sctocs

Black Basta Ransomware Leader Added to EU Most Wanted List and INTERPOL Red Notice

Law enforcement authorities in Ukraine and Germany have identified two Ukrainian nationals suspected of supporting the Russia linked Black Basta ransomware as a service operation. Officials also confirmed that the alleged leader of the group has now been placed on both the European Union Most Wanted list and INTERPOL Red Notice database. The suspect has been named as Oleg Evgenievich Nefedov, a 35 […]

Black Basta Ransomware Leader Added to EU Most Wanted List and INTERPOL Red Notice Read More »

GootLoader Malware Uses 500-1,000 Concatenated ZIP Archives to Evade Detection

Security researchers have identified a new evasion technique used by the GootLoader JavaScript malware, in which attackers rely on malformed ZIP files created by combining hundreds of compressed archives into a single payload to avoid analysis and detection. According to Expel security researcher Aaron Walton, the threat actor deliberately creates corrupted ZIP archives as an anti

GootLoader Malware Uses 500-1,000 Concatenated ZIP Archives to Evade Detection Read More »

Five Malicious Chrome Extensions Masquerade as Workday and NetSuite to Hijack Accounts

Cybersecurity researchers have identified five malicious Google Chrome extensions designed to mimic HR and ERP platforms such as Workday, NetSuite, and SuccessFactors, enabling attackers to hijack victim accounts. “These extensions operate together to steal authentication tokens, disable incident response features, and enable full account takeover via session hijacking,” said Socket researcher Kush Pandya in a

Five Malicious Chrome Extensions Masquerade as Workday and NetSuite to Hijack Accounts Read More »

LOTUSLITE Backdoor Targets U.S. Policy Entities Through Venezuela-Themed Spear Phishing

Cybersecurity researchers have revealed a new malware campaign aimed at U.S. government and policy organizations, using politically themed lures to deliver a backdoor called LOTUSLITE. The campaign exploits geopolitical tensions between the U.S. and Venezuela. Attackers distributed a ZIP archive named “US now deciding what’s next for Venezuela.zip”, which contains a malicious DLL. This DLL is executed

LOTUSLITE Backdoor Targets U.S. Policy Entities Through Venezuela-Themed Spear Phishing Read More »

China-Linked APT Exploits Sitecore Zero-Day in Critical Infrastructure Attacks

A threat actor assessed to be linked with China has been observed conducting cyber intrusions against critical infrastructure organizations in North America since at least last year. The activity was identified by Cisco Talos, which is tracking the campaign under the designation UAT 8837. Based on tactical similarities with previously documented operations, Talos assessed with

China-Linked APT Exploits Sitecore Zero-Day in Critical Infrastructure Attacks Read More »

Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways

Cisco has released security updates to address a critical remote code execution vulnerability affecting Cisco AsyncOS Software used in Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. The patches arrive nearly one month after Cisco confirmed that the flaw was actively exploited as a zero day by a China linked advanced persistent

Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways Read More »

AWS CodeBuild Misconfiguration Exposed GitHub Repositories to Potential Supply Chain Attacks

Cloud security researchers have revealed that a critical misconfiguration in AWS CodeBuild could have allowed attackers to fully compromise Amazon Web Services owned GitHub repositories, including the widely used AWS JavaScript SDK. The issue created a potential pathway for large scale supply chain attacks that could have impacted countless AWS customers. The vulnerability, named CodeBreach by cloud security firm Wiz,

AWS CodeBuild Misconfiguration Exposed GitHub Repositories to Potential Supply Chain Attacks Read More »

Critical WordPress Modular DS Plugin Vulnerability Actively Exploited to Gain Admin Access

Security researchers have confirmed active exploitation of a critical vulnerability affecting the Modular DS WordPress plugin, allowing attackers to gain administrator level access without authentication. The issue has been disclosed by WordPress security firm Patchstack and is already being abused in real world attacks. The vulnerability is tracked as CVE-2026-23550 and carries a maximum CVSS

Critical WordPress Modular DS Plugin Vulnerability Actively Exploited to Gain Admin Access Read More »

Researchers Disclose Reprompt Attack Enabling One-Click Data Exfiltration From Microsoft Copilot

Cybersecurity researchers have uncovered a new attack technique named Reprompt that allows threat actors to silently extract sensitive information from AI chatbots such as Microsoft Copilot with just a single click. The attack operates without requiring plugins, user interaction, or visible prompts, creating a serious blind spot for enterprise security controls. According to Varonis security researcher Dolev

Researchers Disclose Reprompt Attack Enabling One-Click Data Exfiltration From Microsoft Copilot Read More »

Microsoft Legal Action Disrupts RedVDS Cybercrime Infrastructure Behind Online Fraud

Microsoft has successfully taken legal measures in the U.S. and U.K. to dismantle RedVDS, a subscription-based cybercrime service that enabled criminals to carry out widespread online fraud. The action included seizing domains redvds[.]com, redvds[.]pro, and vdspanel[.]space, effectively taking the illegal service offline. RedVDS allowed threat actors to access cheap, disposable virtual computers for as little as $24 per month,

Microsoft Legal Action Disrupts RedVDS Cybercrime Infrastructure Behind Online Fraud Read More »