sctocs

North Korea-Linked Hackers Distribute Over 1,700 Malicious Packages Across npm, PyPI, Go, and Rust Ecosystems

A large-scale software supply chain attack linked to North Korean threat actors has been uncovered, involving the of more than 1,700 malicious packages across multiple developer ecosystems, including npm, PyPI, Go, Rust, and Packagist. The campaign, tracked as Contagious Interview, demonstrates a coordinated effort to infiltrate developer environments by disguising malware as legitimate development tools. […]

North Korea-Linked Hackers Distribute Over 1,700 Malicious Packages Across npm, PyPI, Go, and Rust Ecosystems Read More »

Iran-Linked Hackers Target Internet-Exposed PLCs to Disrupt U.S. Critical Infrastructure

Cybersecurity authorities have issued warnings about a surge in attacks by Iran-linked threat actors targeting operational technology systems in the United States. These attacks are focused on internet-accessible industrial devices, particularly programmable logic controllers (PLCs), which are widely used in critical infrastructure environments. According to alerts from the Federal Bureau of Investigation (FBI), these intrusions have

Iran-Linked Hackers Target Internet-Exposed PLCs to Disrupt U.S. Critical Infrastructure Read More »

Russian APT28 Exploits SOHO Routers in Global DNS Hijacking and Cyber Espionage Campaign

A sophisticated cyber espionage campaign linked to Russia’s notorious threat group APT28, also tracked as Forest Blizzard, has been uncovered targeting vulnerable home and small office routers worldwide. The operation focuses on manipulating DNS configurations to intercept sensitive data without user awareness. The campaign, named FrostArmada by Black Lotus Labs, has been active since at least May

Russian APT28 Exploits SOHO Routers in Global DNS Hijacking and Cyber Espionage Campaign Read More »

Medusa Ransomware

China-Linked Storm-1175 Exploits Zero-Day Flaws to Rapidly Deploy Medusa Ransomware Attacks

A cyber threat group associated with China, identified as Storm-1175, has been observed conducting rapid and highly coordinated cyberattacks by exploiting both undisclosed (zero-day) and known (N-day) vulnerabilities. The group is primarily focused on deploying Medusa ransomware across compromised systems. Security researchers from Microsoft Threat Intelligence report that the attackers are capable of executing high-speed intrusions, often breaching systems within

China-Linked Storm-1175 Exploits Zero-Day Flaws to Rapidly Deploy Medusa Ransomware Attacks Read More »

Iran-Linked Password Spraying Campaign Targets Over 300 Israeli Microsoft 365 Organizations

A large-scale cyber operation believed to be connected to Iran has been identified targeting Microsoft 365 environments, primarily focusing on organizations in Israel and the United Arab Emirates. The campaign comes amid rising geopolitical tensions in the Middle East and highlights the increasing use of cloud-focused cyberattacks. According to findings released by Check Point Software Technologies,

Iran-Linked Password Spraying Campaign Targets Over 300 Israeli Microsoft 365 Organizations Read More »

Microsoft Warns of WhatsApp-Delivered VBS Malware Exploiting UAC Bypass on Windows

Microsoft has issued a warning about a newly discovered cyber campaign that uses WhatsApp to distribute malicious Visual Basic Script (VBS) files. The attack chain is designed to compromise Windows systems, establish persistence, and gain elevated privileges through stealth techniques. Attack Begins with Social Engineering The campaign, first observed in late February 2026, relies heavily on social engineering

Microsoft Warns of WhatsApp-Delivered VBS Malware Exploiting UAC Bypass on Windows Read More »

Vertex AI Vulnerability Exposes Sensitive Google Cloud Data and Private Artifacts

A newly identified security weakness in Google Vertex AI has raised serious concerns about potential data exposure and cloud infrastructure compromise. Security researchers have revealed that artificial intelligence agents operating within the platform could be manipulated to access sensitive information without authorization. Misconfigured Permissions Create a Hidden Risk The issue stems from how permission controls are implemented

Vertex AI Vulnerability Exposes Sensitive Google Cloud Data and Private Artifacts Read More »

Silver Fox Expands Asia-Focused Cyber Campaign Using AtlasCross RAT and Fake Domains

A sophisticated cybercrime group known as Silver Fox, also tracked as SwimSnake, Valley Thief, UTG-Q-1000, and Void Arachne, has escalated its operations in Asia using a previously undocumented remote access trojan (RAT) named AtlasCross RAT. The campaign specifically targets Chinese-speaking users by leveraging typosquatted domains impersonating trusted software brands. Attack Vectors and Targeted Applications The group is

Silver Fox Expands Asia-Focused Cyber Campaign Using AtlasCross RAT and Fake Domains Read More »

Axios Supply Chain Attack Delivers Cross-Platform RAT Through Compromised npm Account

A major supply chain security incident has impacted Axios, one of the most widely used HTTP clients in the JavaScript ecosystem. Attackers successfully introduced malicious code into the npm package by compromising a maintainer account, enabling the distribution of a cross-platform remote access trojan (RAT). Compromised npm Account Used to Publish Malicious Versions Security researchers revealed

Axios Supply Chain Attack Delivers Cross-Platform RAT Through Compromised npm Account Read More »

OpenAI Fixes ChatGPT Data Exfiltration Flaw and Codex Vulnerability Exposing GitHub Tokens

A critical security issue affecting AI systems has been resolved after researchers discovered vulnerabilities in ChatGPT and Codex that could have exposed sensitive user data and developer credentials. ChatGPT Flaw Enabled Covert Data Exfiltration Researchers from Check Point uncovered a previously unknown weakness in ChatGPT that allowed hidden data exfiltration without user awareness. The flaw made it possible for

OpenAI Fixes ChatGPT Data Exfiltration Flaw and Codex Vulnerability Exposing GitHub Tokens Read More »