sctocs

Sneaky 2FA Phishing Kit Adds BitB Style Pop ups That Closely Imitate the Browser Address Bar

A new phishing campaign is leveraging advanced techniques to steal credentials from unsuspecting users. The Phishing-as-a-Service (PhaaS) kit called Sneaky 2FA has integrated Browser-in-the-Browser (BitB) functionality, making it easier for less experienced attackers to perform large-scale credential theft operations. How BitB Works Security researchers at Push Security reported that the technique is being used to […]

Sneaky 2FA Phishing Kit Adds BitB Style Pop ups That Closely Imitate the Browser Address Bar Read More »

WrtHug Uses Six ASUS WRT Vulnerabilities to Hijack Tens of Thousands of End of Life Routers Worldwide

A large scale cyber campaign has been uncovered in which tens of thousands of outdated or end of life ASUS routers have been compromised across several regions, mainly Taiwan, the United States, and Russia. SecurityScorecard’s STRIKE team has named this global activity Operation WrtHug. The attackers are using old and vulnerable devices to create a

WrtHug Uses Six ASUS WRT Vulnerabilities to Hijack Tens of Thousands of End of Life Routers Worldwide Read More »

Hackers Are Actively Exploiting a 7 Zip Symbolic Link Based RCE Vulnerability CVE 2025 11001

A critical security flaw affecting 7-Zip, tracked as CVE-2025-11001, is currently being actively exploited in the wild. The issue allows remote code execution via symbolic links in ZIP archives and impacts versions prior to 25.00, which was released in July 2025. Details of the Vulnerability The vulnerability arises from improper handling of symbolic links in

Hackers Are Actively Exploiting a 7 Zip Symbolic Link Based RCE Vulnerability CVE 2025 11001 Read More »

Python Based WhatsApp Worm Spreads Eternidade Stealer Across Devices in Brazil

Cybersecurity analysts have uncovered a new campaign that combines social engineering with WhatsApp account hijacking to spread a Delphi based banking trojan known as Eternidade Stealer. This large scale operation specifically targets users in Brazil and relies on a Python powered WhatsApp worm to propagate malicious attachments. How the Campaign Operates Research from Trustwave SpiderLabs

Python Based WhatsApp Worm Spreads Eternidade Stealer Across Devices in Brazil Read More »

EdgeStepper Implant Redirects DNS Queries to Deliver Malware Through Compromised Software Updates

A China aligned threat actor known as PlushDaemon has been identified using a new Go based network backdoor called EdgeStepper. This tool enables adversary in the middle attacks by hijacking DNS queries and redirecting them to malicious infrastructure. Through this method, attackers can compromise legitimate software update channels and deliver harmful payloads. How the Attack

EdgeStepper Implant Redirects DNS Queries to Deliver Malware Through Compromised Software Updates Read More »

ServiceNow AI Agents Can Be Manipulated to Work Against Each Other Through Second Order Prompts

Security researchers have uncovered a serious risk in ServiceNow’s Now Assist platform. Attackers can exploit default settings and use second order prompt injection to make AI agents work against each other. This weakness allows unauthorized actions such as data theft, record modification, and privilege escalation. How the Threat Works According to AppOmni, the issue arises

ServiceNow AI Agents Can Be Manipulated to Work Against Each Other Through Second Order Prompts Read More »

Fortinet Alerts Users About FortiWeb CVE 2025 58034 Vulnerability Now Being Actively Exploited

Fortinet has issued an important warning regarding a newly discovered security flaw in its FortiWeb product. The vulnerability, identified as CVE 2025 58034, has already been exploited in real world attacks, raising concerns for organizations that rely on FortiWeb for application security. About the Vulnerability This flaw is rated as medium severity and has a

Fortinet Alerts Users About FortiWeb CVE 2025 58034 Vulnerability Now Being Actively Exploited Read More »

Researchers Explain Tuoni C2’s Involvement in a 2025 Real-Estate Cyberattack Attempt

Cybersecurity analysts have shared new details about a cyberattack attempt that targeted a major real estate company in the United States. The attackers used an emerging command and control framework known as Tuoni. Although the intrusion was unsuccessful, the campaign reveals a concerning trend where red team tools are frequently abused for malicious operations. Tuoni

Researchers Explain Tuoni C2’s Involvement in a 2025 Real-Estate Cyberattack Attempt Read More »

Cloudflare Experiences Outage Impacting Its Global Network Services

Cloudflare, a major internet infrastructure provider, is currently experiencing a global outage affecting its network services. Users have reported encountering “internal server error” messages while accessing websites and online platforms connected to Cloudflare. The company is actively investigating the situation and working to restore normal operations. Scope of Cloudflare’s Global Network Cloudflare operates a distributed

Cloudflare Experiences Outage Impacting Its Global Network Services Read More »

Iranian Hackers Deploy DEEPROOT and TWOSTROKE Malware in Targeted Aerospace and Defense Attacks

A sophisticated Iran associated threat group has been observed conducting extensive espionage activity against organizations in the aerospace, aviation, and defense sectors across the Middle East. The attackers have used custom backdoors, including TWOSTROKE and DEEPROOT, to maintain long term access and gather sensitive information. Mandiant has linked this campaign to a cluster known as

Iranian Hackers Deploy DEEPROOT and TWOSTROKE Malware in Targeted Aerospace and Defense Attacks Read More »