sctocs

JackFix spreads multiple stealers via fake Windows Update pop ups on adult sites.

A newly uncovered malware campaign is exploiting adult themed phishing sites and deceptive ClickFix style lures to trick users into executing malicious Windows commands disguised as urgent security updates. Cybersecurity researchers from Acronis have identified the activity, warning that the threat actors are using highly convincing fake Windows update screens to distribute multiple information stealers. […]

JackFix spreads multiple stealers via fake Windows Update pop ups on adult sites. Read More »

ToddyCat’s new tools steal Outlook emails and Microsoft 365 tokens, threatening users and organizations.

The threat group known as ToddyCat has introduced new techniques designed to infiltrate corporate email systems and extract sensitive data from targeted organizations. According to a technical report by Kaspersky, the group is now using a custom tool called TCSectorCopy to obtain access to Microsoft Outlook data and OAuth 2.0 tokens. Kaspersky noted that this

ToddyCat’s new tools steal Outlook emails and Microsoft 365 tokens, threatening users and organizations. Read More »

Hackers use Blender 3D assets to spread StealC V2 malware, threatening creators and users

Cybersecurity analysts have uncovered a new threat campaign in which attackers are weaponizing Blender Foundation files to distribute an upgraded version of the StealC information stealer, known as StealC V2. The activity has been ongoing for at least six months, according to Morphisec researcher Shmuel Uzan, who reported that malicious .blend files were discovered on

Hackers use Blender 3D assets to spread StealC V2 malware, threatening creators and users Read More »

CISA Alerts on Active Spyware Campaigns Targeting High Value Signal and WhatsApp Users

The United States Cybersecurity and Infrastructure Security Agency (CISA) has issued a new advisory warning that multiple threat groups are conducting active spyware operations aimed at users of secure messaging platforms, particularly Signal and WhatsApp. The agency said attackers are deploying commercial spyware and remote access trojans to breach mobile devices through targeted social engineering

CISA Alerts on Active Spyware Campaigns Targeting High Value Signal and WhatsApp Users Read More »

ShadowPad Malware Exploits a WSUS Vulnerability to Gain Full System Access

A recently addressed security flaw in Microsoft Windows Server Update Services, also known as WSUS, is being actively abused by attackers to deploy the advanced ShadowPad malware. According to a report from the AhnLab Security Intelligence Center, the threat actors used CVE 2025 59287 as the initial entry point into targeted Windows servers. Attackers Use

ShadowPad Malware Exploits a WSUS Vulnerability to Gain Full System Access Read More »

Chinese DeepSeek R1 AI Produces Insecure Code When Prompts Reference Tibet or Uyghurs

A new investigation by CrowdStrike has uncovered that DeepSeek R1, a reasoning model developed by the Chinese company DeepSeek, generates significantly more insecure code when prompts include topics considered politically sensitive by China. The researchers noted that the model introduces severe security flaws up to fifty percent more frequently whenever such trigger terms appear. Sensitive

Chinese DeepSeek R1 AI Produces Insecure Code When Prompts Reference Tibet or Uyghurs Read More »

New Fluent Bit Vulnerabilities Expose Cloud Systems to RCE and Stealthy Infrastructure Intrusions

Cybersecurity analysts have identified five significant vulnerabilities in Fluent Bit, a widely used open source telemetry agent. These flaws can be combined to compromise cloud environments and potentially give attackers full control over infrastructure. Oligo Security shared the findings, noting that the weaknesses allow authentication bypass, path traversal, remote code execution, service disruption, and tag

New Fluent Bit Vulnerabilities Expose Cloud Systems to RCE and Stealthy Infrastructure Intrusions Read More »

Second Sha1 Hulud Wave Impacts More Than 25,000 Repositories Through npm Preinstall Credential Theft

A new supply chain attack has been identified across the npm ecosystem, marking a second wave of activity similar to the earlier Shai Hulud incident. Security companies report that thousands of repositories and hundreds of npm packages were compromised between November 21 and 23, 2025. The latest campaign has been named Sha1 Hulud and involves

Second Sha1 Hulud Wave Impacts More Than 25,000 Repositories Through npm Preinstall Credential Theft Read More »

Critical Azure Bastion Flaw Allowed Attackers to Bypass Authentication and Escalate Privileges

A newly identified flaw in Azure Bastion, tracked as CVE 2025 49752, presents a serious security risk for organizations depending on the service for secure remote access. The vulnerability allows remote attackers to bypass authentication controls and escalate privileges to the administrative level. Since Azure Bastion is widely used to manage cloud based virtual machines,

Critical Azure Bastion Flaw Allowed Attackers to Bypass Authentication and Escalate Privileges Read More »

China Linked APT31 Conducts Stealthy Cyberattacks on Russian IT via Cloud Services

A long running cyber espionage operation linked to the China based advanced persistent threat group APT31 has quietly infiltrated multiple Russian information technology companies between 2024 and 2025. According to researchers Daniil Grigoryan and Varvara Koloskova from Positive Technologies, the attackers focused on contractors and integrators that provide services to Russian government agencies, remaining unnoticed

China Linked APT31 Conducts Stealthy Cyberattacks on Russian IT via Cloud Services Read More »