HN55 - Double Zipping Danger: The 7-Zip Exploit That Could Hack Your PC
Exploit Brokers By Forgebound Research - Tech and Hacking News Commentary6 Feb 2025

HN55 - Double Zipping Danger: The 7-Zip Exploit That Could Hack Your PC

Welcome back to Exploit Brokers! In today's video, we dive deep into a critical 7‑Zip vulnerability that's being exploited by Russian cybercriminals to bypass Windows' security protections. If you've used 7‑Zip at all, you need to know how this flaw can let hackers sneak past the Mark-of-the-Web (MOTW) and deploy dangerous malware like Smoke Loader.
We'll also explore a parallel threat in the Go ecosystem—malicious packages exploiting caching mechanisms to gain persistent remote access to your system. From double-zipped archives to supply chain attacks, we break down the tactics, the risks, and most importantly, what you can do to protect yourself and your organization.
In this video you'll learn:
How the 7‑Zip vulnerability works and why updating to the latest version is crucial. The role of Windows' MOTW and how hackers are bypassing this key security feature. Details on the deployment of Smoke Loader malware and its implications. How malicious Go packages and supply chain attacks can compromise your systems. Practical tips to safeguard your data and networks against these emerging threats. Stay informed, stay secure—hit that like button, subscribe, and ring the bell for more cybersecurity insights!

Drop your questions or thoughts in the comments below—we love hearing from you!
#Cybersecurity #7Zip #WindowsSecurity #Malware #SmokeLoader #GoLang #SupplyChainAttack #Cybercrime #InfoSec #Hacking #RussianHackers #APT #NationStateHackers #exploits #ZeroDays
👍 Enjoyed the episode? Give it a like and share your thoughts in the comments below!
🔔 Don't forget to subscribe and hit the notification bell to stay updated on all things cybersecurity and tech.
Listen to our podcast on:
Apple Podcasts Spotify And wherever you get your podcasts!
Show Notes: https://exploitbrokers.com/podcasts/hn55
📢 Connect with us:
Newsletter: https://follow.exploitbrokers.com Twitter: @ExploitBrokers Medium: https://medium.com/@exploitbrokers TikTok: https://www.tiktok.com/@exploitbrokers

🔗 References & Sources * Malicious Cached Go Modules: https://thehackernews.com/2025/02/malicious-go-package-exploits-module.html * Russian hackers Exploit 7-zip: https://thehackernews.com/2025/02/russian-cybercrime-groups-exploiting-7.html

Det här avsnittet är hämtat från ett öppet RSS-flöde och publiceras inte av Podme. Det kan innehålla reklam.

Avsnitt(62)

Dual CVSS 10.0 Cisco Flaws, AI Malware Assembly Line, Qualcomm Zero-Day & More | HN65

Dual CVSS 10.0 Cisco Flaws, AI Malware Assembly Line, Qualcomm Zero-Day & More | HN65

This week on Hacking News, we're covering five stories that all share one theme: the things we trust most are the things being targeted. Cisco disclosed two CVSS 10.0 vulnerabilities in their Secure F...

26 Mars 23min

Cisco & Dell CVSS 10.0 Exploited for YEARS, Claude AI Jailbroken, ScarCruft Jumps Air Gaps | HN64

Cisco & Dell CVSS 10.0 Exploited for YEARS, Claude AI Jailbroken, ScarCruft Jumps Air Gaps | HN64

Two perfect CVSS 10.0 scores in one news cycle. A state-sponsored actor living inside Cisco's SD-WAN platform since 2023. A brand-new lateral movement technique called "Ghost NICs" that leaves no fore...

12 Mars 28min

600 Firewalls Breached by AI in 5 Weeks — Plus Chrome Zero-Day, CVSS 9.9 RCE & AI-Powered Malware | HN63

600 Firewalls Breached by AI in 5 Weeks — Plus Chrome Zero-Day, CVSS 9.9 RCE & AI-Powered Malware | HN63

AI is reshaping both sides of the cybersecurity battlefield — and fast. In this episode, we break down five stories that prove it: the first Chrome zero-day of 2026 (CVE-2026-2441), a near-perfect CVS...

5 Mars 28min

6 Zero-Days Exploited NOW, Lazarus Poisons npm, AI-Generated Malware & More | HN62

6 Zero-Days Exploited NOW, Lazarus Poisons npm, AI-Generated Malware & More | HN62

Microsoft just dropped patches for SIX actively exploited zero-day vulnerabilities — and that's just the beginning. In this week's Hacking News, we break down the February 2026 Patch Tuesday emergency...

26 Feb 24min

State Hackers Hit 37 Countries, BeyondTrust CVSS 9.9 RCE, Signal Hijacked & More | HN Ep. 61

State Hackers Hit 37 Countries, BeyondTrust CVSS 9.9 RCE, Signal Hijacked & More | HN Ep. 61

A newly uncovered state-backed espionage group has compromised 70 organizations across 37 countries in a single year — and they were scanning infrastructure in 155 more. In this episode of Hacking New...

19 Feb 21min

CRITICAL: Office Zero-Day + WordPress Admin Takeover + Chrome Extensions Stealing AI Chats | EP 60

CRITICAL: Office Zero-Day + WordPress Admin Takeover + Chrome Extensions Stealing AI Chats | EP 60

Microsoft just dropped an emergency patch for an Office zero-day being exploited in the wild. A WordPress plugin has a CVSS 10.0 vulnerability — that's the golden goose of hacking. 900,000 Chrome user...

29 Jan 24min

I'm Back and Introducing Forgebound Research | The Rebrand

I'm Back and Introducing Forgebound Research | The Rebrand

Exploit Brokers is back—under a new banner. In this episode, I explain why the show went quiet, what Forgebound Research means, and how the podcast is evolving. We're shifting to a hybrid model: some ...

12 Jan 8min

HN59 - Microsoft AI Discovers 20 Zero-Day Vulnerabilities in Bootloaders!

HN59 - Microsoft AI Discovers 20 Zero-Day Vulnerabilities in Bootloaders!

# Title * HN59 - Microsoft AI Discovers 20 Zero-Day Vulnerabilities in Bootloaders! ## Description 🔍 Microsoft's AI Uncovers 20 Zero-Day Threats | CoffeeLoader Malware Gets Smarter In this episode ...

3 Apr 202519min

Populärt inom Politik & nyheter

svenska-fall
aftonbladet-krim
motiv
p3-krim
aftonbladet-daily
spar
flashback-forever
rss-sanning-konsekvens
rss-expressen-dok
rss-krimreportrarna
rss-vad-fan-hande
rss-frandfors-horna
svd-ledarredaktionen
rss-flodet
rss-aftonbladet-krim
dagens-eko
rss-svalan-krim
spotlight
politiken
krimmagasinet