sctocs

SEC Files Charges Over $14 Million Crypto Scam Using Fake AI Themed Investment Tips

The U.S. Securities and Exchange Commission (SEC) has brought charges against several companies accused of running a large scale cryptocurrency investment scam that defrauded retail investors of more than 14 million dollars by promoting fake artificial intelligence based trading strategies. According to the SEC’s complaint, the alleged fraud involved crypto trading platforms Morocoin Tech Corp., […]

SEC Files Charges Over $14 Million Crypto Scam Using Fake AI Themed Investment Tips Read More »

Two Chrome Extensions Caught Secretly Stealing Credentials from Over 170 Websites

Cybersecurity researchers have uncovered two malicious Google Chrome extensions operating under the same name and published by the same developer, both designed to secretly intercept web traffic and steal user credentials on a massive scale. The extensions are promoted as a “multi location network speed test plug in” aimed at developers and professionals working in

Two Chrome Extensions Caught Secretly Stealing Credentials from Over 170 Websites Read More »

INTERPOL Arrests 574 Across Africa as Ukrainian Ransomware Affiliate Pleads Guilty

A large scale law enforcement operation led by INTERPOL has resulted in the arrest of 574 suspects across Africa and the recovery of approximately three million dollars, marking a significant step in the global fight against cybercrime. The month long initiative, known as Operation Sentinel, was carried out between October 27 and November 27, 2025. The

INTERPOL Arrests 574 Across Africa as Ukrainian Ransomware Affiliate Pleads Guilty Read More »

U.S. DoJ Seizes Fraud Domain Linked to 14.6 Million Dollar Bank Account Takeover Scheme

The U.S. Department of Justice (DoJ) has announced the seizure of a fraudulent web domain and its associated database that were used to support a large scale bank account takeover operation targeting American victims. According to officials, the seized domain web3adspanels[.]org functioned as a backend control panel where cybercriminals stored and managed stolen online banking credentials. Visitors

U.S. DoJ Seizes Fraud Domain Linked to 14.6 Million Dollar Bank Account Takeover Scheme Read More »

Critical n8n Flaw with CVSS 9.9 Allows Arbitrary Code Execution Across Thousands of Instances

Cybersecurity researchers have revealed a highly severe security flaw in the n8n workflow automation platform that could allow attackers to execute arbitrary code on vulnerable systems under specific conditions. The vulnerability is tracked as CVE-2025-68613 and has received a CVSS score of 9.9, placing it among the most critical software flaws disclosed this year. The issue was identified

Critical n8n Flaw with CVSS 9.9 Allows Arbitrary Code Execution Across Thousands of Instances Read More »

Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens

Cybersecurity researchers have uncovered a malicious software package hosted on the npm repository that masquerades as a fully functional WhatsApp API while secretly stealing sensitive user data and granting attackers persistent access to victims’ WhatsApp accounts. The package, called lotusbail, has been downloaded more than 56,000 times since it was published in May 2025 by

Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens Read More »

Android Malware Campaigns Combine Droppers, SMS Theft, and RAT Capabilities at Scale

Cybersecurity researchers are warning about a rapidly evolving Android malware ecosystem where threat actors are combining malicious droppers, SMS stealing functions, and full remote access capabilities to target users at scale. Recent investigations show that users in Uzbekistan are being actively targeted through fake applications that silently deploy advanced malware once installed. According to an

Android Malware Campaigns Combine Droppers, SMS Theft, and RAT Capabilities at Scale Read More »

Iranian Infy APT Resurfaces with New Malware Activity After Years of Silence

Threat intelligence researchers have identified renewed cyber activity linked to an Iranian advanced persistent threat group known as Infy, also referred to as Prince of Persia, nearly five years after the group was last observed conducting attacks in Sweden, the Netherlands, and Turkey. Security experts now believe the scope and persistence of Infy’s operations were

Iranian Infy APT Resurfaces with New Malware Activity After Years of Silence Read More »

U.S. DOJ Charges 54 Suspects in ATM Jackpotting Scheme Using Ploutus Malware

The U.S. Department of Justice (DoJ) has formally charged 54 individuals in connection with a large scale ATM jackpotting operation that caused tens of millions of dollars in losses across the United States. According to federal prosecutors, the accused were involved in a coordinated campaign that used a sophisticated malware strain known as Ploutus to

U.S. DOJ Charges 54 Suspects in ATM Jackpotting Scheme Using Ploutus Malware Read More »

Russia Linked Hackers Abuse Microsoft 365 Device Code Phishing for Account Takeovers

A suspected Russia-aligned threat group has been identified for a phishing campaign targeting Microsoft 365 users by exploiting device code authentication flows to steal credentials and conduct account takeovers. The campaign, active since September 2025, is tracked by Proofpoint under the designation UNK_AcademicFlare. Attackers have primarily targeted email accounts associated with government and military organizations,

Russia Linked Hackers Abuse Microsoft 365 Device Code Phishing for Account Takeovers Read More »