[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-8398":6},{"stargazers_count":4,"fetched_at":5},6,"2026-05-15T21:38:49.783Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":250,"aliases":251,"duplicate_of":9,"upstream":252,"downstream":253,"duplicates":254,"related":255,"reserved_at":9,"published_at":256,"modified_at":257,"state":258,"summary":259,"references_raw":266,"kevs":279,"epss":9,"epss_history":280,"metrics":281,"affected":292},"CVE-2026-8398","A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421 through 12.5.0.2434), distributed from the legitimate website daemon-tools.cc between approximately April 8, 2026, and May 5, 2026. Attackers gained unauthorized access to the vendor's (AVB Disc Soft) build or distribution infrastructure and trojanized three binaries: DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe. These files were digitally signed with the legitimate AVB Disc Soft code-signing certificate, allowing the malicious installers to appear trustworthy and bypass signature-based detection.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-506","Embedded Malicious Code","The product contains code that appears to be malicious in nature.","weakness","Incomplete","Class",[19,64,79],{"id":20,"name":21,"techniques":22},"CAPEC-442","Infected Software",[23,50],{"id":24,"name":25,"tactics":26,"countermeasures":30},"T1195.001","Compromise Software Dependencies and Development Tools",[27],{"id":28,"name":29},"TA0108","Initial Access",[31,36,40,45],{"id":32,"name":33,"tactic":34},"D3-SWI","Software Inventory",{"name":35},"Model",{"id":37,"name":38,"tactic":39},"D3-AVE","Asset Vulnerability Enumeration",{"name":35},{"id":41,"name":42,"tactic":43},"D3-SU","Software Update",{"name":44},"Harden",{"id":46,"name":47,"tactic":48},"D3-RS","Restore Software",{"name":49},"Restore",{"id":51,"name":52,"tactics":53,"countermeasures":55},"T1195.002","Compromise Software Supply Chain",[54],{"id":28,"name":29},[56,58,60,62],{"id":32,"name":33,"tactic":57},{"name":35},{"id":37,"name":38,"tactic":59},{"name":35},{"id":41,"name":42,"tactic":61},{"name":44},{"id":46,"name":47,"tactic":63},{"name":49},{"id":65,"name":66,"techniques":67},"CAPEC-448","Embed Virus into DLL",[68],{"id":69,"name":70,"tactics":71,"countermeasures":78},"T1027.009","Embedded Payloads",[72,75],{"id":73,"name":74},"TA0030","Defense Evasion",{"id":76,"name":77},"TA0005","Stealth",[],{"id":80,"name":81,"techniques":82},"CAPEC-636","Hiding Malicious Data or Code within Files",[83,137,143,212,243],{"id":84,"name":85,"tactics":86,"countermeasures":90},"T1001.002","Steganography",[87],{"id":88,"name":89},"TA0101","Command and Control",[91,96,100,104,108,112,116,120,124,128,133],{"id":92,"name":93,"tactic":94},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":95},"Detect",{"id":97,"name":98,"tactic":99},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":95},{"id":101,"name":102,"tactic":103},"D3-CSPP","Client-server Payload Profiling",{"name":95},{"id":105,"name":106,"tactic":107},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":95},{"id":109,"name":110,"tactic":111},"D3-NTSA","Network Traffic Signature Analysis",{"name":95},{"id":113,"name":114,"tactic":115},"D3-APCA","Application Protocol Command Analysis",{"name":95},{"id":117,"name":118,"tactic":119},"D3-NTCD","Network Traffic Community Deviation",{"name":95},{"id":121,"name":122,"tactic":123},"D3-RTSD","Remote Terminal Session Detection",{"name":95},{"id":125,"name":126,"tactic":127},"D3-RPA","Relay Pattern Analysis",{"name":95},{"id":129,"name":130,"tactic":131},"D3-NTF","Network Traffic Filtering",{"name":132},"Isolate",{"id":134,"name":135,"tactic":136},"D3-OTF","Outbound Traffic Filtering",{"name":132},{"id":138,"name":85,"tactics":139,"countermeasures":142},"T1027.003",[140,141],{"id":73,"name":74},{"id":76,"name":77},[],{"id":144,"name":145,"tactics":146,"countermeasures":149},"T1027.004","Compile