<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-03T11:49:40.248872+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/112003d3-72d0-4ffe-b4a1-63a6fe4c4e07/export</id>
    <title>112003d3-72d0-4ffe-b4a1-63a6fe4c4e07</title>
    <updated>2026-07-03T11:49:40.267592+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "112003d3-72d0-4ffe-b4a1-63a6fe4c4e07", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24932", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/9ad23752-91ed-4cda-9d49-ec8f9d4e0c0b", "content": "", "creation_timestamp": "2026-06-23T14:04:05.351474Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/112003d3-72d0-4ffe-b4a1-63a6fe4c4e07/export"/>
    <published>2026-06-23T14:04:05.351474+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/a8719446-1b0d-481b-9848-a942c345c920/export</id>
    <title>a8719446-1b0d-481b-9848-a942c345c920</title>
    <updated>2026-07-03T11:49:40.269957+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "a8719446-1b0d-481b-9848-a942c345c920", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24932", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/3882ebf5-2350-49df-a062-e1dd7b094345", "content": "", "creation_timestamp": "2026-06-19T12:46:55.491579Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/a8719446-1b0d-481b-9848-a942c345c920/export"/>
    <published>2026-06-19T12:46:55.491579+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/b122da64-5ab1-47c7-b546-131f82f81d87/export</id>
    <title>b122da64-5ab1-47c7-b546-131f82f81d87</title>
    <updated>2026-07-03T11:49:40.270088+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "b122da64-5ab1-47c7-b546-131f82f81d87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24932", "type": "seen", "source": "https://bsky.app/profile/systemcenterdudes.com/post/3mogj3hdss72u", "content": "This post explains what is really happening under CVE-2023-24932 (BlackLotus vulnerability), the 4 mitigations and how to apply them manually with #PowerShell, and much more - www.systemcenterdudes.com/blacklotus-r...\n\n#CyberSecurity #BlackLotus #MSIntune", "creation_timestamp": "2026-06-16T19:15:09.448914Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/b122da64-5ab1-47c7-b546-131f82f81d87/export"/>
    <published>2026-06-16T19:15:09.448914+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/98218782-8f7d-4730-9caa-22752aee05e2/export</id>
    <title>98218782-8f7d-4730-9caa-22752aee05e2</title>
    <updated>2026-07-03T11:49:40.270200+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "98218782-8f7d-4730-9caa-22752aee05e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24932", "type": "seen", "source": "https://bsky.app/profile/lasenal.bsky.social/post/3mog6ktu4xe2p", "content": "\ud83d\udea8 El backdoor SprySOCKS (grupo Earth Lusca) salta de Linux a Windows con 2 variantes nuevas: una se oculta con un kernel driver, otra abusa del Print Spooler. Posible bootkit UEFI (CVE-2023-24932). Parchea y vigila. \ud83d\udee1\ufe0f\n\nLeer en The Hacker News \u2192\n\n#Ciberseguridad", "creation_timestamp": "2026-06-16T16:06:53.403932Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/98218782-8f7d-4730-9caa-22752aee05e2/export"/>
    <published>2026-06-16T16:06:53.403932+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/a2379902-a0fc-424d-bfa7-57e777952c20/export</id>
    <title>a2379902-a0fc-424d-bfa7-57e777952c20</title>
    <updated>2026-07-03T11:49:40.270302+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "a2379902-a0fc-424d-bfa7-57e777952c20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24932", "type": "seen", "source": "https://bsky.app/profile/lasenal.bsky.social/post/3mog6bbvwt42p", "content": "\ud83d\udea8 El backdoor SprySOCKS (Earth Lusca) salta de Linux a Windows con 2 variantes nuevas: una se oculta con un kernel driver, otra abusa del Print Spooler. Posible bootkit UEFI (CVE-2023-24932). Parchea y vigila. \ud83d\udee1\ufe0f\n\nhttps://thehackernews.com/2026/06/china-linked-sprysocks-backdoor-expands.html", "creation_timestamp": "2026-06-16T16:01:32.820447Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/a2379902-a0fc-424d-bfa7-57e777952c20/export"/>
    <published>2026-06-16T16:01:32.820447+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/c97c62c9-fd13-42fd-a75d-5977109c2856/export</id>
    <title>c97c62c9-fd13-42fd-a75d-5977109c2856</title>
    <updated>2026-07-03T11:49:40.270402+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "c97c62c9-fd13-42fd-a75d-5977109c2856", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24932", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mofk3kziyt23", "content": "ESET found Windows SprySOCKS backdoor variants used against government orgs in Taiwan, Thailand, Pakistan, and Honduras, with high-confidence attribution to Earth Lusca and possible ties to CVE-2023-24932. #Taiwan #EarthLusca #SprySOCKS", "creation_timestamp": "2026-06-16T10:00:27.432681Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/c97c62c9-fd13-42fd-a75d-5977109c2856/export"/>
    <published>2026-06-16T10:00:27.432681+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/276c8741-5d08-4dcc-8711-8364dcd48934/export</id>
    <title>276c8741-5d08-4dcc-8711-8364dcd48934</title>
    <updated>2026-07-03T11:49:40.270504+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "276c8741-5d08-4dcc-8711-8364dcd48934", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24932", "type": "seen", "source": "https://krebsonsecurity.com/2026/01/patch-tuesday-january-2026-edition/", "content": "", "creation_timestamp": "2026-01-13T23:47:38.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/276c8741-5d08-4dcc-8711-8364dcd48934/export"/>
    <published>2026-01-13T23:47:38+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/2c3927b4-0020-4761-be5e-f88031c5d1c2/export</id>
    <title>2c3927b4-0020-4761-be5e-f88031c5d1c2</title>
    <updated>2026-07-03T11:49:40.270609+00:00</updated>
    <author>
      <name>Clément Fouque</name>
      <uri>https://cvepremium.circl.lu/user/clement-fouque</uri>
    </author>
    <content>{"uuid": "2c3927b4-0020-4761-be5e-f88031c5d1c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "e92402ac-b04a-4e73-ad0b-3c8344ca18bd", "vulnerability": "CVE-2023-24932", "type": "exploited", "source": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932", "content": "", "creation_timestamp": "2025-10-16T12:32:54.249939Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/2c3927b4-0020-4761-be5e-f88031c5d1c2/export"/>
    <published>2025-10-16T12:32:54.249939+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/c831d801-f471-4370-8745-79cfc04138ab/export</id>
    <title>c831d801-f471-4370-8745-79cfc04138ab</title>
    <updated>2026-07-03T11:49:40.271661+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "c831d801-f471-4370-8745-79cfc04138ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24932", "type": "seen", "source": "MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d", "content": "", "creation_timestamp": "2025-08-31T03:00:51.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/c831d801-f471-4370-8745-79cfc04138ab/export"/>
    <published>2025-08-31T03:00:51+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/42a36590-afec-47f4-978c-f1fff02df778/export</id>
    <title>42a36590-afec-47f4-978c-f1fff02df778</title>
    <updated>2026-07-03T11:49:40.271790+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "42a36590-afec-47f4-978c-f1fff02df778", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24932", "type": "published-proof-of-concept", "source": "Telegram/O3NuM9Mq4SCXqBgDe5Z0H8KyVT7NeMwDEztuFj2IIEQAA90", "content": "", "creation_timestamp": "2025-05-12T11:00:06.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/42a36590-afec-47f4-978c-f1fff02df778/export"/>
    <published>2025-05-12T11:00:06+00:00</published>
  </entry>
</feed>
