sctocs

Europol flow chat

FBI and Europol Shut Down LeakBase Forum Used for Trading Stolen Credentials

International law enforcement agencies have successfully dismantled LeakBase, a notorious online marketplace widely used by cybercriminals to trade stolen credentials and hacking resources. The coordinated crackdown was led by the Federal Bureau of Investigation and Europol as part of a multinational cybercrime investigation. Authorities confirmed that the website leakbase[.]la has been seized. Visitors attempting to access the platform now encounter an official […]

FBI and Europol Shut Down LeakBase Forum Used for Trading Stolen Credentials Read More »

149 Hacktivist DDoS Attacks Strike 110 Organizations Across 16 Countries Following Middle East Conflict

A sharp escalation in hacktivist cyber activity has followed the coordinated U.S. and Israeli military campaign against Iran, known as Epic Fury and Roaring Lion. Cybersecurity analysts warn that the digital battlefield is rapidly expanding alongside physical hostilities, with distributed denial of service, DDoS, campaigns dominating the threat landscape. According to a new assessment from Radware, two hacktivist collectives,

149 Hacktivist DDoS Attacks Strike 110 Organizations Across 16 Countries Following Middle East Conflict Read More »

Coruna iOS Exploit Kit Leverages 23 Exploits in Five Attack Chains Targeting iOS 13 to 17.2.1

A newly uncovered cyber offensive framework named Coruna, also tracked as CryptoWaters, has emerged as one of the most advanced iOS exploit kits observed in recent years. According to findings released by Google, the toolkit specifically targets Apple iPhone devices running iOS versions from 13.0 through 17.2.1. Devices operating on the latest iOS releases remain

Coruna iOS Exploit Kit Leverages 23 Exploits in Five Attack Chains Targeting iOS 13 to 17.2.1 Read More »

Malicious Laravel Packages on Packagist Deliver RAT Across Windows, macOS, and Linux

Cybersecurity researchers have uncovered malicious PHP packages on Packagist that impersonate legitimate Laravel utilities while secretly deploying a cross platform remote access trojan capable of running on Windows, macOS, and Linux systems. The packages, published under the vendor namespace nhattuanbl, include: According to findings from Socket, the lara-swagger package does not directly contain malicious code. Instead,

Malicious Laravel Packages on Packagist Deliver RAT Across Windows, macOS, and Linux Read More »

APT41 Connected Silver Dragon Targets Governments with Cobalt Strike and Google Drive C2

Cybersecurity researchers have uncovered fresh details about an advanced persistent threat group known as Silver Dragon, which has been targeting government entities across Europe and Southeast Asia since at least mid 2024. According to a technical analysis published by Check Point, the group employs a mix of server exploitation and phishing attacks to gain initial access,

APT41 Connected Silver Dragon Targets Governments with Cobalt Strike and Google Drive C2 Read More »

CISA Includes Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 in KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency has added a newly disclosed VMware vulnerability to its Known Exploited Vulnerabilities catalog after reports indicated real world abuse. The flaw, tracked as CVE-2026-22719, affects Broadcom VMware Aria Operations and carries a CVSS score of 8.1, classifying it as high severity. Command Injection Risk Enables Remote Code Execution According to

CISA Includes Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 in KEV Catalog Read More »

Open Source CyberStrikeAI Used in AI Powered FortiGate Attacks Spanning 55 Countries

Google-owned researchers and independent intelligence teams have uncovered fresh details about an artificial intelligence driven campaign targeting Fortinet FortiGate devices worldwide. Investigators now confirm that the attackers relied on an open-source offensive platform known as CyberStrikeAI to automate and scale their operations. AI Tool Identified in Mass Exploitation Campaign Threat analysts at Team Cymru traced the infrastructure

Open Source CyberStrikeAI Used in AI Powered FortiGate Attacks Spanning 55 Countries Read More »

Starkiller Phishing Kit Leverages AiTM Reverse Proxy to Evade Multi Factor Authentication

Cybersecurity researchers have uncovered a powerful new phishing toolkit named Starkiller that leverages adversary in the middle technology to bypass multi factor authentication protections. The phishing suite is being promoted by a cybercrime group calling itself Jinkusu. It is marketed as a phishing as a service platform that provides subscribers with a centralized dashboard to

Starkiller Phishing Kit Leverages AiTM Reverse Proxy to Evade Multi Factor Authentication Read More »

Microsoft Alerts on OAuth Redirect Abuse Used to Deliver Malware to Government Targets

Microsoft has issued a security warning about ongoing phishing campaigns that misuse OAuth URL redirection mechanisms to bypass traditional email and browser based phishing defenses. According to the Microsoft Defender Security Research Team, the attacks primarily target government and public sector organizations. Instead of stealing authentication tokens or exploiting software vulnerabilities, the campaigns manipulate legitimate

Microsoft Alerts on OAuth Redirect Abuse Used to Deliver Malware to Government Targets Read More »

Google Confirms Active Exploitation of CVE-2026-21385 in Qualcomm Android Component

Google has confirmed that a high severity vulnerability affecting a Qualcomm open source component used in Android devices is being actively exploited in targeted attacks. The flaw, tracked as CVE-2026-21385 with a CVSS score of 7.8, impacts the Graphics component and involves a buffer over read issue that may lead to memory corruption. Qualcomm Advisory

Google Confirms Active Exploitation of CVE-2026-21385 in Qualcomm Android Component Read More »