even though I've been away from the field for years, it's great to see that a simple tool that I initially launched in 2018 and with great collaborators (Artur Marzano, Corey Forman and Christian Clauss) has been used by so many professionals.
www.helpnetsecurity.com/2025/03/26/m...
#malware
Merci @gabrielthierry.bsky.social de revenir sur l'histoire incroyable des #ShadowBrokers en plusieurs parties #MustRead
Partie 1
open.substack.com/pub/pwned/p/...
Partie 2
open.substack.com/pub/pwned/p/...
Partie 3
open.substack.com/pub/pwned/p/...
Do you know examples of polyglot files that have been used in real-life to hide malware from detection/analysis tools?
There is at least this PDF/MHT: blogs.jpcert.or.jp/en/2023/08/m...
Do you know other real malware cases?
I made a Doom source port that runs within a PDF file.
PDFs support Javascript, so Emscripten is used to compile Doom to asm.js, which is then run within the PDF engine. Input/output is done by manipulating text input fields.
doompdf.pages.dev/doom.pdf
github.com/ading2210/do...
The nineth article (38 pages) of the Malware Analysis Series (MAS) is available on:
exploitreversing.com/2025/01/08/m...
Even though I haven't been on this subject for years, I promised I would write a series of ten articles, and the last one will be released next week (JAN/15).
#malware
New DCOM lateral movement technique discovered that bypasses traditional defenses. Unlike previous attacks relying on IDispatch interfaces, this method exploits undocumented COM interfaces within MSI, specifically targeting IMsiServer and IMsiCustomAction interfaces. 1/7
