ctipilot.ch

DAEMON Tools Lite signed-build trojanisation (12.5.0.2421-12.5.0.2434) via Disc Soft Limited build infrastructure compromise — six-week distribution window 2026-04-08 → 2026-05-05

cve · CVE-2026-8398

Coverage timeline
1
first 2026-05-28 → last 2026-05-28
Briefs
1
1 distinct
Sources cited
27
22 hosts
Sections touched
1
deep_dive
Co-occurring entities
0
no co-occurrence

Story timeline

  1. 2026-05-28CTI Daily Brief — 2026-05-28
    deep_diveFirst coverage. CISA KEV add 2026-05-27. Build pipeline compromise (not publish-credential theft). Trojanised DTHelper.exe / DiscSoftBusServiceLite.exe / DTShellHlp.exe signed with valid AVB Disc Soft certificate. Kaspersky observed thousands of attempted secondary-payload installs. Safe: ≥12.6.0. Deep dive 2026-05-28.

Where this entity is cited

  • deep_dive1

Source distribution

  • attack.mitre.org3 (11%)
  • github.com2 (7%)
  • helpnetsecurity.com2 (7%)
  • kaspersky.com2 (7%)
  • bleepingcomputer.com1 (4%)
  • blog.daemon-tools.cc1 (4%)
  • blog.talosintelligence.com1 (4%)
  • ccb.belgium.be1 (4%)
  • other14 (52%)

External references

NVD · cve.org · CISA KEV

All cited sources (27)

Items in briefs about DAEMON Tools Lite signed-build trojanisation (12.5.0.2421-12.5.0.2434) via Disc Soft Limited build infrastructure compromise — six-week distribution window 2026-04-08 → 2026-05-05

No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.