After Delivery",[147,148],{"id":73,"name":74},{"id":76,"name":77},[150,154,158,162,166,171,176,180,184,188,192,196,200,204,208],{"id":151,"name":152,"tactic":153},"D3-FA","File Analysis",{"name":95},{"id":155,"name":156,"tactic":157},"D3-FIM","File Integrity Monitoring",{"name":95},{"id":159,"name":160,"tactic":161},"D3-DA","Dynamic Analysis",{"name":95},{"id":163,"name":164,"tactic":165},"D3-EFA","Emulated File Analysis",{"name":95},{"id":167,"name":168,"tactic":169},"D3-FEV","File Eviction",{"name":170},"Evict",{"id":172,"name":173,"tactic":174},"D3-DF","Decoy File",{"name":175},"Deceive",{"id":177,"name":178,"tactic":179},"D3-FE","File Encryption",{"name":44},{"id":181,"name":182,"tactic":183},"D3-RF","Restore File",{"name":49},{"id":185,"name":186,"tactic":187},"D3-CF","Content Filtering",{"name":132},{"id":189,"name":190,"tactic":191},"D3-LFP","Local File Permissions",{"name":132},{"id":193,"name":194,"tactic":195},"D3-RFAM","Remote File Access Mediation",{"name":132},{"id":197,"name":198,"tactic":199},"D3-CQ","Content Quarantine",{"name":132},{"id":201,"name":202,"tactic":203},"D3-CM","Content Modification",{"name":132},{"id":205,"name":206,"tactic":207},"D3-EAL","Executable Allowlisting",{"name":132},{"id":209,"name":210,"tactic":211},"D3-EDL","Executable Denylisting",{"name":132},{"id":213,"name":214,"tactics":215,"countermeasures":218},"T1218.001","Compiled HTML File",[216,217],{"id":73,"name":74},{"id":76,"name":77},[219,223,227,231,235,237,239],{"id":220,"name":221,"tactic":222},"D3-SCA","System Call Analysis",{"name":95},{"id":224,"name":225,"tactic":226},"D3-FCA","File Creation Analysis",{"name":95},{"id":228,"name":229,"tactic":230},"D3-PSA","Process Spawn Analysis",{"name":95},{"id":232,"name":233,"tactic":234},"D3-SCF","System Call Filtering",{"name":132},{"id":205,"name":206,"tactic":236},{"name":132},{"id":209,"name":210,"tactic":238},{"name":132},{"id":240,"name":241,"tactic":242},"D3-HBPI","Hardware-based Process Isolation",{"name":132},{"id":244,"name":245,"tactics":246,"countermeasures":249},"T1221","Template Injection",[247,248],{"id":73,"name":74},{"id":76,"name":77},[],[],[],[],[],[],[],"2026-05-15T07:30:29.287Z","2026-05-15T13:28:01.428Z","Awaiting Analysis",{"cisa_kev":260,"cisa_ransomware":260,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":261,"severity_score":262,"severity_version":263,"severity_source":264,"severity_vector":265,"severity_status":258},false,"critical",9.8,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[267,274],{"url":268,"sources":269,"tags":271},"https://securelist.com/tr/daemon-tools-backdoor/119654/",[270,264],"cve.org",[272,273],"Technical Description","Third Party Advisory",{"url":275,"sources":276,"tags":277},"https://blog.daemon-tools.cc/post/security-incident",[270,264],[278],"Vendor Advisory",[],[],[282,287],{"source":270,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":283},{"baseScore":284,"baseSeverity":285,"vectorString":286,"impactScore":9,"exploitabilityScore":9},9.3,"CRITICAL","CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",{"source":264,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":288,"cvss_v4_0":290},{"baseScore":262,"baseSeverity":285,"vectorString":265,"impactScore":262,"exploitabilityScore":289},10,{"baseScore":284,"baseSeverity":285,"vectorString":291,"impactScore":9,"exploitabilityScore":9},"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",[293],{"ecosystem":9,"name":294,"vendor":295,"product":296,"cpe_part":297,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":298},"DAEMON Tools Lite","avb disc soft","daemon tools lite","a",[299],{"version":300,"is_range":301,"range_type":270,"version_start":302,"version_start_type":303,"version_end":304,"version_end_type":305,"fixed_in":9},">= 12.5.0.2421, \u003C 2.6.0.*",true,"12.5.0.2421","including","2.6.0.*","excluding"]