Farewell to the InQuest Insider: Thank You for 78 Issues of Support

After 78 editions, the time has come to retire the InQuest Insider newsletter. Over the years, we've shared cutting-edge threat intelligence, Trystero statistics, the latest research, community tools, and global security events—all with the goal of keeping you informed and empowered in the fight against cyber threats. We want to extend our heartfelt thanks to you, our dedicated readers, for your continued support, engagement, and contributions to the cybersecurity community. While this marks the end of this newsletter, the journey continues! We encourage you to stay updated by subscribing to the OPSWAT newsletter, where you'll find the latest on MetaDefender, threat intelligence, and cybersecurity advancements. Thank you for being part of the InQuest journey—this is not goodbye, but a new beginning. Stay vigilant, stay informed, and as always, happy hunting! Stay Up-To-Date With OPSWAT.

Analyzing CVE-2025-21298: How OPSWAT MetaDefender Core™ Protects Against Zero-Day Attacks

Posted on 2025-02-25 by Stella Nguyen

In January 2025 alone, a staggering 4,085 vulnerabilities were received by NIST, creating an exceptionally high-risk start to the year as the surge in actively exploited threats escalates. Notably among them, CVE-2025-21298 is a zero-click RCE (remote code execution) vulnerability in Microsoft Windows OLE with a CVSS score of 9.8. This security flaw allows attackers to compromise systems simply by tricking users into previewing a malicious RTF email in Outlook — no clicks required.

InQuest Labs Research Spotlight

doom-captcha

The project works by leveraging Emscripten to compile a minimal port of Doom to WebAssembly and enable intercommunication between the C-based game runloop and the JavaScript-based CAPTCHA UI.

poe-ai-agent-example

This is an example build of using Poe.com's API to create an LLM based AI agent that can execute commands and tools in a multi-shot way without relying on LangGraph, LangChain, GCP Vertex, or Amazon Bedrock. It is just a generic multi shot LLM "agent" without the agentic framework.

LOLRMM

Welcome to LOLRMM (Living Off the Land Remote Monitoring and Management), a community-driven project that provides a curated list of Remote Monitoring and Management (RMM) tools that could potentially be abused by threat actors.

Global Security Events

Smuggling arbitrary data through an emoji

Is it really possible to encode arbitrary data in a single emoji?

Bybit Confirms Record-Breaking $1.5 Billion Crypto Heist in Sophisticated Cold Wallet Attack

Cryptocurrency exchange Bybit on Friday revealed that a "sophisticated" attack led to the theft of over $1.5 billion worth of cryptocurrency from one of its Ethereum cold (offline) wallets, making it the largest ever single crypto heist in history.

Auto-Color: An Emerging and Evasive Linux Backdoor

Between early November and December 2024, Palo Alto Networks researchers discovered new Linux malware called Auto-color. We chose this name based on the file name the initial payload renames itself after installation.

Useful Links

Support

Social

X.com

GitHub

InQuest Insider - Your monthly resource for the latest in cyber security news, trends, tips, and tools. Subscribe here.

Unsubscribe here.