<ciso brief/>
Tag Banner

All news with #gokcpdoor tag

all tags →

Sat, November 1, 2025

China-Linked 'Bronze Butler' Exploits Lanscope Zero-Day

#Zero-Day #Active Exploitation #KEV Added #DLL Sideloading #Motex Lanscope #Bronze Butler #Gokcpdoor

🔒 Sophos researchers discovered China-linked espionage group Bronze Butler exploiting a zero-day in Motex Lanscope Endpoint Manager (CVE-2025-61932) to deploy an updated Gokcpdoor backdoor. The flaw enabled unauthenticated remote code execution as SYSTEM on affected versions (<=9.4.7.2), and attackers used OAED Loader, DLL sideloading, and multiplexed C2 channels to evade detection. Motex released patches on October 20, 2025, and CISA added the vulnerability to its KEV list; organizations are advised to upgrade immediately since no mitigations exist.

read more →