sctocs

TEE.Fail Side-Channel Attack Extracts Secrets from Intel and AMD DDR5 Secure Enclaves

A team of academic researchers from Georgia Tech, Purdue University, and Synkhronix has developed TEE.Fail, a practical side-channel method that can extract secrets from processor-based trusted execution environments, including Intel SGX, Intel TDX, AMD SEV-SNP, and Ciphertext Hiding. The technique uses inexpensive, off-the-shelf electronics to inspect DDR5 memory traffic, exposing weaknesses in current CPU TEE […]

TEE.Fail Side-Channel Attack Extracts Secrets from Intel and AMD DDR5 Secure Enclaves Read More »

New Android Trojan ‘Herodotus’ Evades Anti-Fraud Systems by Mimicking Human Typing Behavior

Security researchers have uncovered a new Android banking trojan, named Herodotus, which is being used in active campaigns targeting users in Italy and Brazil. The malware aims for device takeover, or DTO, and stands out because it deliberately mimics human typing patterns to evade timing-based, behaviour-only anti-fraud systems. What Herodotus is, and where it came

New Android Trojan ‘Herodotus’ Evades Anti-Fraud Systems by Mimicking Human Typing Behavior Read More »

Chrome Zero-Day Exploited to Deploy LeetAgent Spyware by Italian Memento Labs

A newly uncovered cyber espionage operation has revealed that a now-patched Google Chrome zero-day vulnerability was exploited to deploy a sophisticated spyware known as LeetAgent. According to research from Kaspersky, the operation has been linked to the Italian IT and security firm Memento Labs, known for developing surveillance tools. Operation ForumTroll and the Chrome Vulnerability

Chrome Zero-Day Exploited to Deploy LeetAgent Spyware by Italian Memento Labs Read More »

Researchers Reveal GhostCall and GhostHire, New Malware Chains Linked to BlueNoroff APT

Security researchers have exposed two coordinated malware campaigns, GhostCall and GhostHire, linked to the North Korea-associated Lazarus sub-group BlueNoroff, also tracked under names like APT38, CryptoCore, Genie Spider, Nickel Gladstone, Sapphire Sleet, and Stardust Chollima. The campaigns focus on the Web3 and blockchain ecosystem, and together they form part of a larger, long-running operation Kaspersky

Researchers Reveal GhostCall and GhostHire, New Malware Chains Linked to BlueNoroff APT Read More »

SideWinder APT Uses ClickOnce Based Attack Chain to Target South Asian Diplomats

A new cyber espionage campaign has been uncovered, showing the continuous evolution of the SideWinder advanced persistent threat (APT) group. The operation, which took place in September 2025, targeted a European embassy in New Delhi and multiple organizations across Sri Lanka, Pakistan, and Bangladesh. Researchers from Trellix, Ernesto Fernández Provecho and Pham Duy Phuc, have

SideWinder APT Uses ClickOnce Based Attack Chain to Target South Asian Diplomats Read More »

ChatGPT Atlas Browser Exploit Lets Attackers Plant Persistent Hidden Commands

Cybersecurity experts have uncovered a serious vulnerability in OpenAI’s ChatGPT Atlas browser, which could let attackers inject malicious commands into the AI assistant’s memory and execute unauthorized code. According to Or Eshed, Co-Founder and CEO of LayerX Security, “This exploit enables cybercriminals to implant harmful code, elevate privileges, or deploy malware on targeted systems,” as

ChatGPT Atlas Browser Exploit Lets Attackers Plant Persistent Hidden Commands Read More »

Qilin Ransomware Uses Linux Payload and BYOVD Exploit in Sophisticated Hybrid Attack

Qilin, also tracked as Agenda, Gold Feather, and Water Galura, has become one of the most active ransomware-as-a-service operations since mid-2022. In 2025 the group averaged more than 40 victims per month, peaking at around 100 data-leak posts in June, and reaching 84 victims in both August and September 2025. Cisco Talos data shows significant

Qilin Ransomware Uses Linux Payload and BYOVD Exploit in Sophisticated Hybrid Attack Read More »

Google Warns of Threat Actors Using Fake Job Postings to Spread Malware and Steal Credentials

Cybercriminals have adopted an advanced social engineering approach that takes advantage of the trust job seekers place in employment platforms, as highlighted in a new Google security advisory. Targeting Through Deceptive Recruitment Websites A financially driven threat group based in Vietnam, identified as UNC6229, has been targeting professionals in the digital advertising and marketing sectors.

Google Warns of Threat Actors Using Fake Job Postings to Spread Malware and Steal Credentials Read More »

Over 706,000 BIND 9 Resolver Instances Exposed Online and Vulnerable to Cache Poisoning, PoC Released

A critical flaw has been uncovered in BIND 9 resolvers, which could allow attackers to poison DNS caches and redirect users to malicious domains. The vulnerability, tracked as CVE-2025-40778, affects more than 706,000 publicly exposed instances worldwide, according to data from internet scanning company Censys. With a CVSS score of 8.6, the bug arises from

Over 706,000 BIND 9 Resolver Instances Exposed Online and Vulnerable to Cache Poisoning, PoC Released Read More »

Newly Patched Critical Microsoft WSUS Vulnerability Actively Exploited

Microsoft has released an urgent out-of-band security update to address a critical vulnerability in Windows Server Update Services (WSUS). This flaw, identified as CVE-2025-59287, has a high CVSS score of 9.8 and is being actively exploited, with a publicly available proof-of-concept (PoC) already circulating. The vulnerability is a remote code execution (RCE) issue affecting WSUS

Newly Patched Critical Microsoft WSUS Vulnerability Actively Exploited Read More »