sctocs

Konni Spreads EndRAT via Phishing and Uses KakaoTalk to Distribute Malware

Cybersecurity researchers have identified a new cyber espionage campaign carried out by the North Korean threat group Konni. The attackers are using phishing emails to compromise victims and then leveraging the popular messaging platform KakaoTalk to distribute malware to additional targets. The activity was analyzed by South Korean cybersecurity company Genians, whose researchers observed a multi stage attack designed […]

Konni Spreads EndRAT via Phishing and Uses KakaoTalk to Distribute Malware Read More »

CISA Warns of Actively Exploited Wing FTP Vulnerability Exposing Server Paths

The U.S. Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency, has added a newly identified vulnerability in Wing FTP Server to its Known Exploited Vulnerabilities (KEV) catalog after confirming that the flaw is being actively abused by attackers. The issue, tracked as CVE-2025-47813 with a CVSS score of 4.3, allows attackers to obtain

CISA Warns of Actively Exploited Wing FTP Vulnerability Exposing Server Paths Read More »

GlassWorm Attack Uses Stolen GitHub Tokens to Inject Malware Into Python Repositories

Security researchers have uncovered a new phase of the GlassWorm malware campaign, where attackers are abusing stolen GitHub tokens to inject malicious code into hundreds of Python repositories. The attack targets widely used Python projects and can infect developers who download or execute code from compromised repositories. According to research from supply chain security firm StepSecurity,

GlassWorm Attack Uses Stolen GitHub Tokens to Inject Malware Into Python Repositories Read More »

ClickFix Campaigns Distribute MacSync macOS Infostealer Through Fake AI Tool Installers

Cybersecurity researchers have identified multiple ClickFix malware campaigns distributing a macOS information stealing malware known as MacSync. The campaigns rely heavily on social engineering techniques that trick users into manually executing malicious commands in the macOS Terminal. Security experts from Sophos explained that the attacks differ from traditional exploit driven campaigns. Instead of exploiting software

ClickFix Campaigns Distribute MacSync macOS Infostealer Through Fake AI Tool Installers Read More »

DRILLAPP Backdoor Targets Ukraine Using Microsoft Edge Debugging for Stealth Espionage

Cybersecurity researchers have uncovered a new cyber espionage campaign targeting organizations in Ukraine. The activity is believed to be linked to threat actors associated with Russia, according to a report from the LAB52 threat intelligence team at the Spanish security firm S2 Grupo. The operation was detected in February 2026 and appears to share similarities

DRILLAPP Backdoor Targets Ukraine Using Microsoft Edge Debugging for Stealth Espionage Read More »

Android 17 Restricts Accessibility API Access to Stop Malware Abuse

Google is currently testing a new security control in Android 17 that prevents certain applications from accessing the system’s Accessibility Services API. The feature is being introduced as part of Android Advanced Protection Mode (AAPM), a security setting designed to protect users from advanced cyber threats. The change appeared in Android 17 Beta 2, according

Android 17 Restricts Accessibility API Access to Stop Malware Abuse Read More »

OpenClaw AI Agent Vulnerabilities May Allow Prompt Injection and Data Exfiltration

China’s National Computer Network Emergency Response Technical Team (CNCERT) has issued a warning regarding security weaknesses in OpenClaw (previously known as Clawdbot and Moltbot), an open-source, self-hosted autonomous AI agent. In a WeChat post, CNCERT highlighted that OpenClaw’s “weak default security settings,” combined with its privileged system access for autonomous task execution, could be exploited

OpenClaw AI Agent Vulnerabilities May Allow Prompt Injection and Data Exfiltration Read More »

GlassWorm Supply Chain Attack Exploits 72 Open VSX Extensions to Target Developers

Cybersecurity researchers have uncovered a significant escalation in the GlassWorm malware campaign, which now leverages Open VSX extensions to compromise developer environments. The campaign abuses extension relationships to turn initially benign-looking packages into malicious delivery vehicles, targeting developers across multiple platforms. How GlassWorm Works Instead of embedding malicious code directly in every extension, the threat actor now uses extensionPack and extensionDependencies to trigger

GlassWorm Supply Chain Attack Exploits 72 Open VSX Extensions to Target Developers Read More »

Chinese Hackers Attack Southeast Asian Militaries Using AppleChris and MemFun Malware

A suspected China-based cyber espionage campaign has been targeting Southeast Asian military organizations since at least 2020, according to Palo Alto Networks Unit 42. The operation, tracked under the codename CL-STA-1087, appears to be state-backed and highly strategic. Targeted Intelligence Gathering Security researchers Lior Rochberger and Yoav Zemah report that the threat actors focused on highly specific military files rather than bulk data theft.

Chinese Hackers Attack Southeast Asian Militaries Using AppleChris and MemFun Malware Read More »

instagram logo

Meta to End Instagram End-to-End Encrypted Chat Support Starting May 2026

Meta has announced it will discontinue support for end-to-end encryption (E2EE) for Instagram direct messages after May 8, 2026. Users affected by this change will be guided on how to download media and messages they wish to keep. Updating to the latest Instagram version may be required for this process. Reason Behind the Decision Meta explained that few users opted into

Meta to End Instagram End-to-End Encrypted Chat Support Starting May 2026 Read More »