Cybersecurity researchers have disclosed details of a stealthy Python-based backdoor framework called DEEP#DOOR with capabilities to establish persistent access and harvest sensitive information from compromised hosts. The intrusion chain begins with execution of a batch script that disables Windows security controls and dynamically extracts additional malicious components.
Original (en)
Cybersecurity researchers have disclosed details of a stealthy Python-based backdoor framework called DEEP#DOOR that comes with capabilities to establish persistent access and harvest a wide range of sensitive information from compromised hosts. "The intrusion chain begins with execution of a batch script ('install_obf.bat') that disables Windows security controls, dynamically extracts an
Published
Apr 30, 2026, 06:36 PM UTC
13d ago
Significance
This intelligence item is a copyrighted vulnerability database listing. It contains detailed vulnerability information including: critical RCE vulnerabilities in enterprise platforms (Chamilo LMS, Smart Slider 3, various WordPress plugins); supply chain attacks (axios npm compromise, Bruno CLI); privilege escalation in cloud/container systems (Kubernetes, OpenShift, LXD); cryptographic weaknesses (OpenSSL, multiple TLS/SSL issues); and memory corruption flaws in media processing libraries (LibRaw, OpenEXR). Multiple vulnerabilities enable unauthenticated remote code execution, with exploitation evidence documented in some cases dating to March-April 2026.
Mandiant and Google GTIG report zero-day exploitation of CVE-2026-22769 (CVSS 10.0) in Dell RecoverPoint by suspected PRC-nexus threat actor UNC6201 since mid-2024, enabling deployment of SLAYSTYLE, BRICKSTORM, and novel GRIMBOLT malware. The report includes technical analysis of exploitation methods, persistence mechanisms via convert_hosts.sh modification, newly observed VMware pivot tactics including Ghost NICs and iptables-based Single Packet Authorization, and comprehensive remediation guidance with IOCs and YARA rules.
3e4509c5…openwatch.io →This is a detailed vulnerability intelligence report covering January 2026 CVE disclosures, organized by severity level. It includes critical vulnerabilities in major software platforms including Microsoft, Apple, Google Chrome, OpenSSL, Linux kernel, Kubernetes, container technologies, web frameworks (Django, Laravel, Rails), authentication systems, and industrial/IoT devices. Notable high-severity findings include buffer overflows, SQL injection, path traversal, authentication bypass, and remote code execution flaws in widely-deployed systems with active exploitation potential.