sctocs

Seven NPM Packages Use Adspect Cloaking to Lure Users to Crypto Scam Pages

Security analysts have identified a group of seven npm packages created by a single threat actor who used Adspect cloaking to mislead visitors and redirect them to fraudulent crypto themed websites. These packages relied on traffic filtering techniques to separate real victims from security professionals, allowing attackers to hide malicious behavior while pushing unsuspecting users […]

Seven NPM Packages Use Adspect Cloaking to Lure Users to Crypto Scam Pages Read More »

New EVALUSION ClickFix Campaign Delivers Amatera Stealer and NetSupport RAT

Security analysts have identified a new wave of cyberattacks that rely on the ClickFix method to trick victims into running harmful commands. This activity is being monitored by eSentire under the name EVALUSION. The attackers are deploying two serious threats, the Amatera Stealer and the NetSupport RAT, through deceptive phishing pages that imitate security checks.

New EVALUSION ClickFix Campaign Delivers Amatera Stealer and NetSupport RAT Read More »

Dragon Breath Deploys RONINGLOADER to Disable Security Tools and Install Gh0st RAT

A threat actor known as Dragon Breath has launched a sophisticated operation using a multi layered tool called RONINGLOADER. This loader is designed to disable major endpoint security products, evade modern defenses, and ultimately deploy a modified version of Gh0st RAT. The campaign mainly targets Chinese speaking victims and relies on trojanized installers that appear

Dragon Breath Deploys RONINGLOADER to Disable Security Tools and Install Gh0st RAT Read More »

Multi Stage Phishing Kit Uses Telegram to Steal Credentials and Evade Automated Security Checks

Phishing remains one of the most consistent cyber threats faced by organizations worldwide. Attackers continuously refine their strategies to steal credentials and sensitive data, and a recently uncovered phishing framework shows how far these tactics have evolved. Security analysts discovered a multi layered phishing system designed to impersonate Aruba S.p.A, an Italian IT and web

Multi Stage Phishing Kit Uses Telegram to Steal Credentials and Evade Automated Security Checks Read More »

Akira Ransomware Hits 250 Plus Organizations and Extracts 42 Million Dollars, CISA Warns in New Report

A recent advisory from the Cybersecurity and Infrastructure Security Agency highlights the growing threat of the Akira ransomware group, which has rapidly become one of the most aggressive cybercrime operations targeting global businesses. Ransomware Impact and Financial Losses Since March 2023, Akira has compromised more than 250 organizations across North America, Europe, and Australia. According

Akira Ransomware Hits 250 Plus Organizations and Extracts 42 Million Dollars, CISA Warns in New Report Read More »

Five Individuals Plead Guilty in U.S. for Assisting North Korean Hackers Infiltrate 136 Companies

The U.S. Department of Justice (DoJ) announced on Friday that five people have admitted guilt in connection with aiding North Korea’s illicit revenue schemes by facilitating IT worker fraud, violating international sanctions. Defendants Involved The individuals are: Phagnasay, Salazar, and Travis admitted to one count of wire fraud conspiracy. They knowingly allowed IT workers outside

Five Individuals Plead Guilty in U.S. for Assisting North Korean Hackers Infiltrate 136 Companies Read More »

Now Patched Fortinet FortiWeb Vulnerability Exploited to Create Unauthorized Admin Accounts

Security researchers have raised alarms over a critical authentication bypass vulnerability in Fortinet FortiWeb Web Application Firewall (WAF). Exploiting this flaw allows attackers to take control of admin accounts, potentially compromising the entire device. Vulnerability Overview According to watchTowr, active exploitation of a vulnerability patched silently in FortiWeb version 8.0.2 has been observed in the

Now Patched Fortinet FortiWeb Vulnerability Exploited to Create Unauthorized Admin Accounts Read More »

North Korean Hackers Abuse JSON Services to Deliver Malware Covertly

Researchers have uncovered that North Korean threat actors behind the Contagious Interview campaign are increasingly leveraging JSON storage services to host and deploy malicious payloads. These platforms allow attackers to operate covertly while blending in with normal traffic. Tactics and Techniques According to NVISO researchers Bart Parys, Stef Collart, and Efstratios Lontzetidis, the actors now

North Korean Hackers Abuse JSON Services to Deliver Malware Covertly Read More »

Researchers Discover Critical AI Bugs Affecting Meta, Nvidia, and Microsoft Inference Frameworks

Cybersecurity researchers have identified critical remote code execution (RCE) vulnerabilities impacting major AI inference frameworks, including those maintained by Meta, Nvidia, Microsoft, and open-source projects like vLLM and SGLang. These flaws, collectively termed the ShadowMQ pattern, stem from unsafe deserialization of Python objects over ZeroMQ (ZMQ) sockets. Root Cause: Unsafe Deserialization According to Avi Lumelsky

Researchers Discover Critical AI Bugs Affecting Meta, Nvidia, and Microsoft Inference Frameworks Read More »

Iranian Hackers Launch SpearSpecter Spy Operation Targeting Defense and Government

A state backed Iranian cyber espionage group, commonly known as APT42, has been observed conducting a new intelligence collection campaign aimed at individuals and organizations connected to national security. The Israel National Digital Agency (INDA) has named this ongoing operation SpearSpecter after identifying its activity in early September 2025. Highly Targeted Social Engineering Operations INDA

Iranian Hackers Launch SpearSpecter Spy Operation Targeting Defense and Government Read More »