China-linked Bronze Butler Exploits Motex Lanscope Zero-Day Vulnerability

China-linked Bronze Butler Exploits Motex Lanscope Zero-Day Vulnerability

First seen 2 Dec 2025, 18:33 UTC BleepingcomputerScworld 85% similarity 68.7

Article Content

Browse articles
ThreatCluster

China-linked cyber-espionage group Bronze Butler, also known as Tick, exploited a zero-day vulnerability in Motex Lanscope Endpoint Manager, identified as CVE-2025-61932. This critical request origin verification flaw was used to deploy an updated version of their Gokcpdoor malware to steal confidential information. The exploitation was observed by Sophos researchers in mid-2025 before a patch was released.

ThreatCluster AI

Community

Browse all →