sctocs

North Korean hackers use 197 npm packages to spread updated OtterCookie malware

A North Korean threat group linked to the Contagious Interview activity has continued its aggressive malware distribution by uploading 197 additional malicious packages to the npm registry since last month. Researchers at Socket confirmed that these packages have been downloaded more than 31000 times. Each of them is designed to install a modified version of […]

North Korean hackers use 197 npm packages to spread updated OtterCookie malware Read More »

Bloody Wolf expands Java based NetSupport RAT attacks in Kyrgyzstan and Uzbekistan

A growing cyber espionage campaign linked to the threat group known as Bloody Wolf has widened its reach in Central Asia as the attackers continue delivering the NetSupport RAT through deceptive Java based loaders. The campaign, which initially focused on Kyrgyzstan in June 2025, has expanded to include Uzbekistan by October 2025, according to Group

Bloody Wolf expands Java based NetSupport RAT attacks in Kyrgyzstan and Uzbekistan Read More »

Microsoft to block unauthorized scripts in Entra ID logins with 2026 CSP update

Microsoft has announced a major update to strengthen the security of Entra ID authentication. Starting in October 2026, the company will block unauthorized script injection attacks through a revised Content Security Policy (CSP) for its login platform. Enhanced Security for Entra ID Sign-Ins The CSP update will focus on the sign-in experience at login.microsoftonline[.]com, allowing

Microsoft to block unauthorized scripts in Entra ID logins with 2026 CSP update Read More »

Gainsight adds more affected customers after Salesforce security alert

Gainsight has confirmed that the recent suspicious activity involving its applications has affected more users than initially reported. The update follows a security alert issued by Salesforce regarding abnormal behavior linked to Gainsight published apps. More Customers Affected Than First Reported Salesforce originally identified three customers as impacted, but according to Gainsight, the list grew

Gainsight adds more affected customers after Salesforce security alert Read More »

RomCom deploys Mythic Agent malware via SocGholish fake update attacks

Cybersecurity researchers have discovered that the Russia-linked threat actor RomCom attempted to compromise a U.S.-based civil engineering company using a JavaScript loader known as SocGholish, delivering the sophisticated Mythic Agent malware. According to Arctic Wolf Labs researcher Jacob Faires, this marks the first observed instance of a RomCom payload being distributed via SocGholish. The campaign

RomCom deploys Mythic Agent malware via SocGholish fake update attacks Read More »

Qilin ransomware exploits South Korean MSP breach, leaking data of 28 victims

A major cyber incident has struck South Korea’s financial sector after a sophisticated supply chain attack enabled the deployment of Qilin ransomware. The intrusion unfolded through a compromised Managed Service Provider, allowing attackers to infiltrate multiple organizations simultaneously. Cybersecurity company Bitdefender reported that this operation blended the expertise of the notorious Ransomware as a Service

Qilin ransomware exploits South Korean MSP breach, leaking data of 28 victims Read More »

Chrome extension exposed for adding secret Solana transfer fees to Raydium swaps

Cybersecurity analysts have identified a malicious Chrome extension that secretly adds an unauthorized Solana transfer during Raydium swap transactions and redirects the funds to a cryptocurrency wallet controlled by an attacker. The extension, called Crypto Copilot, was released by a user known as “sjclark76” on May 7, 2024. It is marketed as a tool that

Chrome extension exposed for adding secret Solana transfer fees to Raydium swaps Read More »

FBI reports $262M in ATO fraud as AI phishing and holiday scams

The U.S Federal Bureau of Investigation (FBI) has issued a new security alert, stating that cybercriminals are increasingly impersonating financial institutions to steal money and confidential information. These activities are directly linked to a major rise in account takeover fraud, a type of cybercrime that has already caused losses exceeding two hundred sixty two million

FBI reports $262M in ATO fraud as AI phishing and holiday scams Read More »

Years of leaks from JSONFormatter and CodeBeautify have exposed thousands of passwords and API keys, creating major security risks

A new investigation has uncovered that sensitive credentials from governments, telecoms, financial institutions, and critical infrastructure have been unintentionally exposed through popular online code formatting tools such as JSONFormatter and CodeBeautify. These websites, commonly used to validate or beautify JSON and other code snippets, have become unintended repositories of private information due to users pasting

Years of leaks from JSONFormatter and CodeBeautify have exposed thousands of passwords and API keys, creating major security risks Read More »