Product

Windows 11

4 briefs RSS

Secret Blizzard Upgrades Kazuar Backdoor to Modular P2P Botnet

The Russian hacker group Secret Blizzard has evolved the Kazuar backdoor into a modular P2P botnet designed for persistence, stealth, and data collection, utilizing kernel, bridge, and worker modules for command and control and data exfiltration.

Exchange Web Services +2 Turla +4 kazuar p2p botnet espionage windows

2r 4t May 16, 2026

high advisory

CloudZ RAT Abuses Microsoft Phone Link to Steal SMS and OTPs

2 rules 1 TTP

A new version of the CloudZ RAT utilizes the Pheno plugin to hijack Microsoft Phone Link connections, enabling the theft of SMS messages and one-time passwords (OTPs) from victims' mobile devices.

Phone Link +2 cloudz malware rat microsoft-phone-link credential-theft otp sms

2r 1t May 5, 2026

high advisory

CloudZ RAT Abusing Windows Phone Link to Steal OTPs

2 rules 6 TTPs

An unknown attacker is using the CloudZ RAT and its Pheno plugin to hijack the Microsoft Phone Link application and intercept SMS and OTP messages from connected mobile devices, active since at least January 2026.

Windows 10 +2 cloudz rat pheno phone-link otp credential-theft

2r 6t May 5, 2026

high advisory

Windows HTTP.sys Local Privilege Escalation Vulnerability (CVE-2026-21250)

2 rules 1 TTP 1 CVE

A local privilege escalation vulnerability exists in Windows 11 24H2, Windows 11 25H2, and Windows Server 2022 23H2 due to improper handling of untrusted pointers in HTTP.sys via strcat truncation.

Windows 11 +1 local-privilege-escalation windows cve-2026-21250 http.sys

2r 1t 1c May 6, 2024