Ayoub Aouragh November 01, 2025 1 min read

China-linked Tick group exploits Lanscope zero-day vulnerability

A new cybersecurity threat has emerged as the Tick group, a Chinese cyber espionage outfit, has been exploiting a critical vulnerability in the Motex Lanscope Endpoint Manager. This flaw, known as CVE-2025-61932, has a scary CVSS score of 9.3, which means it’s pretty much open season for attackers. They can remotely execute commands with SYSTEM privileges, putting corporate systems at serious risk.

JPCERT/CC recently confirmed that Tick has been actively using this exploit to install a backdoor on affected systems. This group, also known by a bunch of other names like Bronze Butler and Stalker Panda, has been around since at least 2006, mainly targeting organizations in East Asia, especially Japan. The attack involves deploying a backdoor called Gokcpdoor, which lets attackers maintain a foothold in compromised networks. If you’re using Lanscope, it might be time to tighten your security.

Share this article

Twitter LinkedIn Email

More insights from the team

Continue exploring adjacent research and threat briefings selected for their relevance to this topic.

View all articles

Nov 07, 2025 • 1 min

U.S. Congressional Budget Office faces suspected cyberattack

The U.S. Congressional Budget Office is in hot water after a suspected foreign cyberattack breached its network. The CBO recently confirmed the incident, raising concerns about the potential exposu...

Researchers uncover vulnerabilities in ChatGPT that expose data

Hey there! If you’re a fan of ChatGPT, you might want to pay attention. Researchers just uncovered a bunch of vulnerabilities in OpenAI's latest models, GPT-4o and GPT-5. These issues could let att...

Gootloader malware resurfaces with new tactics after seven months

Gootloader malware is back in the game after a seven-month hiatus, and it’s got some new tricks up its sleeve. This sneaky malware loader is once again using SEO poisoning to push fake websites tha...