sctocs

Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deliver NetSupport RAT

A newly identified cyber campaign called JS#SMUGGLER is gaining attention after researchers observed attackers using compromised websites to distribute NetSupport RAT, a remote access tool capable of giving full control over victim devices. Security analysts from Securonix reported that the operation relies on several coordinated components including an obfuscated JavaScript loader, an HTML Application (HTA) […]

Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deliver NetSupport RAT Read More »

MuddyWater Uses UDPGangster Backdoor in Targeted Campaign Across Turkey, Israel, and Azerbaijan

In a newly identified cyber espionage operation, the Iranian aligned group MuddyWater has been found using a previously unknown backdoor named UDPGangster. The malware relies on the User Datagram Protocol (UDP) to manage command and control traffic, a choice that helps attackers avoid traditional network monitoring defenses. Security analysts at Fortinet FortiGuard Labs report that

MuddyWater Uses UDPGangster Backdoor in Targeted Campaign Across Turkey, Israel, and Azerbaijan Read More »

Android Malware FvncBot, SeedSnatcher, and ClayRat Now Feature Enhanced Data Theft Capabilities

Cybersecurity analysts have uncovered significant updates in multiple Android threat campaigns. Two newly identified malware families, named FvncBot and SeedSnatcher, have come to light, while researchers also report an upgraded strain of ClayRat circulating in active attacks. These findings were published by Intel 471, CYFIRMA, and Zimperium. FvncBot Targets Polish Banking Users With Advanced Fraud

Android Malware FvncBot, SeedSnatcher, and ClayRat Now Feature Enhanced Data Theft Capabilities Read More »

Sneeit WordPress RCE Exploited in the Wild, and ICTBroadcast Bug Powering Frost Botnet Attacks

A severe security weakness found in the Sneeit Framework plugin for WordPress is currently being abused across live sites, based on information shared by Wordfence. The flaw, tracked as CVE-2025-6389 with a CVSS rating of 9.8, affects every version up to 8.3. Developers fixed the issue in version 8.4 released on August 5, 2025. The

Sneeit WordPress RCE Exploited in the Wild, and ICTBroadcast Bug Powering Frost Botnet Attacks Read More »

Researchers Find More Than 30 Flaws in AI Coding Tools Allowing Data Theft and RCE Attacks

Security analysts have uncovered more than 30 vulnerabilities across several artificial intelligence powered Integrated Development Environments that blend prompt injection weaknesses with trusted development features. These issues enable information theft and remote code execution. The combined flaws have been named IDEsaster by security researcher Ari Marzouk, also known as MaccariTA. The findings affect a wide

Researchers Find More Than 30 Flaws in AI Coding Tools Allowing Data Theft and RCE Attacks Read More »

Critical React2Shell Flaw Added to CISA KEV After Active Exploitation Confirmed

The United States Cybersecurity and Infrastructure Security Agency  (CISA) has officially added a severe security flaw in React Server Components to its Known Exploited Vulnerabilities (KEV) catalog following confirmed exploitation attempts in live environments. React2Shell Classified as a Maximum Severity Threat The vulnerability is tracked as CVE-2025-55182 with a CVSS score of 10.0. It involves a remote

Critical React2Shell Flaw Added to CISA KEV After Active Exploitation Confirmed Read More »

Zero Click Agentic Browser Attack Can Wipe Entire Google Drive Through Crafted Emails

A new agent based browser attack has been discovered in Perplexity’s Comet browser, and researchers from Straiker STAR Labs warn that it can turn a harmless looking email into a destructive command that erases all files stored in a user’s Google Drive account. The method is known as the Zero Click Google Drive Wiper technique.

Zero Click Agentic Browser Attack Can Wipe Entire Google Drive Through Crafted Emails Read More »

Chinese Hackers Begin Exploiting the Newly Revealed React2Shell Vulnerability

Two China linked hacking groups have started weaponizing the newly revealed React Server Components vulnerability within hours of its public disclosure. The security flaw, tracked as CVE-2025-55182 with a maximum CVSS score of 10.0, allows unauthenticated remote code execution and has been patched in React versions 19.0.1, 19.1.2, and 19.2.1. AWS Detects Rapid Exploitation Attempts

Chinese Hackers Begin Exploiting the Newly Revealed React2Shell Vulnerability Read More »

CISA Reports Chinese Hackers Leveraging BRICKSTORM for Persistent U.S. System Access

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed the use of a sophisticated backdoor, BRICKSTORM, by state-sponsored Chinese threat actors to maintain long-term access to compromised systems across the United States. CISA described BRICKSTORM as a highly advanced implant designed for VMware vSphere and Windows environments. It allows attackers to gain stealthy access,

CISA Reports Chinese Hackers Leveraging BRICKSTORM for Persistent U.S. System Access Read More »

JPCERT Confirms Active Command Injection Attacks Targeting Array AG Gateways

JPCERT/CC has confirmed that a command injection vulnerability in Array Networks AG Series secure access gateways has been actively exploited since August 2025. The alert, released this week, warns organizations to take immediate protective measures. The vulnerability, which has not yet received a CVE identifier, was addressed by Array Networks on May 11, 2025. It

JPCERT Confirms Active Command Injection Attacks Targeting Array AG Gateways Read More »