sctocs

NANOREMOTE Malware Abuses Google Drive API for Stealthy Control of Windows Systems

Cybersecurity researchers have revealed a sophisticated Windows backdoor called NANOREMOTE that leverages the Google Drive API for command-and-control (C2) operations. Elastic Security Labs reported that the malware shows code similarities with FINALDRAFT (aka Squidoor), another implant using Microsoft Graph API for C2, attributed to the suspected Chinese threat cluster REF7707 (also known as CL-STA-0049, Earth […]

NANOREMOTE Malware Abuses Google Drive API for Stealthy Control of Windows Systems Read More »

WIRTE Uses AshenLoader Sideloading to Deploy the AshTag Espionage Backdoor

An advanced persistent threat (APT) group known as WIRTE has been linked to cyberattacks targeting government and diplomatic entities across the Middle East since 2020. The group deploys a previously undocumented malware suite called AshTag, designed for espionage and intelligence collection. Palo Alto Networks Unit 42 is tracking this cluster under the codename Ashen Lepus.

WIRTE Uses AshenLoader Sideloading to Deploy the AshTag Espionage Backdoor Read More »

Unpatched Gogs Zero Day Actively Exploited Across More Than 700 Instances

A newly discovered and unpatched security vulnerability in Gogs is being actively exploited in the wild, with more than 700 compromised instances currently accessible over the internet. The findings were disclosed by Wiz following an investigation into a real world malware incident. The vulnerability, tracked as CVE-2025-8110 with a CVSS score of 8.7, affects the

Unpatched Gogs Zero Day Actively Exploited Across More Than 700 Instances Read More »

Active Attacks Abuse Gladinet Hard Coded Keys to Gain Unauthorized Access and Execute Code

Cybersecurity researchers are warning of ongoing attacks targeting Gladinet CentreStack and Triofox deployments, where threat actors are actively exploiting a weakness caused by hard coded cryptographic keys. According to new findings from Huntress, at least nine organizations have already been impacted. Security researcher Bryan Masters explained that the flaw allows attackers to access sensitive configuration

Active Attacks Abuse Gladinet Hard Coded Keys to Gain Unauthorized Access and Execute Code Read More »

React2Shell Exploitation Spreads Crypto Miners and New Malware Across Multiple Sectors

Security researchers are reporting sustained and widespread abuse of the React2Shell vulnerability, with attackers exploiting a maximum severity flaw in React Server Components to deploy cryptocurrency miners and several previously undocumented malware strains. According to new findings released by Huntress, threat actors are actively leveraging CVE-2025-55182, a critical unauthenticated remote code execution vulnerability in React

React2Shell Exploitation Spreads Crypto Miners and New Malware Across Multiple Sectors Read More »

.NET SOAPwn Flaw Enables File Writes and Remote Code Execution Through Rogue WSDL

Cybersecurity researchers have revealed a serious exploitation technique affecting enterprise applications built on the .NET ecosystem, enabling attackers to perform arbitrary file writes and potentially achieve remote code execution. The research was conducted by WatchTowr Labs, which internally named the issue SOAPwn. According to the researchers, the flaw stems from how certain .NET components process

.NET SOAPwn Flaw Enables File Writes and Remote Code Execution Through Rogue WSDL Read More »

WinRAR Vulnerability CVE-2025-6218 Actively Targeted by Multiple Threat Groups

A newly disclosed security flaw in WinRAR has been added to the U S Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) catalog after investigators confirmed that threat actors are actively abusing it. The flaw, tracked as CVE-2025-6218 with a severity score of 7 point 8, is a path traversal issue that can

WinRAR Vulnerability CVE-2025-6218 Actively Targeted by Multiple Threat Groups Read More »

Fortinet, Ivanti, and SAP Release Urgent Fixes for Authentication and Code Execution Vulnerabilities

Security teams across multiple industries are racing to deploy urgent updates after Fortinet, Ivanti, and SAP released patches for high risk vulnerabilities that could allow attackers to bypass authentication controls or execute malicious code. The newly disclosed flaws are considered especially dangerous because of their potential to provide remote, unauthenticated access to critical systems at

Fortinet, Ivanti, and SAP Release Urgent Fixes for Authentication and Code Execution Vulnerabilities Read More »

North Korea Linked Actors Exploit React2Shell to Deliver New EtherRAT Malware

A threat group linked to North Korea has begun exploiting the critical React2Shell security flaw in React Server Components to distribute a previously undocumented remote access trojan named EtherRAT. According to a new report from Sysdig, this malware uses Ethereum smart contracts for command and control resolution, deploys five separate persistence methods on Linux systems,

North Korea Linked Actors Exploit React2Shell to Deliver New EtherRAT Malware Read More »

STAC6565 Focuses on Canada in Most Attacks While Gold Blade Spreads QWCrypt Ransomware

Canadian organizations have become the primary focus of a targeted cyber campaign led by the threat cluster STAC6565. Cybersecurity company Sophos investigated nearly 40 intrusions linked to the group between February 2024 and August 2025, finding strong overlaps with the hacking group Gold Blade, also tracked under names such as Earth Kapre, RedCurl, and Red

STAC6565 Focuses on Canada in Most Attacks While Gold Blade Spreads QWCrypt Ransomware Read More »