Sctocs, Author At SCtoCS

GhostPoster Malware Discovered in 17 Firefox Add ons with Over 50,000 Downloads

December 17, 2025

A newly identified malware campaign named GhostPoster has been uncovered abusing logo image files embedded within browser extensions to deliver malicious JavaScript code. The operation targeted users of Mozilla Firefox through at least 17 compromised add-ons that collectively recorded more than 50,000 downloads before being removed. The findings were disclosed by Koi Security, which identified […]

GhostPoster Malware Discovered in 17 Firefox Add ons with Over 50,000 Downloads Read More »

China Linked Ink Dragon Hacks Governments Using ShadowPad and FINALDRAFT Malware

December 17, 2025

A China aligned cyber espionage group tracked as Ink Dragon has intensified its operations against government organizations, with a noticeable focus on European targets since July 2025. The campaign remains active and continues to impact entities across Southeast Asia and South America. Security researchers at Check Point Research are monitoring the activity cluster, which is

China Linked Ink Dragon Hacks Governments Using ShadowPad and FINALDRAFT Malware Read More »

Compromised IAM Credentials Fuel Large AWS Crypto Mining Campaign

December 16, 2025

A large scale cryptocurrency mining campaign has been detected targeting cloud environments by abusing compromised Identity and Access Management credentials within Amazon Web Services. The operation leverages stolen IAM permissions to rapidly deploy crypto mining infrastructure across multiple AWS services. The activity was first identified on November 2, 2025, through automated threat detection systems operated

Compromised IAM Credentials Fuel Large AWS Crypto Mining Campaign Read More »

Malicious NuGet Package Posing as Tracer Fody Steals Cryptocurrency Wallet Data

December 16, 2025

Cybersecurity researchers have identified a malicious NuGet package that impersonates the popular .NET tracing library Tracer.Fody to steal cryptocurrency wallet information. The package, called “Tracer.Fody.NLog,” was uploaded by a user named “csnemess” on February 26, 2020, and has remained on the repository for nearly six years. It closely mimics the legitimate “Tracer.Fody” library maintained by

Malicious NuGet Package Posing as Tracer Fody Steals Cryptocurrency Wallet Data Read More »

Fortinet FortiGate Under Active Attack via SAML SSO Authentication Bypass

December 16, 2025

Cybersecurity researchers have confirmed active attacks on Fortinet FortiGate devices exploiting two recently disclosed authentication vulnerabilities, less than a week after they were made public. Arctic Wolf, a cybersecurity firm, reported observing malicious single sign-on (SSO) login attempts on FortiGate appliances on December 12, 2025. The attacks target two critical authentication bypass flaws, tracked as

Fortinet FortiGate Under Active Attack via SAML SSO Authentication Bypass Read More »

React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors

December 16, 2025

Cybersecurity researchers have confirmed active exploitation of a critical security flaw known as React2Shell, with threat actors using it to deploy multiple Linux based backdoors, including KSwapDoor and ZnDoor. The findings come from independent investigations conducted by Palo Alto Networks Unit 42 and NTT Security. According to Unit 42, KSwapDoor is a highly sophisticated remote

React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors Read More »

Amazon Exposes Years Long GRU Cyber Campaign Targeting Energy and Cloud Infrastructure

December 16, 2025

Amazon has released new threat intelligence findings detailing a years long cyber campaign linked to a Russian state sponsored actor that targeted Western critical infrastructure between 2021 and 2025. The activity primarily affected energy sector organizations, critical infrastructure providers in North America and Europe, and companies operating cloud hosted network environments. According to Amazon, the

Amazon Exposes Years Long GRU Cyber Campaign Targeting Energy and Cloud Infrastructure Read More »

Google to Shut Down Dark Web Monitoring Tool in February 2026

December 16, 2025

Google has confirmed that it will shut down its Dark Web report feature in February 2026, bringing an end to a service that allowed users to check whether their personal information appeared on underground online marketplaces. The decision comes less than two years after the tool was first introduced. According to the company, scans for

Google to Shut Down Dark Web Monitoring Tool in February 2026 Read More »

Featured Chrome Extension Caught Intercepting Millions of Users AI Chats

December 15, 2025

A browser extension carrying a “Featured” badge on Google Chrome has been discovered quietly collecting artificial intelligence chat conversations from millions of users. The extension, installed by more than six million people, was observed intercepting prompts and responses from popular AI platforms without clear user awareness. Security researchers revealed that the extension, Urban VPN Proxy,

Featured Chrome Extension Caught Intercepting Millions of Users AI Chats Read More »

FreePBX Fixes Critical SQL Injection, File Upload, and AUTHTYPE Bypass Flaws Leading to RCE

December 15, 2025

Cybersecurity researchers have revealed multiple serious security flaws in the open source PBX platform FreePBX, including issues that could allow attackers to bypass authentication and achieve remote code execution under specific configurations. The vulnerabilities were identified by researchers at Horizon3.ai and responsibly disclosed to the FreePBX maintainers on September 15, 2025. According to the findings,

FreePBX Fixes Critical SQL Injection, File Upload, and AUTHTYPE Bypass Flaws Leading to RCE Read More »

sctocs