{"id":52666,"date":"2023-07-07T15:01:11","date_gmt":"2023-07-07T15:01:11","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/34780\/Truebot-RCE-Attacks-Exploit-Critical-Netwrix-Auditor-Bug.html"},"modified":"2023-07-07T15:01:11","modified_gmt":"2023-07-07T15:01:11","slug":"truebot-rce-attacks-exploit-critical-netwrix-auditor-bug","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/truebot-rce-attacks-exploit-critical-netwrix-auditor-bug\/","title":{"rendered":"Truebot RCE Attacks Exploit Critical Netwrix Auditor Bug"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/files.scmagazine.com\/wp-content\/uploads\/2023\/07\/trojan-horse-wood.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>Organizations in the U.S. and Canada are being targeted by new versions of the <a href=\"https:\/\/www.scmagazine.com\/brief\/malware\/truebot-malware-activity-spikes\">Truebot downloader trojan botnet<\/a>, adapted to exploit a critical remote code execution (RCE) vulnerability in Netwrix Auditor software.<\/p>\n<p>TrueBot, also known as Silence.Downloader, has been tied to a suspected Russian threat operation Silence, which is <a href=\"https:\/\/www.scmagazine.com\/news\/malware\/truebot-malware-linked-to-evil-corp-shifts-tactics-to-exploit-rces-usbs\">linked to Evil Corp<\/a> and the TA505 threat cluster. The <a href=\"https:\/\/www.scmagazine.com\/news\/ransomware\/ransomware-gang-clop-zero-day-moveit-2021\">Clop ramsonware gang<\/a>, recently in the headlines for its attacks on MOVEit Transfer users, is among those who have previously used Truebot to exfiltrate data from victims.<\/p>\n<p>The latest wave of Truebot attacks prompted a<a href=\"https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa23-187a\">n advisory<\/a> on Thursday released jointly by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigations (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC) and the Canadian Centre for Cyber Security (CCCS).<\/p>\n<p>In the advisory, the agencies said they had observed an increase in threat actors\u2019 use of the botnet as recently as May 31.<\/p>\n<p>Truebot variants have previously been delivered primarily via malicious phishing email attachments, the advisory said. With the newly observed versions, however, access to compromised systems can also be gained by exploiting a now-patched RCE vulnerability in Netwrix Auditor, a tool for tracking and analyzing changes in IT environments.<\/p>\n<p>The Netwrix Auditor vulnerability, <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-31199\">CVE-2022-31199<\/a>, has a CVSS v3 rating of 9.8 and was patched in June 2022.<\/p>\n<h2>One trojan, two delivery methods<\/h2>\n<p>In their advisory, the four agencies said threat actors were currently leveraging both the Netwrix Auditor vulnerability and phishing campaigns with malicious redirect hyperlinks to drop the new Truebot variants.<\/p>\n<p>As well as duping recipients into clicking a hyperlink to execute malware, \u201cattackers have also been observed concealing email attachments (executables) as software update notifications that appear to be legitimate,\u201d the advisory said.<\/p>\n<p>\u201cFollowing interaction with the executable, users will be redirected to a malicious web domain where script files are then executed.\u201d<\/p>\n<p>While that remained a prominent delivery method, the hackers had \u201cshifted tactics\u201d and begun taking advantage of the Netwrix Auditor RCE vulnerability.<\/p>\n<p>\u201cThrough exploitation of this CVE, cyber threat actors gain initial access, as well as the ability to move laterally within the compromised network,\u201d the advisory said.<\/p>\n<h2>Multiple tools used in attacks<\/h2>\n<p>\u201cFollowing the successful download of the malicious file, Truebot renames itself and then loads FlawedGrace onto the host,\u201d the advisory said.<\/p>\n<p>FlawedGrace is a remote access tool (RAT) that can receive incoming commands from a command-and-control server sent over a custom binary protocol using port 443 to deploy additional tools.<\/p>\n<p>\u201cTypically a few hours after Truebot\u2019s execution phase, cyber threat actors have been observed deploying additional payloads containing Cobalt Strike beacons for persistence and data exfiltration purposes,\u201d the advisory said.<\/p>\n<p><a href=\"https:\/\/www.scmagazine.com\/news\/cybercrime\/microsofts-cobalt-strike-anti-ransomware-front\">Cobalt Strike<\/a> is a red team penetration testing tool used in attack simulations. Cracked versions of the tool have become increasingly popular with threat actors.<\/p>\n<p>\u201cCyber threat actors use Cobalt Strike to move laterally via remote service session hijacking, collecting valid credentials through LSASS memory credential dumping, or creating local admin accounts to achieve pass the hash alternate authentication,\u201d the advisory said.<\/p>\n<p><a href=\"https:\/\/www.scmagazine.com\/brief\/cybercrime\/repurposable-nature-of-raspberry-robin-detailed\">Raspberry Robin<\/a>, a wormable malware with links to other malware families and various infection methods, has also been observed as part of the Truebot attacks.<\/p>\n<p>\u201cRaspberry Robin has evolved into one of the largest malware distribution platforms and has been observed deploying Truebot, as well as other post-compromise payloads such as IcedID and Bumblebee malware.\u201d<\/p>\n<h2>How to mitigate the risk<\/h2>\n<p>The agencies who authored the advisory set out a range of recommendations for mitigating the risk of Truebot attacks, including mandating phishing-resistant multifactor authentication (MFA) for all staff and services.<\/p>\n<p>The advisory includes indicators of compromise (IOCs) and detection rules to help organizations protect themselves against the new activity.<\/p>\n<p>Additionally, to minimize the risk to Netwrix Auditor users from the new variants of Truebot targeting the application, Netwrix recommends using its solution only on internally facing networks.<\/p>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/34780\/Truebot-RCE-Attacks-Exploit-Critical-Netwrix-Auditor-Bug.