sctocs

Infostealers Allow Attackers to Hijack Legitimate Business Infrastructure for Malware Hosting

Cybersecurity researchers are warning about a growing cybercrime cycle in which credentials stolen by infostealer malware are being used to compromise legitimate business websites and convert them into malware hosting platforms. According to recent findings from the Hudson Rock Threat Intelligence Team, this self reinforcing ecosystem allows attackers to repeatedly expand their infrastructure by turning […]

Infostealers Allow Attackers to Hijack Legitimate Business Infrastructure for Malware Hosting Read More »

Transparent Tribe Initiates New RAT Attacks Targeting Indian Government and Academic Institutions

Cybersecurity researchers have attributed a new wave of targeted cyber espionage activity to the threat group known as Transparent Tribe, also tracked as APT36, aimed at Indian government bodies, academic institutions, and strategically significant organizations. According to a technical analysis published by CYFIRMA, the campaign relies on deceptive delivery methods, most notably a malicious Windows shortcut (LNK)

Transparent Tribe Initiates New RAT Attacks Targeting Indian Government and Academic Institutions Read More »

Cybercriminals Exploit Google Cloud Email Feature in Multi-Stage Phishing Campaign

Cybersecurity experts have uncovered a large-scale phishing operation in which threat actors abused a legitimate Google Cloud feature to send deceptive emails that appeared to originate directly from Google infrastructure. According to findings shared by Check Point, attackers misused Google Cloud’s Application Integration service, specifically its built-in email notification capability, to distribute phishing messages from a genuine

Cybercriminals Exploit Google Cloud Email Feature in Multi-Stage Phishing Campaign Read More »

RondoDox Botnet Abuses Critical React2Shell Vulnerability to Hijack IoT Devices and Web Servers

Cybersecurity researchers have uncovered a prolonged nine-month campaign that targeted Internet of Things (IoT) devices and web applications to recruit them into a botnet named RondoDox. As of December 2025, threat actors have been observed exploiting the newly disclosed React2Shell vulnerability (CVE-2025-55182, CVSS 10.0) to gain unauthorized access to vulnerable systems, according to an analysis

RondoDox Botnet Abuses Critical React2Shell Vulnerability to Hijack IoT Devices and Web Servers Read More »

Silver Fox Targets Indian Users Using Tax-Themed Emails to Deliver ValleyRAT Malware

Cybersecurity researchers have identified a new phishing campaign targeting users in India, carried out by the China-linked threat actor known as Silver Fox. The operation uses income tax related email lures to distribute ValleyRAT, a modular remote access trojan also referred to as Winos 4.0. According to an analysis published by CloudSEK, the attack relies

Silver Fox Targets Indian Users Using Tax-Themed Emails to Deliver ValleyRAT Malware Read More »

Trust Wallet Chrome Extension Hack Drains $8.5M Through Shai-Hulud Supply Chain Attack

Trust Wallet has disclosed that a major security breach affecting its Google Chrome browser extension was the result of the second wave of the Shai-Hulud supply chain attack, identified in November 2025. The incident led to the theft of nearly $8.5 million in cryptocurrency assets, marking one of the most significant browser extension compromises in the crypto

Trust Wallet Chrome Extension Hack Drains $8.5M Through Shai-Hulud Supply Chain Attack Read More »

DarkSpectre Browser Extension Campaigns Exposed After Affecting 8.8 Million Users Worldwide

Cybersecurity researchers have uncovered a large-scale malicious browser extension operation that has affected more than 8.8 million users across Google Chrome, Microsoft Edge, and Mozilla Firefox over a period exceeding seven years. The activity has been linked to a Chinese threat actor tracked by Koi Security under the name DarkSpectre. The investigation connects two previously

DarkSpectre Browser Extension Campaigns Exposed After Affecting 8.8 Million Users Worldwide Read More »

Modified Shai-Hulud Worm Detected Testing Payload on npm Registry

Cybersecurity researchers have uncovered a new variant of the Shai-Hulud worm on the npm registry, exhibiting subtle modifications compared to the previous wave detected last month. The compromised npm package, “@vietmoney/react-big-calendar“, was originally uploaded in March 2021 by a user named “hoquocdat” and was recently updated to version 0.26.2 on December 28, 2025. Since its initial

Modified Shai-Hulud Worm Detected Testing Payload on npm Registry Read More »

CSA Warns of Critical SmarterMail Bug Allowing Remote Code Execution

The Cyber Security Agency of Singapore (CSA) has issued an urgent alert regarding a critical security flaw in SmarterTools’ SmarterMail email platform. The vulnerability, tracked as CVE-2025-52691, carries a maximum CVSS score of 10.0 and allows unauthenticated remote code execution through arbitrary file uploads. According to CSA, the flaw enables attackers to upload files of any type to

CSA Warns of Critical SmarterMail Bug Allowing Remote Code Execution Read More »

Mustang Panda Uses Signed Kernel Mode Rootkit to Load TONESHELL Backdoor

Cybersecurity researchers have uncovered a sophisticated attack by the Chinese threat actor Mustang Panda, which utilized a previously unknown kernel-mode rootkit driver to deploy the TONESHELL backdoor. The campaign, detected in mid-2025, primarily targeted government organizations in Southeast and East Asia, including Myanmar and Thailand. According to Kaspersky, the malicious driver, named ProjectConfiguration.sys, is digitally signed

Mustang Panda Uses Signed Kernel Mode Rootkit to Load TONESHELL Backdoor Read More »