Since early 2025, Check Point Research (CPR) has tracked waves of Nimbus Manticore activity. Known as **UNC1549 or Smoke** **Sandstorm,** Nimbus Manticore is a mature Iran-nexus APT group that primarily targets aerospace and defense organizations in the Middle East and Europe. Some of its operations were also previously described as the _Iranian DreamJob_ campaign. […]

**security-research** Public # Entrust nShield Connect XC – Multiple Vulnerabilities Leading to Insecure Boot Chain Protections ## Package ## Affected versions ## Patched versions ## Description ### Summary The tested nShield Connect XC HSM appliance (software version 13.6.3) can be rooted and backdoored via physical attack vectors in less than […]

# Exploring GrapheneOS secure allocator: Hardened Malloc GrapheneOS is a mobile operating system based on Android and focusing on privacy and security. To enhance further the security of their product, GrapheneOS developpers introduced a new libc allocator : **hardened malloc.** This allocator has a security-focused design in mind to protect […]

Researcher **Published:** 17 September 2025 at 12:40 UTC **Updated:** 17 September 2025 at 13:01 UTC Many testers and tools give up the moment a protocol upgrade to WebSocket occurs, or only perform shallow analysis. This is a huge blind spot, leaving many bugs like Broken Access Controls, Race conditions, and […]

**Research by:** Antonis Terefos ( **@Tera0017**) The **Pure malware family** is a suite of malicious tools developed and sold by the author known as **PureCoder**. This suite includes **PureHVNC RAT** (a remote administration tool and predecessor to **PureRAT**), **PureCrypter** (a malware obfuscator), **PureLogs** (a stealer/logger), and several other tools. The malicious software is advertised and distributed through underground forums, Telegram channels, […]

# Dissecting DCOM part 1 This is the first article on the “Dissecting DCOM” series. This article aims at giving an introduction to the base principles of COM and DCOM protocols as well as a detailed network analysis of DCOM. No previous knowledge is required. The following articles will dig […]

Check Point Research discovered a new ransomware group on September 5. The group calls themselves Yurei (a sort of spirit in Japanese folklore), and initially listed one victim, a Sri Lankan food manufacturing company, on their darknet blog. These blogs are used by ransomware groups to list their victims, show […]

During our security research in 2024, we discovered several vulnerabilities in Apache Foundation projects that seem to have gotten ’lost in translation’ between our bug reports and the CVE assignment process. While we’ve been patiently waiting for these findings to officially ‘count,’ they’ve apparently been stuck longer than a software […]

# You Already Have Our Personal Data, Take Our Phone Calls Too (FreePBX CVE-2025-57819) We’re back – it’s a day, in a month, in a year – and once again, something has _happened._ In this week’s episode of “the Internet is made of string and there is literally no evidence […]

**security-research** Public # FFmpeg – Heap-buffer-overflow write in jpeg2000dec ## Package ## Affected versions ## Patched versions ## Description ### Summary The vulnerability lies in the Channel Definition cdef atom of JPEG2000 which is used to define the mapping of associated components to channels. If a chroma-subsampled pixel format is […]