sctocs

China Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy Through Telecom Networks

A highly sophisticated cyber espionage campaign linked to a China-associated threat group has been uncovered, targeting telecommunications infrastructure to infiltrate sensitive government networks. The operation reflects a long-term strategy focused on stealth, persistence, and deep network access, raising serious concerns for global cybersecurity. Silent Infiltration of Telecom Networks The threat group known as Red Menshen, […]

China Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy Through Telecom Networks Read More »

Claude Extension Vulnerability Allowed Zero Click XSS and Prompt Injection via Any Website

Cybersecurity researchers have uncovered a serious security flaw in Claude’s Google Chrome extension that allowed attackers to inject malicious prompts without any user interaction. The vulnerability made it possible for a simple website visit to silently manipulate the AI assistant’s behavior. How the Zero-Click Attack Worked According to researchers at Koi Security, the flaw allowed any website

Claude Extension Vulnerability Allowed Zero Click XSS and Prompt Injection via Any Website Read More »

LeakBase Administrator Arrested in Russia Over Massive Stolen Credential Marketplace

Russian authorities have arrested the alleged administrator of the LeakBase cybercrime forum, a platform known for trading stolen personal and corporate data, state media reported. Details of the Arrest According to TASS and MVD Media, the suspect, a resident of Taganrog, was detained for creating and managing a criminal website that allowed stolen databases to be bought and sold since

LeakBase Administrator Arrested in Russia Over Massive Stolen Credential Marketplace Read More »

GlassWorm Malware Exploits Solana Dead Drops to Deliver RAT and Steal Browser and Crypto Data

Cybersecurity researchers have uncovered a sophisticated malware campaign dubbed GlassWorm, which delivers a multi-stage attack framework designed to steal credentials, exfiltrate cryptocurrency data, and install a remote access trojan (RAT) disguised as a Google Docs Offline extension. Multi-Stage Attack Mechanism According to Aikido Security, GlassWorm begins by infiltrating systems through compromised packages across npm, PyPI,

GlassWorm Malware Exploits Solana Dead Drops to Deliver RAT and Steal Browser and Crypto Data Read More »

Russian Hacker Sentenced to 2 Years for TA551 Botnet Ransomware Attacks

A Russian cybercriminal has been sentenced in the United States for his involvement in operating a botnet that played a key role in launching ransomware attacks against multiple organizations. Authorities confirmed that Ilya Angelov, aged 40 and originally from Tolyatti, received a two-year prison sentence along with a $100,000 fine. He was known online by aliases such as “milan”

Russian Hacker Sentenced to 2 Years for TA551 Botnet Ransomware Attacks Read More »

Device Code Phishing Targets 340+ Microsoft 365 Organizations Across Five Countries via OAuth Abuse

A widespread device code phishing campaign is actively targeting Microsoft 365 identities in more than 340 organizations across the U.S., Canada, Australia, New Zealand, and Germany. According to Huntress researchers, the campaign was first observed on February 19, 2026, and has accelerated since. The threat actors exploit Cloudflare Workers redirects combined with Railway.com PaaS infrastructure to turn legitimate authentication flows into credential-harvesting mechanisms. Targeted

Device Code Phishing Targets 340+ Microsoft 365 Organizations Across Five Countries via OAuth Abuse Read More »

TeamPCP Backdoors LiteLLM Versions 1.82.7 to 1.82.8 Through Trivy CI CD Supply Chain Compromise

A major supply chain attack campaign has emerged as TeamPCP, the threat actor behind previous Trivy and KICS compromises, has backdoored the popular Python package LiteLLM. Versions 1.82.7 and 1.82.8, released on March 24, 2026, contained a credential harvester, Kubernetes lateral movement toolkit, and a persistent systemd backdoor. Security vendors including Endor Labs and JFrog confirmed the malicious

TeamPCP Backdoors LiteLLM Versions 1.82.7 to 1.82.8 Through Trivy CI CD Supply Chain Compromise Read More »

Tax Themed Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR

A large-scale malvertising campaign has been identified targeting users searching for tax-related documents, leading to the deployment of remote access malware and advanced security evasion tools. The campaign, active since early 2026, was analyzed by Huntress, revealing how attackers are abusing online advertisements to distribute malicious software disguised as legitimate tax resources. Malicious Ads Target Tax-Related

Tax Themed Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR Read More »

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

Cybersecurity researchers have uncovered an advanced phishing campaign targeting corporate environments, particularly French-speaking organizations, by distributing fake resumes that secretly deploy malware. The operation, tracked as FAUX#ELEVATE by Securonix, combines credential theft, data exfiltration, and cryptocurrency mining into a single highly efficient attack chain. Malicious Resumes Disguised as Job Applications The campaign begins with phishing emails containing what

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner Read More »

Ghost Campaign Uses Seven Malicious npm Packages to Steal Crypto Wallets and Credentials

Cybersecurity researchers have uncovered a new threat campaign targeting developers through malicious npm packages designed to steal cryptocurrency wallets and sensitive system data. The operation, tracked as the Ghost campaign by ReversingLabs, highlights the growing risks within open-source ecosystems where attackers exploit developer trust. Malicious Packages Masquerading as Legitimate Tools The campaign involves several npm packages published under

Ghost Campaign Uses Seven Malicious npm Packages to Steal Crypto Wallets and Credentials Read More »