sctocs

Microsoft Warns That Misconfigured Email Routing Can Enable Internal Domain Phishing

Microsoft has issued a warning that threat actors are exploiting misconfigured email routing and weak spoofing protections to carry out phishing attacks that appear to originate from within an organization’s own domain. According to the Microsoft Threat Intelligence team, attackers are abusing these routing weaknesses to deliver phishing emails that impersonate internal communications. These messages […]

Microsoft Warns That Misconfigured Email Routing Can Enable Internal Domain Phishing Read More »

Unpatched Firmware Vulnerability Leaves TOTOLINK EX200 Open to Full Remote Device Takeover

The CERT Coordination Center (CERT/CC) has issued a security advisory detailing a serious unpatched vulnerability affecting the TOTOLINK EX200 wireless range extender, which could allow a remote attacker to gain complete control over the device. The vulnerability, tracked as CVE-2025-65606, originates from improper error handling within the device’s firmware upload mechanism. Although no CVSS score has been

Unpatched Firmware Vulnerability Leaves TOTOLINK EX200 Open to Full Remote Device Takeover Read More »

Two Chrome Extensions Found Stealing ChatGPT and DeepSeek Chats from 900,000 Users

Cybersecurity researchers have identified two malicious Chrome extensions that secretly collect user conversations from OpenAI ChatGPT and DeepSeek, along with browsing data, sending it to servers controlled by attackers. Together, these extensions have been installed by over 900,000 users worldwide. Identified Malicious Extensions The extensions are: These discoveries follow the earlier detection of Urban VPN

Two Chrome Extensions Found Stealing ChatGPT and DeepSeek Chats from 900,000 Users Read More »

Fake Booking Emails Lure Hotel Staff to BSoD-Themed Pages Delivering DCRat Malware

Cybersecurity experts have uncovered a new phishing campaign targeting the European hospitality industry, where hotel staff are deceived through fake Booking.com emails that lead to malicious software installation. The operation, tracked under the name PHALT#BLYX, relies on deceptive ClickFix style techniques combined with fake system error messages. Researchers from cybersecurity firm Securonix reported that the campaign

Fake Booking Emails Lure Hotel Staff to BSoD-Themed Pages Delivering DCRat Malware Read More »

Critical AdonisJS Bodyparser Vulnerability (CVSS 9.2) Allows Arbitrary File Write on Servers

Users of the @adonisjs/bodyparser npm package are being urged to update immediately after the disclosure of a critical security vulnerability that could allow remote attackers to write arbitrary files on affected servers. The issue is tracked as CVE-2026-21440 and carries a CVSS score of 9.2, indicating high severity. According to project maintainers, the flaw stems from a path traversal vulnerability within AdonisJS’s

Critical AdonisJS Bodyparser Vulnerability (CVSS 9.2) Allows Arbitrary File Write on Servers Read More »

Russia-Aligned Hackers Exploit Viber to Target Ukrainian Military and Government Entities

A Russia aligned cyber threat group tracked as UAC-0184 has been observed abusing the Viber messaging platform to conduct targeted attacks against Ukrainian military and government organizations. The activity was detailed in a new technical report released by the 360 Threat Intelligence Center. Researchers stated that the group has maintained a high operational tempo throughout 2025, focusing

Russia-Aligned Hackers Exploit Viber to Target Ukrainian Military and Government Entities Read More »

Kimwolf Android Botnet Infects Over 2 Million Devices Through Exposed ADB and Proxy Networks

Cybersecurity researchers have uncovered large scale activity linked to an Android botnet known as Kimwolf, which has compromised more than two million devices by abusing exposed Android Debug Bridge (ADB) services and tunneling through residential proxy networks. The findings were revealed in a recent analysis by Synthient. According to researchers, threat actors operating the Kimwolf botnet

Kimwolf Android Botnet Infects Over 2 Million Devices Through Exposed ADB and Proxy Networks Read More »

New VVS Stealer Malware Targets Discord Accounts Using Obfuscated Python Code

Cybersecurity researchers have uncovered a new Python based information stealing malware known as VVS Stealer, also referred to as VVS $tealer, which is actively targeting Discord users by harvesting account credentials and authentication tokens. According to an analysis published by Palo Alto Networks Unit 42, this stealer has been circulating in underground Telegram channels since at least

New VVS Stealer Malware Targets Discord Accounts Using Obfuscated Python Code Read More »

Infostealers Allow Attackers to Hijack Legitimate Business Infrastructure for Malware Hosting

Cybersecurity researchers are warning about a growing cybercrime cycle in which credentials stolen by infostealer malware are being used to compromise legitimate business websites and convert them into malware hosting platforms. According to recent findings from the Hudson Rock Threat Intelligence Team, this self reinforcing ecosystem allows attackers to repeatedly expand their infrastructure by turning

Infostealers Allow Attackers to Hijack Legitimate Business Infrastructure for Malware Hosting Read More »

Transparent Tribe Initiates New RAT Attacks Targeting Indian Government and Academic Institutions

Cybersecurity researchers have attributed a new wave of targeted cyber espionage activity to the threat group known as Transparent Tribe, also tracked as APT36, aimed at Indian government bodies, academic institutions, and strategically significant organizations. According to a technical analysis published by CYFIRMA, the campaign relies on deceptive delivery methods, most notably a malicious Windows shortcut (LNK)

Transparent Tribe Initiates New RAT Attacks Targeting Indian Government and Academic Institutions Read More »