top of page
ALL POSTS
China-Linked FishMonger APT Deploys SprySOCKS Windows Backdoor With Kernel-Level Stealth and UEFI Bootkit Capabilities
Key Findings FishMonger, a China-linked APT group, has ported SprySOCKS backdoor to Windows with two new variants: WIN_DRV and WIN_PLUS WIN_DRV uses kernel drivers to hide network connections, processes, files, and registry keys from user-level detection tools WIN_PLUS exploits the Windows Print Spooler service to blend malicious activity into normal system operations Both variants were deployed against government targets in Honduras, Taiwan, Thailand, and Pakistan between 20
Jun 173 min read
UEFI Security Flaw Compromises Boot Process in ASRock, ASUS, GIGABYTE, and MSI Motherboards
Key Findings A fundamental vulnerability in the UEFI firmware implementations of certain motherboards from ASRock, ASUS, GIGABYTE, and MSI allows attackers with physical access to bypass operating system security controls. The flaw, which is tracked as CVE-2025-14304, CVE-2025-11901, CVE-2025-14302, and CVE-2025-14303, stems from a discrepancy between what the firmware reports and what it actually does in terms of enabling the Input-Output Memory Management Unit (IOMMU). Desp
Dec 19, 20253 min read
bottom of page
