sctocs

Fortinet Patches CVE-2026-24858 Following Active FortiOS SSO Exploitation

Fortinet has started rolling out security updates to fix a critical vulnerability in FortiOS, which has recently been actively exploited in the wild. The flaw, tracked as CVE-2026-24858 with a CVSS score of 9.4, is an authentication bypass issue linked to FortiOS single sign-on (SSO). This vulnerability also impacts FortiManager and FortiAnalyzer, while Fortinet continues to investigate potential […]

Fortinet Patches CVE-2026-24858 Following Active FortiOS SSO Exploitation Read More »

Experts Identify Pakistan Linked Cyber Campaigns Targeting Indian Government Entities

Cybersecurity researchers have uncovered two previously undocumented cyber campaigns targeting Indian government entities, attributed to a threat actor believed to be operating from Pakistan. The campaigns, identified by Zscaler ThreatLabz in September 2025, have been named Gopher Strike and Sheet Attack. According to researchers Sudeep Singh and Yin Hong Chang, the operations show overlaps with known Pakistan-linked APT activity, particularly

Experts Identify Pakistan Linked Cyber Campaigns Targeting Indian Government Entities Read More »

ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services

Cybersecurity researchers have uncovered an advanced ClickFix campaign that combines deceptive CAPTCHA prompts with a signed Microsoft Application Virtualization (App-V) script to deliver a new information stealer known as Amatera. According to findings published by Blackpoint researchers Jack Patrick and Sam Decker, the attackers deliberately avoid launching PowerShell directly. Instead, they abuse a trusted Microsoft script

ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services Read More »

Indian Users Targeted in Tax Phishing Campaign Delivering Blackmoon Malware

Cybersecurity researchers have identified an active phishing campaign targeting users in India as part of a suspected cyber espionage operation. The campaign delivers a multi-stage backdoor designed to provide long-term access, continuous surveillance, and data exfiltration from infected systems. According to the eSentire Threat Response Unit (TRU), the attackers are distributing phishing emails that impersonate

Indian Users Targeted in Tax Phishing Campaign Delivering Blackmoon Malware Read More »

Malicious VS Code AI Extensions With 1.5 Million Installs Steal Developer Source Code

Cybersecurity researchers have uncovered two malicious Microsoft Visual Studio Code extensions that present themselves as AI-powered coding assistants but secretly collect and exfiltrate developers’ source code to servers based in China. The extensions, which together have reached more than 1.5 million installs and remain available on the official Visual Studio Marketplace, are listed as ChatGPT

Malicious VS Code AI Extensions With 1.5 Million Installs Steal Developer Source Code Read More »

New Phishing Attack Abuses Vercel Hosting Platform to Deliver a Remote Access Tool

A newly identified phishing campaign active between November 2025 and January 2026 has been abusing Vercel’s legitimate hosting infrastructure to distribute remote access tools to targeted victims. By combining social engineering with trusted cloud services, the attackers have significantly increased their success rate while evading traditional security defenses. The campaign relies heavily on urgency-based phishing

New Phishing Attack Abuses Vercel Hosting Platform to Deliver a Remote Access Tool Read More »

Konni Hackers Deploy AI Generated PowerShell Backdoor Targeting Blockchain Developers

North Korea-linked threat actor Konni has been observed launching a new cyber campaign that uses an AI-generated PowerShell backdoor to target blockchain developers and engineering teams. The operation highlights an increasing use of artificial intelligence to accelerate malware development while maintaining stealth. According to Check Point Research, the phishing activity has targeted organizations and individuals

Konni Hackers Deploy AI Generated PowerShell Backdoor Targeting Blockchain Developers Read More »

Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls

Fortinet has acknowledged active exploitation targeting a FortiCloud SSO authentication bypass vulnerability, even on firewalls that have received the latest patches. The security vendor is currently working to implement a permanent fix. Fortinet’s Chief Information Security Officer, Carl Windsor, stated in a post on Thursday, “Over the past 24 hours, we have observed multiple incidents

Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls Read More »

Multi Stage Phishing Campaign Targets Russia Using Amnesia RAT and Ransomware

Cybersecurity researchers have identified a sophisticated multi-stage phishing campaign actively targeting users in Russia, delivering both ransomware and a remote access trojan known as Amnesia RAT. According to a technical analysis published by Fortinet FortiGuard Labs researcher Cara Lin, the attack chain begins with carefully crafted social engineering lures delivered through business-themed documents. These files

Multi Stage Phishing Campaign Targets Russia Using Amnesia RAT and Ransomware Read More »

CISA Adds Actively Exploited VMware vCenter Vulnerability CVE-2024-37079 to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability affecting Broadcom VMware vCenter Server to its Known Exploited Vulnerabilities (KEV) catalog, citing confirmed evidence of active exploitation in real world attacks. The flaw, tracked as CVE-2024-37079 and assigned a CVSS score of 9.8, impacts the implementation of the DCE/RPC protocol within VMware

CISA Adds Actively Exploited VMware vCenter Vulnerability CVE-2024-37079 to KEV Catalog Read More »