sctocs

HttpTroy Backdoor Poses as VPN Invoice to Infiltrate South Korean Targets

The North Korea-aligned advanced persistent threat (APT) group Kimsuky has been discovered using a previously unknown backdoor, codenamed HttpTroy, in a highly targeted spear-phishing campaign. The attack, aimed at a single victim in South Korea, employed a sophisticated multi-stage infection chain disguised as a legitimate VPN invoice. The Deceptive Lure and Initial Compromise The attack began […]

HttpTroy Backdoor Poses as VPN Invoice to Infiltrate South Korean Targets Read More »

Russian Ransomware Groups Weaponize Open-Source AdaptixC2 for Advanced Attacks

A powerful open-source command-and-control (C2) framework named AdaptixC2 is rapidly being adopted by a wide range of cybercriminals, with strong links to Russian ransomware operations. This trend highlights the ongoing weaponization of legitimate security tools by threat actors to conduct more advanced and evasive attacks. What is AdaptixC2? AdaptixC2 is an emerging, extensible post-exploitation framework

Russian Ransomware Groups Weaponize Open-Source AdaptixC2 for Advanced Attacks Read More »

Nation-State Hackers Use New Airstalk Malware in Suspected Supply Chain Attack

A sophisticated threat actor, believed to be state-sponsored, has been discovered using a previously unknown malware family dubbed “Airstalk” in a suspected software supply chain attack. The malware uniquely abuses a legitimate enterprise mobile device management (MDM) API to establish a covert communication channel with its operators. The Attacker and the Malware’s Core Deception Tracked

Nation-State Hackers Use New Airstalk Malware in Suspected Supply Chain Attack Read More »

China-Linked Hackers Exploit Windows Shortcut Vulnerability to Target European Diplomats

A China-affiliated cyber espionage group, tracked as UNC6384, has been discovered conducting a sophisticated campaign targeting European diplomatic and government entities. The attacks, occurring between September and October 2025, exploit an unpatched Windows shortcut vulnerability to deploy the notorious PlugX remote access trojan on victim systems. Strategic Targeting of European Diplomacy According to a technical

China-Linked Hackers Exploit Windows Shortcut Vulnerability to Target European Diplomats Read More »

China-Linked Tick APT Exploits Lanscope Zero-Day to Compromise Corporate Networks

A sophisticated cyber espionage group known as Tick has been identified as the actor behind the exploitation of a critical, recently disclosed zero-day vulnerability in Motex Lanscope Endpoint Manager. This campaign, targeting specific sectors for intelligence gathering, demonstrates the continued threat posed by advanced persistent threats (APTs) to corporate network security. The Zero-Day Vulnerability: CVE-2025-61932

China-Linked Tick APT Exploits Lanscope Zero-Day to Compromise Corporate Networks Read More »

CISA and NSA Release Critical Security Guidance for WSUS and Microsoft Exchange Servers

In a joint cybersecurity advisory, U.S. and international agencies have released critical guidance to help organizations fortify their on-premise Microsoft Exchange Server environments against persistent threats. The guidance emphasizes that unprotected and misconfigured instances remain prime targets for malicious actors and outlines a comprehensive strategy to secure these vital communication hubs. A Unified Call to

CISA and NSA Release Critical Security Guidance for WSUS and Microsoft Exchange Servers Read More »

Eclipse Foundation Revokes Leaked Open VSX Tokens After Wiz Security Discovery

The Eclipse Foundation has taken decisive action to secure the Open VSX registry after a security report revealed that access tokens had been accidentally leaked within several Visual Studio Code extensions. This prompt response neutralizes a potential software supply chain attack that could have allowed threat actors to hijack extensions and distribute malware to unsuspecting

Eclipse Foundation Revokes Leaked Open VSX Tokens After Wiz Security Discovery Read More »

Google’s Built-In AI Defenses on Android Now Block 10 Billion Scam Messages Monthly

In a significant demonstration of its proactive security measures, Google has announced that its built-in scam defenses on the Android platform are now protecting users from over 10 billion suspected malicious calls and messages every single month. This massive filtering effort is powered by on-device artificial intelligence, creating a formidable barrier against modern digital fraud.

Google’s Built-In AI Defenses on Android Now Block 10 Billion Scam Messages Monthly Read More »

PhantomRaven Malware Hidden in 126 npm Packages Stealing GitHub Tokens from Developers

A sophisticated software supply chain attack, dubbed “PhantomRaven,” has infiltrated the npm registry with 126 malicious packages designed to secretly steal sensitive developer credentials. This campaign specifically targets authentication tokens, CI/CD secrets, and GitHub credentials directly from developers’ machines, posing a severe threat to software development integrity. The Scale and Stealth of the PhantomRaven Campaign

PhantomRaven Malware Hidden in 126 npm Packages Stealing GitHub Tokens from Developers Read More »

AI-Targeted Cloaking Attack Tricks Crawlers Into Citing False Information as Verified Facts

A novel cybersecurity threat is targeting the very foundation of agentic AI browsers, a development that could allow malicious actors to poison the information these systems retrieve and present as undeniable truth. This sophisticated “cloaking” technique exploits the trust AI models place in their web crawlers, creating a ripe opportunity for widespread misinformation and manipulation.

AI-Targeted Cloaking Attack Tricks Crawlers Into Citing False Information as Verified Facts Read More »