Anton Kargin

**Name of the Vulnerable Software and Affected Versions** DAEMON Tools Lite versions 12.5.0.2421 through 12.5.0.2434 **Description** A supply chain attack compromised official installation packages distributed via the legitimate website daemon-tools.cc between April 8, 2026, and May 5, 2026. Attackers accessed the build or distribution infrastructure of the vendor, AVB Disc Soft, to trojanize three binaries: `DTHelper.exe`, `DiscSoftBusServiceLite.exe`, and `DTShellHlp.exe`. Because these files were signed with a legitimate code-signing certificate, they could bypass signature-based detection. This issue involves dangerous undeclared capabilities that may allow a remote attacker to bypass existing security restrictions. **Recommendations** For versions 12.5.0.2421 through 12.5.0.2434, remove the affected installation and ensure the software is obtained from a verified, clean source. As a temporary mitigation, restrict the execution of the binaries `DTHelper.exe`, `DiscSoftBusServiceLite.exe`, and `DTShellHlp.exe`.