Ransomware on HackingPassion.com : root@HackingPassion.com-[~]https://hackingpassion.com/tags/ransomware/Recent content in Ransomware on HackingPassion.com : root@HackingPassion.com-[~]HugoenMon, 11 May 2026 14:22:19 +0200GhostLock Delivers Ransomware Impact on Windows Without Touching a Single Filehttps://hackingpassion.com/ghostlock-smb-file-lock-ransomware/Mon, 11 May 2026 14:22:19 +0200https://hackingpassion.com/ghostlock-smb-file-lock-ransomware/<p><strong>GhostLock locks every shared file on any Windows network in minutes using nothing but a standard login, and every security tool watching stays completely silent. This has been possible for over 30 years. Microsoft is not going to patch this.</strong></p> <p>Security researcher Kim Dvash published the proof of concept in May 2026, after discovering the technique during a prior authorized red team engagement.</p> <p><strong>SMB</strong> is the protocol Windows uses to share files across a network. When a program opens a file over SMB, it tells Windows how it wants to share that file with other programs at the same time. Set that sharing mode to zero using a parameter called <code>dwShareMode</code> in the <code>CreateFileW</code> API call, and Windows grants an <strong>exclusive deny-share handle</strong>. While that handle is held open, every other process, user, or system trying to open the same file gets back one thing:</p>GootLoader Tricks Security Tools Into Seeing a Safe File While Windows Runs Malwarehttps://hackingpassion.com/gootloader-zip-evasion-2026/Sun, 18 Jan 2026 11:28:38 +0100https://hackingpassion.com/gootloader-zip-evasion-2026/<p>GootLoader is back. This week, researchers discovered their newest trick: a way to make security tools completely blind. Your antivirus scans the ZIP file. Nothing found. WinRAR tries to open it. Fails. 7-Zip tries. Also fails. Corrupted file, right? But when you double-click it, Windows opens it just fine. And now you&rsquo;re infected. 🧐</p> <p>The trick is simple but brilliant. They take 500 to 1000 ZIP files and glue them together into one massive file. Most analysis tools read ZIP files from the beginning. They hit the first archive, see garbage, and crash. But here is the thing about ZIP files. They are actually read from the END. The &ldquo;End of Central Directory&rdquo; record tells the reader where to find the actual content. Windows knows this. It skips all the junk, finds the last valid archive, and happily extracts the malware.</p>SAP Just Got Breached: Four Critical Vulnerabilities Let Attackers Steal Financial Data (CVE-2026-0501)https://hackingpassion.com/sap-patch-tuesday-four-critical-vulnerabilities-cve-2026-0501/Tue, 13 Jan 2026 14:03:32 +0100https://hackingpassion.com/sap-patch-tuesday-four-critical-vulnerabilities-cve-2026-0501/<h1 id="sap-just-patched-four-critical-vulnerabilities">SAP just patched four critical vulnerabilities</h1> <p>SAP just patched four critical vulnerabilities. CVSS scores up to 9.9. One lets attackers run code with nothing but a malicious link. 425,000 companies run SAP. Over 85% of Fortune 500. The patches dropped today, January 13, 2026. 🧐</p> <p>SAP Patch Tuesday just landed with seventeen security notes. Four are HotNews - SAP&rsquo;s term for patch immediately or accept the consequences.</p> <p>The most severe vulnerability lets someone with a basic user account run arbitrary SQL queries against the entire financial database.</p>