CyberSecurityBoard
Sponsor Register Login

New FileFix attack uses cache smuggling to evade security software

A new cyberattack technique called FileFix has been discovered, leveraging cache smuggling to bypass traditional security software defenses. This innovative attack method exploits caching mechanisms to hide malicious payloads, making detection by antivirus and endpoint protection tools significantly more challenging. The FileFix attack manipulates how browsers and security solutions handle cached files, allowing attackers to smuggle harmful code past security filters and execute it on target systems. This technique represents a sophisticated evolution in evasion tactics, highlighting the need for enhanced security measures that can detect and mitigate cache-based threats. Organizations are urged to update their security protocols and remain vigilant against this emerging threat vector. The FileFix attack underscores the importance of continuous monitoring and advanced threat detection capabilities to protect against increasingly stealthy cyber threats.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 08 Oct 2025 19:50:19 +0000


Cyber News related to New FileFix attack uses cache smuggling to evade security software

New FileFix attack uses cache smuggling to evade security software - A new cyberattack technique called FileFix has been discovered, leveraging cache smuggling to bypass traditional security software defenses. This innovative attack method exploits caching mechanisms to hide malicious payloads, making detection by ...
1 month ago Bleepingcomputer.com
Innovative FileFix Attack Shows Potent New Ransomware Tactics - The article discusses a novel ransomware attack method dubbed the FileFix attack, which showcases advanced tactics used by cybercriminals to maximize damage and evade detection. This innovative attack leverages file manipulation techniques to lock ...
1 month ago Darkreading.com
25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
4 months ago Cybersecuritynews.com
FileFix and Cache Smuggling Attacks: New Threats in Web Security - FileFix and cache smuggling attacks represent emerging threats in the cybersecurity landscape, targeting web applications and their caching mechanisms to bypass security controls and inject malicious payloads. These attacks exploit vulnerabilities in ...
2 weeks ago Cybersecuritynews.com
Interlock ransomware adopts FileFix method to deliver malware - In the FileFix variation, the attacker weaponizes trusted Windows UI elements, such as File Explorer and HTML Applications (.HTA), to trick users into executing malicious PowerShell or JavaScript code without displaying any security warnings. This ...
4 months ago Bleepingcomputer.com
New FileFix attack uses steganography to drop Stealc malware - A new cyberattack campaign named FileFix has been discovered using advanced steganography techniques to deliver the Stealc malware. This attack method involves hiding malicious payloads within seemingly innocuous files, making detection challenging ...
1 month ago Bleepingcomputer.com
FileFix Attack Exploits Windows Browser Features to Bypass Mark-of-the-Web Protection - When users save webpages using Ctrl+S with “Webpage, Single File” or “Webpage, Complete” formats selected, files with HTML or XHTML+XML MIME types are saved without MOTW protection, the Windows security feature that warns ...
4 months ago Cybersecuritynews.com Rocke
How Purge Cache Keeps Your Website Content Fresh and Responsive - By bringing content closer to each visitor, CDNs improve performance and reduce load on the origin server - caching is the raison d'etre for CDNs. The reason for this is a CDN's effectiveness can be measured by the cache hit ratio, which is the ...
1 year ago Imperva.com
FileFix: New Multistage Steganography Malware Evades Detection - A new multistage steganography malware named FileFix has been uncovered, showcasing advanced evasion techniques that challenge traditional detection methods. FileFix uses steganography to hide malicious payloads within seemingly benign files, ...
1 month ago Infosecurity-magazine.com
New FileFix attack runs JScript while bypassing Windows MoTW alerts - The technique, was devised by security researcher mr.d0x Last week, the researcher showed how the first FileFix method worked as an alternative to 'ClickFix' attacks by tricking users into pasting a disguised PowerShell command into the ...
4 months ago Bleepingcomputer.com
SMTP Smuggling Allows Spoofed Emails to Bypass Authentication Protocols - A new attack technique named SMTP Smuggling can allow malicious actors to send out spoofed emails that bypass authentication mechanisms. SMTP Smuggling was discovered by Timo Longin, a researcher known for DNS attacks, in collaboration with SEC ...
1 year ago Securityweek.com
SMTP Smuggling Allows Spoofed Emails to Bypass Authentication Protocols - A new attack technique named SMTP Smuggling can allow malicious actors to send out spoofed emails that bypass authentication mechanisms. SMTP Smuggling was discovered by Timo Longin, a researcher known for DNS attacks, in collaboration with SEC ...
1 year ago Packetstormsecurity.com
Google Chrome's new cache change could boost performance - Google is introducing a significant change to Chrome's Back/Forward Cache behavior, allowing web pages to be stored in the cache, even if a webmaster specifies not to store a page in the browser's cache. "Bfcache is an in-memory cache that stores a ...
1 year ago Bleepingcomputer.com
CVE-2025-38066 - In the Linux kernel, the following vulnerability has been resolved: ...
4 months ago
McCaffrey Joins 'ASTORS' Champion SIMS Software Board of Advisors - SIMS Software, the leading provider of security information management software to the government and defense industries - and the 2023 Platinum 'ASTORS' Award Champion for Best Security Workforce Management Solution, is delighted to announce that ...
1 year ago Americansecuritytoday.com PLATINUM
What Is Software Piracy? - Software piracy has become a worldwide issue, with China, the United States and India being the top three offenders. In 2022, 6.2% of people worldwide visited software piracy websites. Software piracy doesn't require a hacker or skilled coder. Any ...
1 year ago Pandasecurity.com
HTTP Smuggling Attack: What You Need to Know - HTTP Smuggling Attack is a sophisticated cyber threat exploiting inconsistencies in HTTP protocol parsing between front-end and back-end servers. This vulnerability allows attackers to bypass security controls, manipulate web traffic, and potentially ...
2 months ago Cybersecuritynews.com CVE-2023-12345 CVE-2024-67890 APT29 Lazarus Group
CVE-2025-38344 - In the Linux kernel, the following vulnerability has been resolved: ...
4 months ago
CVE-2023-30853 - Gradle Build Action allows users to execute a Gradle Build in their GitHub Actions workflow. A vulnerability impacts GitHub workflows using the Gradle Build Action prior to version 2.4.2 that have executed the Gradle Build Tool with the configuration ...
2 years ago
CVE-2024-50278 - In the Linux kernel, the following vulnerability has been resolved: dm cache: fix potential out-of-bounds access on the first resume Out-of-bounds access occurs if the fast device is expanded unexpectedly before the first-time resume of the cache ...
11 months ago Tenable.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
KongTuke Attacking Windows Users With New Interlock RAT Variant Using FileFix Technique - A sophisticated malware campaign leveraging the KongTuke threat cluster has emerged, targeting Windows users through a novel FileFix technique that deploys an advanced PHP-based variant of the Interlock remote access trojan (RAT). Upon accessing an ...
4 months ago Cybersecuritynews.com
New "MITRE ATT&CK-like" framework outlines software supply chain attack TTPs - A new open framework seeks to outline a comprehensive and actionable way for businesses and security teams to understand attacker behaviors and techniques specifically impacting the software supply chain. The Open Software Supply Chain Attack ...
2 years ago Csoonline.com
Attack Vector vs Attack Surface: The Subtle Difference - Cybersecurity discussions about "Attack vectors" and "Attack surfaces" sometimes use these two terms interchangeably. This article guides you through the distinctions between attack vectors and attack surfaces to help you better understand the two ...
2 years ago Trendmicro.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)