sctocs

Lazarus APT’s Remote-Worker Operations Caught Live on Camera

A collaborative investigation led by Mauro Eldritch, founder of BCA LTD, alongside NorthScan and ANY.RUN, has unveiled one of North Korea’s most persistent infiltration tactics: a network of remote IT workers linked to the Lazarus Group’s Famous Chollima division. For the first time, researchers observed the operators live, capturing their activity on what they believed […]

Lazarus APT’s Remote-Worker Operations Caught Live on Camera Read More »

GlassWorm Resurfaces With 24 Malicious Extensions Masquerading as Popular Developer Tools

The notorious supply chain threat, GlassWorm, has resurfaced, targeting developers by infiltrating both the Microsoft Visual Studio Marketplace and Open VSX with 24 malicious extensions. These extensions impersonate widely-used developer frameworks and tools, including Flutter, React, Tailwind, Vim, and Vue. Originally documented in October 2025, GlassWorm uses the Solana blockchain to manage command-and-control operations, harvest

GlassWorm Resurfaces With 24 Malicious Extensions Masquerading as Popular Developer Tools Read More »

Malicious npm Package Uses Hidden Prompt and Script to Bypass AI Security Tools

Cybersecurity researchers have uncovered a malicious npm package designed to manipulate AI-driven security scanners and steal sensitive data. The package, eslint-plugin-unicorn-ts-2, pretends to be a TypeScript extension of the popular ESLint plugin. It was published in February 2024 by a user named “hamburgerisland” and has been downloaded nearly 19,000 times. The package is still available.

Malicious npm Package Uses Hidden Prompt and Script to Bypass AI Security Tools Read More »

Iran Linked Hackers Hit Israeli Sectors With New MuddyViper Backdoor

Israeli organizations across academia, engineering, local government, manufacturing, technology, transportation, and utilities have become targets of a sophisticated campaign by Iranian-linked hackers deploying a new backdoor called MuddyViper. ESET attributed the attacks to the MuddyWater group, also known as Mango Sandstorm or TA450, linked to Iran’s Ministry of Intelligence and Security (MOIS). One Egyptian technology

Iran Linked Hackers Hit Israeli Sectors With New MuddyViper Backdoor Read More »

Google Fixes 107 Android Flaws Including Two Actively Exploited Framework Bugs

Google has released its latest monthly security updates for the Android operating system, delivering fixes for 107 vulnerabilities found across key system components. The update covers issues in Framework, System, Kernel, and modules from Arm, Imagination Technologies, MediaTek, Qualcomm, and Unison. Two High Severity Bugs Exploited in Real World Attacks The company confirmed that two

Google Fixes 107 Android Flaws Including Two Actively Exploited Framework Bugs Read More »

ShadyPanda Converts Popular Browser Extensions With 4.3 M of Installs Into Spyware

A long running operation linked to the threat actor ShadyPanda has been exposed for converting widely installed browser extensions into surveillance tools. The campaign has reportedly been active for about seven years and has accumulated more than 4.3 million installs. According to Koi Security, five extensions that originally functioned as legitimate utilities were altered in

ShadyPanda Converts Popular Browser Extensions With 4.3 M of Installs Into Spyware Read More »

New Albiriox MaaS Malware Hits Over 400 Apps With Fraud and Screen Control

A newly advertised Android malware called Albiriox has surfaced as a powerful malware as a service [MaaS] platform, offering attackers a broad toolkit designed for on device fraud, remote interaction, and advanced screen manipulation. Security analysts report that Albiriox is rapidly gaining traction within cybercrime forums because of its extensive capabilities and its ability to

New Albiriox MaaS Malware Hits Over 400 Apps With Fraud and Screen Control Read More »

Tomiris uses public service based implants for stealthier C2 in attacks on government targets

A new wave of cyber attacks linked to the threat actor known as Tomiris has been identified targeting foreign ministries, intergovernmental bodies, and government institutions inside Russia. According to researchers, the actor aims to gain remote access inside sensitive networks and deploy additional malicious tools for long term operations. Kaspersky analysts Oleg Kupreev and Artem

Tomiris uses public service based implants for stealthier C2 in attacks on government targets Read More »

CISA adds actively exploited XSS flaw CVE-2021-26829 in OpenPLC ScadaBR to KEV list

The United States Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog by adding a  cross-site scripting flaw that affects OpenPLC ScadaBR on both Windows and Linux systems. The decision follows confirmed evidence that the vulnerability is being actively used by attackers. The flaw, tracked as CVE-2021-26829  with a CVSS

CISA adds actively exploited XSS flaw CVE-2021-26829 in OpenPLC ScadaBR to KEV list Read More »

Legacy Python bootstrap scripts create domain takeover risk in several PyPI packages

Cybersecurity researchers have identified insecure legacy code inside several Python packages that could allow attackers to compromise the Python Package Index (PyPI) through a domain takeover scenario. ReversingLabs reported that the issue originates from old bootstrap scripts associated with a build and deployment tool known as zc.buildout. According to researcher Vladimir Pezo, these bootstrap files

Legacy Python bootstrap scripts create domain takeover risk in several PyPI packages Read More »