Multiple Malware Variants Distributed Through Microsoft OneNote
Spear-phishing emails with malicious Microsoft OneNote attachments were discovered delivering variants from the AsyncRAT, Formbook¸ Remcos, and XWorm malware families.
Multiple legitimate Microsoft Windows utilities were used to carry out the operation including cmd, BITSAdmin, PowerShell, wscript, and curl.
The adversary took advantage of the right-to-left override (RTLO or RLO) technique to convince the victim to execute files which appeared to be benign.
Featured Resources
View More Resources
CVE-2025-64669: Uncovering Local Privilege Escalation Vulnerability in Windows Admin Center
Ilan Kalendarov, Security Research Team LeadBen Zamir, Security ResearcherElad Beber, Security Researcher Executive Summary Cymulate Research Labs has uncovered a local privilege
Shai-Hulud 2.0: NPM Supply Chain Attack Exposes the SDLC's Weakest Link
Idan Sherman, Security Researcher Executive summary The "Shai-Hulud" supply chain campaign has returned, striking harder and smarter than before. This
Top 5 Must-Have Features in an Exposure Management Platform
Security teams are under growing pressure to reduce risk faster and prove resilience continuously. Attack surfaces expand with every new