sctocs

Kimwolf Botnet Hijacks 1.8 Million Android TVs to Launch Massive DDoS Attacks

Cybersecurity researchers have uncovered a large scale distributed denial of service botnet named Kimwolf that has compromised approximately 1.8 million Android based devices, including smart TVs, set top boxes, and tablets. The findings were published by researchers at QiAnXin XLab, who noted possible links between Kimwolf and another notorious botnet known as AISURU. According to […]

Kimwolf Botnet Hijacks 1.8 Million Android TVs to Launch Massive DDoS Attacks Read More »

APT28 Targets Ukrainian UKR net Users in Long Running Credential Phishing Campaign

The Russian state sponsored cyber threat actor widely known as APT28 has been linked to a long running credential harvesting campaign aimed at users of UKR[.]net, a popular Ukrainian webmail and news service. The activity was uncovered by the Insikt Group, the threat intelligence division of Recorded Future, and was observed between June 2024 and

APT28 Targets Ukrainian UKR net Users in Long Running Credential Phishing Campaign Read More »

New ForumTroll Phishing Attacks Target Russian Scholars via Fake eLibrary Emails

A new wave of phishing attacks linked to Operation ForumTroll has been observed targeting academic professionals in Russia, according to cybersecurity researchers at Kaspersky. The activity was detected in October 2025, marking a shift in the threat actor’s focus from organizations to individual scholars. Security analysts noted that the campaign primarily targets experts in political

New ForumTroll Phishing Attacks Target Russian Scholars via Fake eLibrary Emails Read More »

GhostPoster Malware Discovered in 17 Firefox Add ons with Over 50,000 Downloads

A newly identified malware campaign named GhostPoster has been uncovered abusing logo image files embedded within browser extensions to deliver malicious JavaScript code. The operation targeted users of Mozilla Firefox through at least 17 compromised add-ons that collectively recorded more than 50,000 downloads before being removed. The findings were disclosed by Koi Security, which identified

GhostPoster Malware Discovered in 17 Firefox Add ons with Over 50,000 Downloads Read More »

China Linked Ink Dragon Hacks Governments Using ShadowPad and FINALDRAFT Malware

A China aligned cyber espionage group tracked as Ink Dragon has intensified its operations against government organizations, with a noticeable focus on European targets since July 2025. The campaign remains active and continues to impact entities across Southeast Asia and South America. Security researchers at Check Point Research are monitoring the activity cluster, which is

China Linked Ink Dragon Hacks Governments Using ShadowPad and FINALDRAFT Malware Read More »

Compromised IAM Credentials Fuel Large AWS Crypto Mining Campaign

A large scale cryptocurrency mining campaign has been detected targeting cloud environments by abusing compromised Identity and Access Management credentials within Amazon Web Services. The operation leverages stolen IAM permissions to rapidly deploy crypto mining infrastructure across multiple AWS services. The activity was first identified on November 2, 2025, through automated threat detection systems operated

Compromised IAM Credentials Fuel Large AWS Crypto Mining Campaign Read More »

Malicious NuGet Package Posing as Tracer Fody Steals Cryptocurrency Wallet Data

Cybersecurity researchers have identified a malicious NuGet package that impersonates the popular .NET tracing library Tracer.Fody to steal cryptocurrency wallet information. The package, called “Tracer.Fody.NLog,” was uploaded by a user named “csnemess” on February 26, 2020, and has remained on the repository for nearly six years. It closely mimics the legitimate “Tracer.Fody” library maintained by

Malicious NuGet Package Posing as Tracer Fody Steals Cryptocurrency Wallet Data Read More »

Fortinet FortiGate Under Active Attack via SAML SSO Authentication Bypass

Cybersecurity researchers have confirmed active attacks on Fortinet FortiGate devices exploiting two recently disclosed authentication vulnerabilities, less than a week after they were made public. Arctic Wolf, a cybersecurity firm, reported observing malicious single sign-on (SSO) login attempts on FortiGate appliances on December 12, 2025. The attacks target two critical authentication bypass flaws, tracked as

Fortinet FortiGate Under Active Attack via SAML SSO Authentication Bypass Read More »

React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors

Cybersecurity researchers have confirmed active exploitation of a critical security flaw known as React2Shell, with threat actors using it to deploy multiple Linux based backdoors, including KSwapDoor and ZnDoor. The findings come from independent investigations conducted by Palo Alto Networks Unit 42 and NTT Security. According to Unit 42, KSwapDoor is a highly sophisticated remote

React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors Read More »

Amazon Exposes Years Long GRU Cyber Campaign Targeting Energy and Cloud Infrastructure

Amazon has released new threat intelligence findings detailing a years long cyber campaign linked to a Russian state sponsored actor that targeted Western critical infrastructure between 2021 and 2025. The activity primarily affected energy sector organizations, critical infrastructure providers in North America and Europe, and companies operating cloud hosted network environments. According to Amazon, the

Amazon Exposes Years Long GRU Cyber Campaign Targeting Energy and Cloud Infrastructure Read More »