sctocs

Researchers Null-Route More Than 550 Kimwolf and Aisuru Botnet Command Servers

Security researchers have disrupted a major botnet operation after null-routing traffic linked to more than 550 command-and-control servers tied to the AISURU and Kimwolf botnets. The takedown was carried out by Black Lotus Labs, the threat intelligence arm of Lumen Technologies, and began in early October 2025. These botnets have rapidly grown into some of the largest active malicious […]

Researchers Null-Route More Than 550 Kimwolf and Aisuru Botnet Command Servers Read More »

Hackers Abuse c-ares DLL Side-Loading to Evade Security and Deploy Malware

Cybersecurity researchers have uncovered an active malware campaign that abuses a DLL side-loading weakness in a legitimate binary linked to the open-source c-ares library. By exploiting this technique, attackers are able to bypass traditional security controls and deliver a wide range of commodity malware, including trojans, stealers, and remote access tools. How the Attack Works According to

Hackers Abuse c-ares DLL Side-Loading to Evade Security and Deploy Malware Read More »

Fortinet Patches Critical FortiSIEM Vulnerability Allowing Unauthenticated Remote Code Execution

Fortinet has released security updates to address a critical vulnerability in FortiSIEM that could allow unauthenticated attackers to execute arbitrary code on affected systems. The flaw poses a serious risk to organizations using vulnerable FortiSIEM deployments, particularly those with exposed management services. Vulnerability Overview The issue, tracked as CVE-2025-64155, carries a CVSS score of 9.4, indicating critical

Fortinet Patches Critical FortiSIEM Vulnerability Allowing Unauthenticated Remote Code Execution Read More »

PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces

Ukraine’s Computer Emergency Response Team (CERT-UA) has revealed details of a recent cyber espionage campaign targeting Ukrainian defense forces using a malware strain known as PLUGGYAPE. The attacks were observed between October and December 2025. CERT-UA has attributed the activity with medium confidence to a Russia aligned threat group tracked as Void Blizzard, also known

PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces Read More »

Long-Running Web Skimming Campaign Steals Credit Card Data From Online Checkout Pages

Cybersecurity researchers have uncovered a large scale web skimming operation that has remained active since January 2022, silently harvesting payment card data from compromised online checkout pages. The campaign targets organizations connected to major global payment networks, including American Express, Diners Club, Discover, JCB, Mastercard, and UnionPay. According to a newly published report by Silent

Long-Running Web Skimming Campaign Steals Credit Card Data From Online Checkout Pages Read More »

New Malware Campaign Spreads Remcos RAT via Multi-Stage Windows Attack

Cybersecurity analysts have uncovered a new malware operation known as SHADOW#REACTOR, which uses a stealthy, multi stage infection chain to deploy the Remcos Remote Administration Tool (RAT). The campaign is designed to establish persistent and covert control over compromised Windows systems while evading traditional detection mechanisms. According to a technical report released by Securonix researchers Akshay

New Malware Campaign Spreads Remcos RAT via Multi-Stage Windows Attack Read More »

New Advanced VoidLink Malware Targets Linux Cloud and Container Environments

Cybersecurity researchers have revealed a previously unknown and highly sophisticated Linux malware framework known as VoidLink, which is purpose built to maintain long term, covert access to cloud based infrastructures. The malware specifically targets Linux systems that form the backbone of modern cloud services and containerized environments. According to a recent analysis published by Check Point

New Advanced VoidLink Malware Targets Linux Cloud and Container Environments Read More »

Malicious Chrome Extension Steals MEXC API Keys While Posing as a Trading Tool

Cybersecurity analysts have uncovered a dangerous Google Chrome extension designed to steal API credentials from users of MEXC, a centralized cryptocurrency exchange operating in more than 170 countries. The extension disguises itself as a legitimate automated trading utility, tricking users into granting access that ultimately compromises their accounts. The extension, identified as MEXC API Automator with the

Malicious Chrome Extension Steals MEXC API Keys While Posing as a Trading Tool Read More »

ServiceNow Fixes Critical AI Platform Flaw Enabling Unauthenticated User Impersonation

ServiceNow has disclosed and patched a critical security vulnerability in its artificial intelligence platform that could have allowed unauthenticated attackers to impersonate legitimate users and perform actions on their behalf. The flaw, tracked as CVE-2025-12420 and rated 9.3 on the CVSS scale, affects components within the ServiceNow AI ecosystem. The vulnerability has been named BodySnatcher

ServiceNow Fixes Critical AI Platform Flaw Enabling Unauthenticated User Impersonation Read More »

CISA Alerts on Active Exploitation of Gogs Vulnerability Allowing Code Execution

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding the active exploitation of a serious security vulnerability affecting Gogs, a self-hosted Git service. The flaw has now been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, signaling confirmed real-world attacks. The vulnerability, tracked as CVE-2025-8110 with a CVSS score of 8.7, stems from a

CISA Alerts on Active Exploitation of Gogs Vulnerability Allowing Code Execution Read More »