sctocs

CISA Known Exploited Vulnerabilities Catalog logo

CISA Warns of Actively Exploited Vulnerabilities in SolarWinds, Ivanti, and Workspace One

The Cybersecurity and Infrastructure Security Agency (CISA) has officially added three newly identified security vulnerabilities affecting SolarWinds, Ivanti, and Omnissa products to its Known Exploited Vulnerabilities (KEV) catalog after confirming that attackers are actively exploiting them. The KEV catalog is maintained by CISA to highlight vulnerabilities that are currently being used in real world cyber attacks, allowing organizations to prioritize patching […]

CISA Warns of Actively Exploited Vulnerabilities in SolarWinds, Ivanti, and Workspace One Read More »

Malicious npm Package Disguised as OpenClaw Installer Installs RAT and Steals macOS Credentials

Cybersecurity researchers have identified a malicious npm package that pretends to be an installer for OpenClaw but actually deploys a remote access trojan and steals sensitive information from macOS systems. The package, called @openclaw-ai/openclawai, was uploaded to the npm registry on March 3, 2026 by a user named “openclaw-ai”. Security researchers observed that the package had

Malicious npm Package Disguised as OpenClaw Installer Installs RAT and Steals macOS Credentials Read More »

UNC4899 Breached

UNC4899 Breaches Crypto Firm After Trojanized File Is AirDropped to Developer Work Device

A sophisticated cyberattack attributed to the North Korean threat group UNC4899 has reportedly compromised a cryptocurrency organization in 2025, resulting in the theft of millions of dollars worth of digital assets. The attack demonstrates how modern cyber operations combine social engineering, cloud exploitation, and supply chain style infiltration. Security researchers have linked the activity with moderate confidence

UNC4899 Breaches Crypto Firm After Trojanized File Is AirDropped to Developer Work Device Read More »

Chrome-Extension

Chrome Extension Becomes Malicious After Ownership Transfer, Allowing Code Injection and Data Theft

Cybersecurity researchers have uncovered a troubling case where two Google Chrome extensions became malicious after their ownership changed. The situation highlights a growing security threat in the browser extension ecosystem, where trusted tools can be converted into malware distribution channels. The affected extensions were originally associated with a developer using the email akshayanuonline@gmail.com, linked to the

Chrome Extension Becomes Malicious After Ownership Transfer, Allowing Code Injection and Data Theft Read More »

Web Server Exploits and Mimikatz

Attackers Use Web Server Exploits and Mimikatz to Target Asian Critical Infrastructure

High profile organizations across South Asia, Southeast Asia, and East Asia are being targeted in an ongoing cyber campaign believed to be conducted by a Chinese linked threat group. The attacks have been running for several years and primarily focus on organizations that play a critical role in national infrastructure. Security researchers from Palo Alto Networks

Attackers Use Web Server Exploits and Mimikatz to Target Asian Critical Infrastructure Read More »

Transparent Tribe Leverages AI to Mass Produce Malware Implants in Campaign Targeting India

The Pakistan-linked threat actor Transparent Tribe has adopted AI-powered coding tools to mass-produce malware implants aimed at Indian targets, including government entities and embassies abroad. According to Bitdefender, the campaign emphasizes quantity over sophistication, generating large volumes of disposable implants using niche programming languages like Nim, Zig, and Crystal while exploiting trusted services such as Slack, Discord, Supabase, and Google Sheets to

Transparent Tribe Leverages AI to Mass Produce Malware Implants in Campaign Targeting India Read More »

Multi Stage VOID#GEIST Malware Deploys XWorm, AsyncRAT, and XenoRAT

Cybersecurity researchers have uncovered a sophisticated multi-stage malware campaign, codenamed VOID#GEIST, which leverages batch scripts to deliver encrypted remote access trojans (RATs) including XWorm, AsyncRAT, and Xeno RAT. The research was published by Securonix Threat Research. At a technical level, the attack uses an obfuscated batch script to deploy a secondary batch, stage a legitimate embedded

Multi Stage VOID#GEIST Malware Deploys XWorm, AsyncRAT, and XenoRAT Read More »

Iran Linked MuddyWater Hackers Target U.S. Networks with New Dindoor Backdoor

New research from Broadcom’s Symantec and Carbon Black Threat Hunter Team reveals that an Iranian state-sponsored hacking group has infiltrated multiple U.S. organizations, including banks, airports, a non-profit, and the Israeli division of a software company. The group, known as MuddyWater (also Seedworm), operates under the Iranian Ministry of Intelligence and Security (MOIS). Analysts believe

Iran Linked MuddyWater Hackers Target U.S. Networks with New Dindoor Backdoor Read More »

Word

China Linked Hackers Deploy TernDoor, PeerTime, and BruteEntry in Attacks on South American Telecom Networks

A cyber espionage campaign linked to China has been targeting telecommunications infrastructure across South America since 2024. The attackers are focusing on Windows servers, Linux systems, and network edge devices, deploying multiple sophisticated malware implants to maintain long term access. Security researchers from Cisco Talos are monitoring this activity under the name UAT-9244, a threat cluster

China Linked Hackers Deploy TernDoor, PeerTime, and BruteEntry in Attacks on South American Telecom Networks Read More »

Microsoft-Reveals-ClickFix

Microsoft Uncovers ClickFix Campaign Leveraging Windows Terminal to Deploy Lumma Stealer

Microsoft security researchers have revealed a large scale ClickFix social engineering campaign that abuses the Windows Terminal application to execute malicious commands and ultimately deploy the Lumma Stealer malware. The campaign, detected in February 2026, introduces a new technique where attackers persuade victims to run commands inside Windows Terminal (wt.exe) instead of the commonly abused Windows Run dialog. Social Engineering Through Trusted Tools

Microsoft Uncovers ClickFix Campaign Leveraging Windows Terminal to Deploy Lumma Stealer Read More »