China-linked Hackers Exploit Lanscope Zero-Day to Deploy Gokcpdoor Malware

China-linked Hackers Exploit Lanscope Zero-Day to Deploy Gokcpdoor Malware

First seen 4 Nov 2025, 11:09 UTC BleepingcomputerScworld 85% similarity 51.1

Article Content

Browse articles
ThreatCluster

Cyber-espionage group Bronze Butler, also known as Tick, has exploited a zero-day vulnerability in Motex Lanscope Endpoint Manager, identified as CVE-2025-61932. This critical request origin verification flaw was used to deploy an updated version of the Gokcpdoor malware to steal confidential information. The attacks were observed by Sophos researchers in mid-2025 before the vulnerability was patched.

ThreatCluster AI

Community

Browse all →