sctocs

Researchers Explain Tuoni C2’s Involvement in a 2025 Real-Estate Cyberattack Attempt

Cybersecurity analysts have shared new details about a cyberattack attempt that targeted a major real estate company in the United States. The attackers used an emerging command and control framework known as Tuoni. Although the intrusion was unsuccessful, the campaign reveals a concerning trend where red team tools are frequently abused for malicious operations. Tuoni […]

Researchers Explain Tuoni C2’s Involvement in a 2025 Real-Estate Cyberattack Attempt Read More »

Cloudflare Experiences Outage Impacting Its Global Network Services

Cloudflare, a major internet infrastructure provider, is currently experiencing a global outage affecting its network services. Users have reported encountering “internal server error” messages while accessing websites and online platforms connected to Cloudflare. The company is actively investigating the situation and working to restore normal operations. Scope of Cloudflare’s Global Network Cloudflare operates a distributed

Cloudflare Experiences Outage Impacting Its Global Network Services Read More »

Iranian Hackers Deploy DEEPROOT and TWOSTROKE Malware in Targeted Aerospace and Defense Attacks

A sophisticated Iran associated threat group has been observed conducting extensive espionage activity against organizations in the aerospace, aviation, and defense sectors across the Middle East. The attackers have used custom backdoors, including TWOSTROKE and DEEPROOT, to maintain long term access and gather sensitive information. Mandiant has linked this campaign to a cluster known as

Iranian Hackers Deploy DEEPROOT and TWOSTROKE Malware in Targeted Aerospace and Defense Attacks Read More »

Seven NPM Packages Use Adspect Cloaking to Lure Users to Crypto Scam Pages

Security analysts have identified a group of seven npm packages created by a single threat actor who used Adspect cloaking to mislead visitors and redirect them to fraudulent crypto themed websites. These packages relied on traffic filtering techniques to separate real victims from security professionals, allowing attackers to hide malicious behavior while pushing unsuspecting users

Seven NPM Packages Use Adspect Cloaking to Lure Users to Crypto Scam Pages Read More »

New EVALUSION ClickFix Campaign Delivers Amatera Stealer and NetSupport RAT

Security analysts have identified a new wave of cyberattacks that rely on the ClickFix method to trick victims into running harmful commands. This activity is being monitored by eSentire under the name EVALUSION. The attackers are deploying two serious threats, the Amatera Stealer and the NetSupport RAT, through deceptive phishing pages that imitate security checks.

New EVALUSION ClickFix Campaign Delivers Amatera Stealer and NetSupport RAT Read More »

Dragon Breath Deploys RONINGLOADER to Disable Security Tools and Install Gh0st RAT

A threat actor known as Dragon Breath has launched a sophisticated operation using a multi layered tool called RONINGLOADER. This loader is designed to disable major endpoint security products, evade modern defenses, and ultimately deploy a modified version of Gh0st RAT. The campaign mainly targets Chinese speaking victims and relies on trojanized installers that appear

Dragon Breath Deploys RONINGLOADER to Disable Security Tools and Install Gh0st RAT Read More »

Multi Stage Phishing Kit Uses Telegram to Steal Credentials and Evade Automated Security Checks

Phishing remains one of the most consistent cyber threats faced by organizations worldwide. Attackers continuously refine their strategies to steal credentials and sensitive data, and a recently uncovered phishing framework shows how far these tactics have evolved. Security analysts discovered a multi layered phishing system designed to impersonate Aruba S.p.A, an Italian IT and web

Multi Stage Phishing Kit Uses Telegram to Steal Credentials and Evade Automated Security Checks Read More »

Akira Ransomware Hits 250 Plus Organizations and Extracts 42 Million Dollars, CISA Warns in New Report

A recent advisory from the Cybersecurity and Infrastructure Security Agency highlights the growing threat of the Akira ransomware group, which has rapidly become one of the most aggressive cybercrime operations targeting global businesses. Ransomware Impact and Financial Losses Since March 2023, Akira has compromised more than 250 organizations across North America, Europe, and Australia. According

Akira Ransomware Hits 250 Plus Organizations and Extracts 42 Million Dollars, CISA Warns in New Report Read More »

Five Individuals Plead Guilty in U.S. for Assisting North Korean Hackers Infiltrate 136 Companies

The U.S. Department of Justice (DoJ) announced on Friday that five people have admitted guilt in connection with aiding North Korea’s illicit revenue schemes by facilitating IT worker fraud, violating international sanctions. Defendants Involved The individuals are: Phagnasay, Salazar, and Travis admitted to one count of wire fraud conspiracy. They knowingly allowed IT workers outside

Five Individuals Plead Guilty in U.S. for Assisting North Korean Hackers Infiltrate 136 Companies Read More »

Now Patched Fortinet FortiWeb Vulnerability Exploited to Create Unauthorized Admin Accounts

Security researchers have raised alarms over a critical authentication bypass vulnerability in Fortinet FortiWeb Web Application Firewall (WAF). Exploiting this flaw allows attackers to take control of admin accounts, potentially compromising the entire device. Vulnerability Overview According to watchTowr, active exploitation of a vulnerability patched silently in FortiWeb version 8.0.2 has been observed in the

Now Patched Fortinet FortiWeb Vulnerability Exploited to Create Unauthorized Admin Accounts Read More »