sctocs

CISA Confirms Active Exploitation of Critical Vulnerabilities in Dassault and XWiki

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially confirmed that threat actors are actively exploiting critical security vulnerabilities in two widely used enterprise platforms: Dassault Systèmes’ DELMIA Apriso and the open-source XWiki. These flaws grant attackers the ability to execute arbitrary code and seize control of affected systems, prompting urgent calls for patching. […]

CISA Confirms Active Exploitation of Critical Vulnerabilities in Dassault and XWiki Read More »

10 Malicious npm Packages Steal Developer Credentials Across Windows, macOS, and Linux

In a stark reminder of the vulnerabilities within open-source ecosystems, cybersecurity analysts have unearthed ten deceptive npm packages engineered to pilfer sensitive developer credentials. These packages, capable of operating on Windows, macOS, and Linux, employ sophisticated stealth techniques to avoid detection while harvesting a treasure trove of personal and corporate data. The Deceptive Packages and

10 Malicious npm Packages Steal Developer Credentials Across Windows, macOS, and Linux Read More »

Russian Hackers Target Ukrainian Organizations Using Stealthy, Living Off the Land Tactics

Russian threat actors have reportedly conducted a series of stealthy cyberattacks on organizations in Ukraine, aiming to steal confidential data and maintain persistent access to compromised networks.According to a recent joint report by Symantec and Carbon Black Threat Hunter Team, the attacks targeted a large business services company for two months and a local government

Russian Hackers Target Ukrainian Organizations Using Stealthy, Living Off the Land Tactics Read More »

TEE.Fail Side-Channel Attack Extracts Secrets from Intel and AMD DDR5 Secure Enclaves

A team of academic researchers from Georgia Tech, Purdue University, and Synkhronix has developed TEE.Fail, a practical side-channel method that can extract secrets from processor-based trusted execution environments, including Intel SGX, Intel TDX, AMD SEV-SNP, and Ciphertext Hiding. The technique uses inexpensive, off-the-shelf electronics to inspect DDR5 memory traffic, exposing weaknesses in current CPU TEE

TEE.Fail Side-Channel Attack Extracts Secrets from Intel and AMD DDR5 Secure Enclaves Read More »

New Android Trojan ‘Herodotus’ Evades Anti-Fraud Systems by Mimicking Human Typing Behavior

Security researchers have uncovered a new Android banking trojan, named Herodotus, which is being used in active campaigns targeting users in Italy and Brazil. The malware aims for device takeover, or DTO, and stands out because it deliberately mimics human typing patterns to evade timing-based, behaviour-only anti-fraud systems. What Herodotus is, and where it came

New Android Trojan ‘Herodotus’ Evades Anti-Fraud Systems by Mimicking Human Typing Behavior Read More »

Chrome Zero-Day Exploited to Deploy LeetAgent Spyware by Italian Memento Labs

A newly uncovered cyber espionage operation has revealed that a now-patched Google Chrome zero-day vulnerability was exploited to deploy a sophisticated spyware known as LeetAgent. According to research from Kaspersky, the operation has been linked to the Italian IT and security firm Memento Labs, known for developing surveillance tools. Operation ForumTroll and the Chrome Vulnerability

Chrome Zero-Day Exploited to Deploy LeetAgent Spyware by Italian Memento Labs Read More »

Researchers Reveal GhostCall and GhostHire, New Malware Chains Linked to BlueNoroff APT

Security researchers have exposed two coordinated malware campaigns, GhostCall and GhostHire, linked to the North Korea-associated Lazarus sub-group BlueNoroff, also tracked under names like APT38, CryptoCore, Genie Spider, Nickel Gladstone, Sapphire Sleet, and Stardust Chollima. The campaigns focus on the Web3 and blockchain ecosystem, and together they form part of a larger, long-running operation Kaspersky

Researchers Reveal GhostCall and GhostHire, New Malware Chains Linked to BlueNoroff APT Read More »

SideWinder APT Uses ClickOnce Based Attack Chain to Target South Asian Diplomats

A new cyber espionage campaign has been uncovered, showing the continuous evolution of the SideWinder advanced persistent threat (APT) group. The operation, which took place in September 2025, targeted a European embassy in New Delhi and multiple organizations across Sri Lanka, Pakistan, and Bangladesh. Researchers from Trellix, Ernesto Fernández Provecho and Pham Duy Phuc, have

SideWinder APT Uses ClickOnce Based Attack Chain to Target South Asian Diplomats Read More »

ChatGPT Atlas Browser Exploit Lets Attackers Plant Persistent Hidden Commands

Cybersecurity experts have uncovered a serious vulnerability in OpenAI’s ChatGPT Atlas browser, which could let attackers inject malicious commands into the AI assistant’s memory and execute unauthorized code. According to Or Eshed, Co-Founder and CEO of LayerX Security, “This exploit enables cybercriminals to implant harmful code, elevate privileges, or deploy malware on targeted systems,” as

ChatGPT Atlas Browser Exploit Lets Attackers Plant Persistent Hidden Commands Read More »

Qilin Ransomware Uses Linux Payload and BYOVD Exploit in Sophisticated Hybrid Attack

Qilin, also tracked as Agenda, Gold Feather, and Water Galura, has become one of the most active ransomware-as-a-service operations since mid-2022. In 2025 the group averaged more than 40 victims per month, peaking at around 100 data-leak posts in June, and reaching 84 victims in both August and September 2025. Cisco Talos data shows significant

Qilin Ransomware Uses Linux Payload and BYOVD Exploit in Sophisticated Hybrid Attack Read More »