Excel Add-in Attack Delivers CABINETRAT Malware Backdoor

Cyber Security News by CyberSum.net

Published on October 2, 2025 at 12:00 AM

3 sources

A national cyber incident response team has issued a warning about a new malware campaign deploying the CABINETRAT backdoor. Attackers are using malicious Excel add-in (XLL) files, often distributed in ZIP archives, to gain initial access to systems. The malware establishes persistence through registry modifications and scheduled tasks, cleverly loading its shellcode from a PNG image file. This full-featured backdoor is capable of information gathering, remote command execution, and file operations. To evade detection, the malware employs robust anti-virtualization and anti-analysis checks.

Also Read

OpenShift AI Flaw Allows Full Cluster Takeover (CVE-2025-10725)

A severe vulnerability in Red Hat OpenShift AI (CVE-2025-10725) allows low-privileged users to escalate their permissions to full cluster administrator. The flaw stems from an overly permissive ClusterRole assignment that grants any authenticated user the ability to create jobs across the entire cluster. An attacker with minimal access, such as a data scientist account, can abuse this permission to run malicious jobs with elevated rights. This could lead to a complete compromise of the cluster, including data theft and service disruption. Administrators are urged to mitigate the risk by immediately removing the insecure ClusterRoleBinding and adopting a least-privilege security model.

By Cyber Security News by CyberSum.netOctober 1, 2025 at 06:04 PM