ZCyberNews
中文

#persistence

7 articles

Between April and May 2026, ZCyberNews published nine articles on persistence, with Comburglar, VENOMOUS#HELPER, and VoidLink emerging as the top threat actors. The coverage highlighted vulnerabilities including CVE-2023-30253, CVE-2024-48760, and CVE-2025-6793, affecting sectors such as government, enterprise, financial services, multiple, and technology. The threat was assessed as high severity, with a global impact and specific focus on the United States.

Metasploit Adds Vim Plugin Persistence, Exploits for Three CVEsHIGH
Tools & Techniques

Metasploit Adds Vim Plugin Persistence, Exploits for Three CVEs

Rapid7's Metasploit Framework adds Vim plugin persistence, exploits for CVE-2025-6793 (Marvell QConvergeConsole), CVE-2024-48760 (GestioIP), and CVE-2023-30253 (Dolibarr).

CVE-2025-6793CVE-2024-48760CVE-2023-30253
3 min read
Active Directory Password Resets Fail to Expel AttackersHIGH
Industry News

Active Directory Password Resets Fail to Expel Attackers

Specops Software explains how cached credentials, Kerberos tickets, and ACL persistence let attackers survive password resets in AD and hybrid Entra ID environments.

3 min read
Phishing Campaign Hijacks SimpleHelp, ScreenConnect RMM Tools at 80+HIGH
Threat Intel

Phishing Campaign Hijacks SimpleHelp, ScreenConnect RMM Tools at 80+

Securonix tracks VENOMOUS#HELPER phishing campaign using legitimate SimpleHelp and ScreenConnect RMM software for persistent remote access across 80+ organizations, mostly in the…

2 min readVENOMOUS#HELPER
Comburglar Intrusion: BHIS Details Stealthy C2 PersistenceHIGH
Threat Intel

Comburglar Intrusion: BHIS Details Stealthy C2 Persistence

Black Hills Information Security uncovers Comburglar intrusion technique enabling persistent C2 via compromised COM hijacking during a breach assessment engagement.

2 min readComburglar
VoidLink Rootkit Framework Combines LKM and eBPF for Linux PersistenceHIGH
Malware

VoidLink Rootkit Framework Combines LKM and eBPF for Linux Persistence

Elastic Security Labs dissects VoidLink, a Linux rootkit framework that blends Loadable Kernel Modules with eBPF hooks to evade detection and maintain stealthy persistence on…

3 min readVoidLink
Threat Actors Abuse Microsoft 365 Mailbox Rules for Silent Email InterceptionHIGH
Threat Intel

Threat Actors Abuse Microsoft 365 Mailbox Rules for Silent Email Interception

Attackers are exploiting hidden mailbox rules in compromised Microsoft 365 accounts to intercept sensitive emails, redirect financial communications, and suppress security alerts without triggering user notifications.

4 min read
VIPERTUNNEL Python Backdoor Evades Detection via Fake DLL and Obfuscated LoaderHIGH
Malware

VIPERTUNNEL Python Backdoor Evades Detection via Fake DLL and Obfuscated Loader

Threat actors deploy VIPERTUNNEL, a Python backdoor, using a fake DLL and multi-stage obfuscated loader to establish stealthy SOCKS5 proxy tunnels for persistent network access.

4 min read

Stay Updated

Get the latest cybersecurity news delivered to your inbox.