sctocs

Modified Shai-Hulud Worm Detected Testing Payload on npm Registry

Cybersecurity researchers have uncovered a new variant of the Shai-Hulud worm on the npm registry, exhibiting subtle modifications compared to the previous wave detected last month. The compromised npm package, “@vietmoney/react-big-calendar“, was originally uploaded in March 2021 by a user named “hoquocdat” and was recently updated to version 0.26.2 on December 28, 2025. Since its initial […]

Modified Shai-Hulud Worm Detected Testing Payload on npm Registry Read More »

CSA Warns of Critical SmarterMail Bug Allowing Remote Code Execution

The Cyber Security Agency of Singapore (CSA) has issued an urgent alert regarding a critical security flaw in SmarterTools’ SmarterMail email platform. The vulnerability, tracked as CVE-2025-52691, carries a maximum CVSS score of 10.0 and allows unauthenticated remote code execution through arbitrary file uploads. According to CSA, the flaw enables attackers to upload files of any type to

CSA Warns of Critical SmarterMail Bug Allowing Remote Code Execution Read More »

Mustang Panda Uses Signed Kernel Mode Rootkit to Load TONESHELL Backdoor

Cybersecurity researchers have uncovered a sophisticated attack by the Chinese threat actor Mustang Panda, which utilized a previously unknown kernel-mode rootkit driver to deploy the TONESHELL backdoor. The campaign, detected in mid-2025, primarily targeted government organizations in Southeast and East Asia, including Myanmar and Thailand. According to Kaspersky, the malicious driver, named ProjectConfiguration.sys, is digitally signed

Mustang Panda Uses Signed Kernel Mode Rootkit to Load TONESHELL Backdoor Read More »

27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials

Cybersecurity researchers have uncovered a sustained and carefully targeted spear‑phishing operation that abused the npm package ecosystem as a delivery platform for credential theft. According to findings published by Socket, the campaign involved the upload of 27 malicious npm packages using six different publisher aliases. Rather than infecting systems directly, the attackers repurposed npm package hosting and content

27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials Read More »

Trust Wallet Chrome Extension Breach Leads to 7 Million Dollar Crypto Loss via Malicious Code

Trust Wallet has issued an urgent advisory asking users to update its Google Chrome browser extension after confirming a security incident that resulted in cryptocurrency losses totaling approximately $7 million. The breach specifically affected Trust Wallet Chrome Extension version 2.68, while users who upgraded to version 2.69 are no longer at risk. According to the

Trust Wallet Chrome Extension Breach Leads to 7 Million Dollar Crypto Loss via Malicious Code Read More »

China Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware

A China-linked advanced persistent threat group has been linked to a sophisticated cyber espionage campaign that relied on Domain Name System (DNS) poisoning to distribute the MgBot backdoor. The attacks targeted selected victims across Türkiye, China, and India, according to new findings from Kaspersky. Kaspersky researchers observed the activity between November 2022 and November 2024

China Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware Read More »

Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability

Fortinet has reported active abuse of a long-standing security vulnerability in FortiOS SSL VPN that allows bypassing two-factor authentication (2FA) under specific configurations. The flaw, tracked as CVE-2020-12812 with a CVSS score of 5.2, arises due to improper authentication handling that lets users log in without being prompted for the second authentication factor if the

Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability Read More »

CISA Flags Actively Exploited Digiever NVR Vulnerability Enabling RCE

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability affecting Digiever DS-2105 Pro network video recorders (NVRs) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active attacks. The flaw, identified as CVE-2023-52163 with a CVSS score of 8.8, allows post-authentication remote code execution through a command injection vulnerability.

CISA Flags Actively Exploited Digiever NVR Vulnerability Enabling RCE Read More »

New MacSync macOS Stealer Uses Signed App to Bypass Apple Gatekeeper

Cybersecurity experts have identified a new variant of the MacSync macOS information stealer that uses a digitally signed and notarized Swift application to bypass Apple’s Gatekeeper protections. The malware is disguised as a messaging app installer, fooling users into installing it. According to Jamf researcher Thijs Xhaflaire, unlike earlier MacSync variants that relied on drag-to-terminal

New MacSync macOS Stealer Uses Signed App to Bypass Apple Gatekeeper Read More »

Nomani Investment Scam Jumps 62% Using AI Deepfake Ads on Social Media

The fraudulent investment scheme known as Nomani has surged by 62%, as cyber researchers from ESET report, with campaigns spreading beyond Facebook to platforms like YouTube.Slovak cybersecurity firm ESET revealed that it blocked over 64,000 unique URLs linked to this scam in 2025. Most of the detections came from countries including Czechia, Japan, Slovakia, Spain,

Nomani Investment Scam Jumps 62% Using AI Deepfake Ads on Social Media Read More »