antivirus bypass

Researchers say the UNC6485 cluster exploited CVE-2025-12480 in Gladinet Triofox by spoofing a localhost host header to bypass authentication, then abused the product’s antivirus configuration to run a malicious payload as SYSTEM; vendors have released patches and investigators provided indicators of compromise.