sctocs

CISA Updates KEV Catalog to Include Four Actively Exploited Software Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog by adding four software security flaws that are confirmed to be actively exploited in real world attacks. CISA stated that these additions are based on verified evidence of exploitation, highlighting an increased risk to both public and private sector […]

CISA Updates KEV Catalog to Include Four Actively Exploited Software Vulnerabilities Read More »

Microsoft Flags Multi-Stage AitM Phishing and BEC Attacks Targeting Energy Firms

Microsoft has issued an alert regarding a sophisticated multi-stage adversary-in-the-middle (AitM) phishing campaign combined with business email compromise (BEC) activity, primarily targeting organizations operating in the energy sector. According to the Microsoft Defender Security Research Team, the attackers exploited SharePoint file-sharing services to distribute phishing content while creating inbox rules to remain persistent and avoid

Microsoft Flags Multi-Stage AitM Phishing and BEC Attacks Targeting Energy Firms Read More »

Phishing Attack Uses Stolen Credentials to Install LogMeIn RMM for Persistent Access

Cybersecurity experts have revealed a sophisticated dual-phase phishing campaign that uses stolen login credentials to install legitimate Remote Monitoring and Management (RMM) software, giving attackers long-term control over compromised systems. According to researchers at KnowBe4 Threat Labs, Jeewan Singh Jalal, Prabhakaran Ravichandhiran, and Anand Bodke, attackers are now bypassing traditional security defenses by leveraging trusted

Phishing Attack Uses Stolen Credentials to Install LogMeIn RMM for Persistent Access Read More »

New Osiris Ransomware Strain Uses POORTRY Driver in BYOVD Attacks

Cybersecurity researchers have uncovered a new ransomware strain called Osiris, which targeted a major food service franchise operator in Southeast Asia in November 2025. The attack demonstrates advanced techniques, including the use of a malicious driver named POORTRY in a bring your own vulnerable driver (BYOVD) attack to disable security software. Osiris: A Brand-New Ransomware Strain Osiris is a completely

New Osiris Ransomware Strain Uses POORTRY Driver in BYOVD Attacks Read More »

Critical GNU InetUtils telnetd Vulnerability Allows Login Bypass and Root Access

A severe security vulnerability has been disclosed in the GNU InetUtils telnet daemon (telnetd) that has remained unnoticed for nearly 11 years. The flaw allows remote attackers to bypass authentication and gain root access on affected systems. Vulnerability Overview The flaw, tracked as CVE-2026-24061, carries a CVSS score of 9.8/10. It impacts all GNU InetUtils versions from 1.9.3 through

Critical GNU InetUtils telnetd Vulnerability Allows Login Bypass and Root Access Read More »

Malicious PyPI Package Masquerades as SymPy and Deploys XMRig Miner on Linux Hosts

A newly identified malicious package hosted on the Python Package Index (PyPI) has been caught impersonating the widely used SymPy library to deploy harmful payloads on Linux machines. The campaign highlights the growing risk of supply chain attacks targeting developers through trusted open source repositories. Fake Development Package Targets Python Users The malicious package, named sympy-dev,

Malicious PyPI Package Masquerades as SymPy and Deploys XMRig Miner on Linux Hosts Read More »

SmarterMail Authentication Bypass Actively Exploited Just Two Days After Patch Release

A newly discovered security vulnerability in SmarterTools SmarterMail email software is being actively exploited in real world attacks only two days after a fix was released. The rapid exploitation has raised concerns about patch awareness, disclosure practices, and the exposure of email infrastructure to credential takeover and remote code execution. Authentication Bypass Identified and Patched

SmarterMail Authentication Bypass Actively Exploited Just Two Days After Patch Release Read More »

Automated FortiGate Attacks Abuse FortiCloud SSO to Modify Firewall Configurations

Cybersecurity firm Arctic Wolf has issued a warning about a newly identified wave of automated malicious activity targeting Fortinet FortiGate devices. The campaign involves unauthorized changes to firewall configurations by abusing the FortiCloud single sign on feature, raising concerns for organizations relying on FortiGate appliances for perimeter security. Automated Activity Observed Since Mid January According

Automated FortiGate Attacks Abuse FortiCloud SSO to Modify Firewall Configurations Read More »

Cisco Patches Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex

Cisco has released emergency security updates to address a critical zero day vulnerability affecting several Unified Communications products and Webex Calling Dedicated Instance. The flaw, tracked as CVE-2026-20045, has been confirmed as actively exploited in real world attacks, prompting urgent action from organizations using impacted systems. Critical Zero Day Allows Remote Command Execution The vulnerability

Cisco Patches Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex Read More »

North Korean PurpleBravo Campaign Targets 3,136 IP Addresses Using Fake Job Interviews

Recorded Future’s Insikt Group has uncovered that the North Korean-linked PurpleBravo campaign targeted 3,136 IP addresses connected to potential victims across multiple industries, including artificial intelligence, cryptocurrency, financial services, IT services, marketing, and software development. The campaign, also known under aliases such as CL-STA-0240, DeceptiveDevelopment, DEV#POPPER, Famous Chollima, Gwisin Gang, Tenacious Pungsan, UNC5342, Void Dokkaebi, and WaterPlum, has been active since

North Korean PurpleBravo Campaign Targets 3,136 IP Addresses Using Fake Job Interviews Read More »