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":52667,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[10587],"class_list":["post-52666","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackermalwaretrojanflawbackdoor"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Truebot RCE Attacks Exploit Critical Netwrix Auditor Bug 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/truebot-rce-attacks-exploit-critical-netwrix-auditor-bug\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Truebot RCE Attacks Exploit Critical Netwrix Auditor Bug 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/truebot-rce-attacks-exploit-critical-netwrix-auditor-bug\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-07-07T15:01:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/files.scmagazine.com\/wp-content\/uploads\/2023\/07\/trojan-horse-wood.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/truebot-rce-attacks-exploit-critical-netwrix-auditor-bug\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/truebot-rce-attacks-exploit-critical-netwrix-auditor-bug\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Truebot RCE Attacks Exploit Critical Netwrix Auditor Bug\",\"datePublished\":\"2023-07-07T15:01:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/truebot-rce-attacks-exploit-critical-netwrix-auditor-bug\\\/\"},\"wordCount\":649,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/truebot-rce-attacks-exploit-critical-netwrix-auditor-bug\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/07\\\/truebot-rce-attacks-exploit-critical-netwrix-auditor-bug.jpg\",\"keywords\":[\"headline,hacker,malware,trojan,flaw,backdoor\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/truebot-rce-attacks-exploit-critical-netwrix-auditor-bug\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/truebot-rce-attacks-exploit-critical-netwrix-auditor-bug\\\/\",\"name\":\"Truebot RCE Attacks Exploit Critical Netwrix Auditor Bug 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/truebot-rce-attacks-exploit-critical-netwrix-auditor-bug\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/truebot-rce-attacks-exploit-critical-netwrix-auditor-bug\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/07\\\/truebot-rce-attacks-exploit-critical-netwrix-auditor-bug.jpg\",\"datePublished\":\"2023-07-07T15:01:11+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/truebot-rce-attacks-exploit-critical-netwrix-auditor-bug\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/truebot-rce-attacks-exploit-critical-netwrix-auditor-bug\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/truebot-rce-attacks-exploit-critical-netwrix-auditor-bug\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/07\\\/truebot-rce-attacks-exploit-critical-netwrix-auditor-bug.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/07\\\/truebot-rce-attacks-exploit-critical-netwrix-auditor-bug.jpg\",\"width\":800,\"height\":533},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/truebot-rce-attacks-exploit-critical-netwrix-auditor-bug\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,malware,trojan,flaw,backdoor\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackermalwaretrojanflawbackdoor\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Truebot RCE Attacks Exploit Critical Netwrix Auditor Bug\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Truebot RCE Attacks Exploit Critical Netwrix Auditor Bug 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/truebot-rce-attacks-exploit-critical-netwrix-auditor-bug\/","og_locale":"en_US","og_type":"article","og_title":"Truebot RCE Attacks Exploit Critical Netwrix Auditor Bug 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/truebot-rce-attacks-exploit-critical-netwrix-auditor-bug\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-07-07T15:01:11+00:00","og_image":[{"url":"https:\/\/files.scmagazine.com\/wp-content\/uploads\/2023\/07\/trojan-horse-wood.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/truebot-rce-attacks-exploit-critical-netwrix-auditor-bug\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/truebot-rce-attacks-exploit-critical-netwrix-auditor-bug\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Truebot RCE Attacks Exploit Critical Netwrix Auditor Bug","datePublished":"2023-07-07T15:01:11+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/truebot-rce-attacks-exploit-critical-netwrix-auditor-bug\/"},"wordCount":649,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/truebot-rce-attacks-exploit-critical-netwrix-auditor-bug\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/07\/truebot-rce-attacks-exploit-critical-netwrix-auditor-bug.jpg","keywords":["headline,hacker,malware,trojan,flaw,backdoor"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/truebot-rce-attacks-exploit-critical-netwrix-auditor-bug\/","url":"https:\/\/www.threatshub.org\/blog\/truebot-rce-attacks-exploit-critical-netwrix-auditor-bug\/","name":"Truebot RCE Attacks Exploit Critical Netwrix Auditor Bug 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/truebot-rce-attacks-exploit-critical-netwrix-auditor-bug\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/truebot-rce-attacks-exploit-critical-netwrix-auditor-bug\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/07\/truebot-rce-attacks-exploit-critical-netwrix-auditor-bug.jpg","datePublished":"2023-07-07T15:01:11+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/truebot-rce-attacks-exploit-critical-netwrix-auditor-bug\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/truebot-rce-attacks-exploit-critical-netwrix-auditor-bug\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/truebot-rce-attacks-exploit-critical-netwrix-auditor-bug\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/07\/truebot-rce-attacks-exploit-critical-netwrix-auditor-bug.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/07\/truebot-rce-attacks-exploit-critical-netwrix-auditor-bug.jpg","width":800,"height":533},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/truebot-rce-attacks-exploit-critical-netwrix-auditor-bug\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,malware,trojan,flaw,backdoor","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackermalwaretrojanflawbackdoor\/"},{"@type":"ListItem","position":3,"name":"Truebot RCE Attacks Exploit Critical Netwrix Auditor Bug"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/52666","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=52666"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/52666\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/52667"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=52666"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=52666"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=52666"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}