CISA added a DAEMON Tools supply-chain attack to the KEV catalog, requiring FCEB agencies to apply fixes by May 30, 2026. The incident is tracked as CVE-2026-8398 with a CVSS v4 score of 9.3. Attackers gained unauthorized access to the vendor’s build or distribution infrastructure and trojanized three binaries: DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe. The malicious files were digitally signed using the legitimate AVB Disc Soft code-signing certificate, making the installers appear trustworthy and bypass signature-based detection. Separately, attackers spread Deno RAT by hosting counterfeit installers and plugins that masquerade as popular software, using social-engineering lures to drive downloads and execution.
"CISA has added the supply chain attack targeting DAEMON Tools software to its Known Exploited Vulnerabilities ( KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply necessary fixes by May 30, 2026. The incident is now being tracked under the identifier CVE-2026-8398 (CVSS v4 score: 9.3). "Attackers gained unauthorized access to the vendor's (AVB Disc Soft) build or distribution infrastructure and trojanized three binaries: DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe," according to the description of the CVE."
""These files were digitally signed with the legitimate AVB Disc Soft code-signing certificate, allowing the malicious installers to appear trustworthy and bypass signature-based detection.""
"Attackers are hosting counterfeit installers and plugins masquerading as popular software, including ChatGPT, Claude, ZENOLOGY, Ab"
#supply-chain-attacks #code-signing-abuse #known-exploited-vulnerabilities #malware-distribution #cve-management
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]