Chinese Group Silver Fox Uses Fake Websites to Deliver Sainbox RAT and Hidden Rootkit

June 27, 2025

A new campaign has been observed leveraging fake websites advertising popular software such as WPS Office, Sogou, and DeepSeek to deliver Sainbox RAT and the open-source Hidden rootkit.
The activity has been attributed with medium confidence to a Chinese hacking group called Silver Fox (aka Void Arachne), citing similarities in tradecraft with previous campaigns attributed to the threat actor.

Source: Read More

Previous ArticleSafePay ransomware: What you need to know

Next Article OneClik Malware Targets Energy Sector Using Microsoft ClickOnce and Golang Backdoors

Highlights

CVE-2025-4081 – DaVinci Resolve Dynamic Library Validation Bypass

May 29, 2025

CVE ID : CVE-2025-4081

Published : May 29, 2025, 3:15 p.m. | 1 hour, 47 minutes ago

Description : Use of entitlement “com.apple.security.cs.disable-library-validation” and lack of launch and library load constraints allows to substitute a legitimate dylib with malicious one. A local attacker with unprivileged access can execute the application with altered dynamic library successfully bypassing Transparency, Consent, and Control (TCC). Acquired resource access is limited to previously granted permissions by the user. Access to other resources beyond granted-permissions requires user interaction with a system prompt asking for permission.

This issue affects DaVinci Resolve on macOS in all versions.
Last tested version: 19.1.3

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How AI further empowers value stream management

12 Top ReactJS Development Companies in 2025

Not sure where to go with AI? Here’s your roadmap.

This week in AI dev tools: A2A donated to Linux Foundation, OpenAI adds Deep Research to API, and more (June 27, 2025)

The next big HDMI leap has arrived – here’s how these 16K cables will shake things up

Here’s how you can still trade in any phone at Verizon to get an iPhone, iPad, and Apple Watch free

Anthropic has a plan to combat AI-triggered job losses predicted by its CEO

Forget Google and Microsoft: OpenAI may be building the ultimate work suite of apps and services

Say hello to ECMAScript 2025

Say hello to ECMAScript 2025

Ecma International approves ECMAScript 2025: What’s new?

Building Together: PRFT Colleagues Volunteer with Atlanta Habitat for Humanity

Fix Elden Ring Nightreign Connection Errors And Server Login Failure PC

Fix Elden Ring Nightreign Connection Errors And Server Login Failure PC

Fix Now EAC Error 20006 in Elden Ring: Nightreign [6 Easy Tricks]

Fix Now Elden Ring Nightreign EAC Error 30005 (CreateFile Failed)

Chinese Group Silver Fox Uses Fake Websites to Deliver Sainbox RAT and Hidden Rootkit

5 Best Payment Gateways for SaaS: Your Ultimate Guide

Droip Review: Why You Should Choose Droip Over Traditional WordPress Page Builders in 2025

Waycheck shows Wayland compositor details

Anthropic Wins Landmark Case as Judge Rules AI Book Training Is Fair Use

CVE-2025-46728 – cpp-httplib Chunked Request Body Overflow

Microsoft kicks off testing its new GIF maker — right inside Windows 11

CVE-2025-4081 – DaVinci Resolve Dynamic Library Validation Bypass

Mastering Your Smartphone: 10 Features You Didn’t Know Existed

CVE-2025-42999 – SAP NetWeaver Remote Code Execution

CVE-2024-5962 – WSO2 WSO2 Reflected Cross-Site Scripting (XSS) Vulnerability

Chinese Group Silver Fox Uses Fake Websites to Deliver Sainbox RAT and Hidden Rootkit

Related Posts