sctocs

Chinese Hackers Begin Exploiting the Newly Revealed React2Shell Vulnerability

Two China linked hacking groups have started weaponizing the newly revealed React Server Components vulnerability within hours of its public disclosure. The security flaw, tracked as CVE-2025-55182 with a maximum CVSS score of 10.0, allows unauthenticated remote code execution and has been patched in React versions 19.0.1, 19.1.2, and 19.2.1. AWS Detects Rapid Exploitation Attempts […]

Chinese Hackers Begin Exploiting the Newly Revealed React2Shell Vulnerability Read More »

CISA Reports Chinese Hackers Leveraging BRICKSTORM for Persistent U.S. System Access

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed the use of a sophisticated backdoor, BRICKSTORM, by state-sponsored Chinese threat actors to maintain long-term access to compromised systems across the United States. CISA described BRICKSTORM as a highly advanced implant designed for VMware vSphere and Windows environments. It allows attackers to gain stealthy access,

CISA Reports Chinese Hackers Leveraging BRICKSTORM for Persistent U.S. System Access Read More »

JPCERT Confirms Active Command Injection Attacks Targeting Array AG Gateways

JPCERT/CC has confirmed that a command injection vulnerability in Array Networks AG Series secure access gateways has been actively exploited since August 2025. The alert, released this week, warns organizations to take immediate protective measures. The vulnerability, which has not yet received a CVE identifier, was addressed by Array Networks on May 11, 2025. It

JPCERT Confirms Active Command Injection Attacks Targeting Array AG Gateways Read More »

Intellexa Leaks Expose Zero Days and Ads Based Delivery Method for Predator Spyware

A human rights lawyer in Pakistan’s Balochistan province received a suspicious WhatsApp link from an unknown sender, marking the first known case of a civil society member in Pakistan being targeted by Intellexa’s Predator spyware, according to Amnesty International. The link, Amnesty noted, is consistent with a “Predator attack attempt,” based on the technical behavior

Intellexa Leaks Expose Zero Days and Ads Based Delivery Method for Predator Spyware Read More »

Silver Fox Distributes ValleyRAT in China Through Fake Microsoft Teams Installer

A new campaign linked to the threat actor Silver Fox is targeting Chinese speaking users through a deceptive installer that pretends to be Microsoft Teams. The operation appears to be a false flag attempt designed to resemble activity from a Russian group, although the final payload is ValleyRAT, a malware family associated with Chinese cybercrime

Silver Fox Distributes ValleyRAT in China Through Fake Microsoft Teams Installer Read More »

AISURU Botnet Behind Record 29.7 Tbps DDoS Attack Using 4M Infected Hosts

Cloudflare reported on Wednesday that it successfully detected and mitigated the largest recorded distributed denial-of-service (DDoS) attack to date, reaching 29.7 terabits per second (Tbps). The attack originated from the AISURU botnet-for-hire, which has been tied to multiple hyper-volumetric DDoS campaigns over the past year. The assault lasted 69 seconds, though Cloudflare did not disclose

AISURU Botnet Behind Record 29.7 Tbps DDoS Attack Using 4M Infected Hosts Read More »

GoldFactory Targets Southeast Asia with Modified Banking Apps Behind 11,000 Plus Infections

Cybercriminals linked to the financially motivated group GoldFactory have launched a new wave of mobile attacks across Indonesia, Thailand, and Vietnam by posing as government authorities and local service providers. According to a technical assessment released by Group IB, the campaign has been active since October 2024 and relies on doctored versions of legitimate banking

GoldFactory Targets Southeast Asia with Modified Banking Apps Behind 11,000 Plus Infections Read More »

Critical RSC Bugs in React and Next.js Enable Unauthenticated Remote Code Execution

A newly disclosed maximum severity vulnerability in React Server Components has raised significant alarm across the web development ecosystem. The flaw, assigned CVE-2025-55182 and nicknamed React2shell, allows attackers to execute code remotely without authentication simply by sending a specially crafted request to a Server Function endpoint. Nature of the Vulnerability The React Team stated that

Critical RSC Bugs in React and Next.js Enable Unauthenticated Remote Code Execution Read More »

Microsoft Quietly Fixes Windows LNK Flaw After Years of Active Exploitation

Microsoft has rolled out a silent fix for a Windows Shortcut (LNK) vulnerability that has been under active exploitation since 2017. The update was released as part of the company’s November 2025 Patch Tuesday batch, according to details published by ACROS Security’s 0patch team. Background of the Vulnerability The flaw, tracked as CVE-2025-9491 and rated

Microsoft Quietly Fixes Windows LNK Flaw After Years of Active Exploitation Read More »

Malicious Rust Crate Targets Web3 Developers with OS Specific Malware

Cybersecurity analysts have identified a harmful Rust based package that was crafted to infiltrate systems running Windows, macOS, or Linux. The package silently executes malicious code on developer machines by disguising itself as a legitimate Ethereum Virtual Machine utility. The crate, titled evm-units, was uploaded to crates dot io in April 2025 by an account

Malicious Rust Crate Targets Web3 Developers with OS Specific Malware Read More »