sctocs

North Korean Hackers Deploy AkdoorTea Backdoor to Target Global Crypto Developers

Cybersecurity researchers have uncovered a new backdoor called AkdoorTea, linked to North Korean threat actors involved in the Contagious Interview campaign. This operation, also known by names such as DEV#POPPER, Famous Chollima, Gwisin Gang, Tenacious Pungsan, UNC5342, and Void Dokkaebi, primarily targets developers working on cryptocurrency and Web3 projects across Windows, Linux, and macOS. According […]

North Korean Hackers Deploy AkdoorTea Backdoor to Target Global Crypto Developers Read More »

Malicious Rust Crates Steal Solana and Ethereum Wallet Keys with 8,424 Downloads Confirmed

Cybersecurity researchers have uncovered two malicious Rust crates that were impersonating a legitimate library named fast_log in order to steal Solana and Ethereum wallet keys from source code. The rogue crates, titled faster_log and async_println, were published on May 25, 2025, by actors using the aliases rustguruman and dumbnbased. According to software supply chain security

Malicious Rust Crates Steal Solana and Ethereum Wallet Keys with 8,424 Downloads Confirmed Read More »

RedNovember, Chinese Hackers, Target Global Governments Using Pantegana, Cobalt Strike

A cyber espionage cluster previously identified in large-scale campaigns across Africa, Asia, North America, South America, and Oceania has now been assessed as a Chinese state-sponsored threat group. Threat intelligence firm Recorded Future, which earlier tracked this activity under the identifier TAG-100, has elevated the group’s status and assigned it the name RedNovember. Microsoft is

RedNovember, Chinese Hackers, Target Global Governments Using Pantegana, Cobalt Strike Read More »

LNK Stomping Attack Lets Hackers Bypass Windows Mark of the Web

A sophisticated technique, called LNK Stomping, abuses how Windows handles shortcut files to bypass the Mark of the Web, or MoTW, security control. Tracked as CVE-2024-38217 and patched on September 10, 2024, the vulnerability allows attackers to craft malicious LNK files that force Windows Explorer to normalize paths, accidentally strip the Zone.Identifier NTFS alternate data

LNK Stomping Attack Lets Hackers Bypass Windows Mark of the Web Read More »

Microsoft Patches Entra ID Security Flaw Allowing Cross-Tenant Global Admin Impersonation

Summary, a critical token validation failure in Microsoft Entra ID, formerly Azure Active Directory, could have let attackers impersonate any user, including Global Administrators, across tenants. The flaw, tracked as CVE-2025-55241, received a CVSS score of 10.0, and Microsoft describes it as a privilege escalation issue in Entra ID. Microsoft fixed the problem on July

Microsoft Patches Entra ID Security Flaw Allowing Cross-Tenant Global Admin Impersonation Read More »

SystemBC Powers REM Proxy With 1,500 Daily VPS Victims Across 80 C2 Servers

A malware-based proxy network called REM Proxy is driven by SystemBC, providing roughly 80% of the botnet’s capacity to its users, according to the latest research from Black Lotus Labs at Lumen Technologies. “REM Proxy is a large-scale network that also offers access to about 20,000 Mikrotik routers and multiple open proxies discovered online,” the

SystemBC Powers REM Proxy With 1,500 Daily VPS Victims Across 80 C2 Servers Read More »

CISA Warns Hackers Exploiting Ivanti EPMM Vulnerabilities to Deploy Malware

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a serious warning about ongoing malware campaigns targeting Ivanti Endpoint Manager Mobile (EPMM) platforms. Threat actors are actively exploiting two critical security flaws, CVE-2025-4427 and CVE-2025-4428, enabling complete system compromise and arbitrary code execution on affected servers. These attacks started shortly after Ivanti publicly disclosed the

CISA Warns Hackers Exploiting Ivanti EPMM Vulnerabilities to Deploy Malware Read More »

17,500 Phishing Domains Target 316 Brands Across 74 Countries Amid Global PhaaS Surge

A recent surge in phishing-as-a-service (PhaaS) activity has linked over 17,500 phishing domains to 316 brands across 74 countries. The platforms behind this activity, known as Lighthouse and Lucid, are making large-scale phishing campaigns more accessible to cybercriminals. Netcraft reported that “PhaaS deployments have risen significantly recently. Operators charge monthly fees for phishing software with

17,500 Phishing Domains Target 316 Brands Across 74 Countries Amid Global PhaaS Surge Read More »

Russian Hackers Gamaredon And Turla Join Forces To Deploy Kazuar Backdoor In Ukraine

Cybersecurity researchers have uncovered strong indications that two well-known Russian threat groups, Gamaredon and Turla, are actively working together to target Ukrainian systems. According to Slovak cybersecurity company ESET, the Gamaredon toolset (notably PteroGraphin and PteroOdd) was leveraged in February 2025 to run Turla’s Kazuar backdoor on a Ukrainian endpoint. This suggests that Turla is

Russian Hackers Gamaredon And Turla Join Forces To Deploy Kazuar Backdoor In Ukraine Read More »

CISA Warns Of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 And CVE-2025-4428

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a detailed advisory highlighting the discovery of two different malware strains that exploited security flaws in Ivanti Endpoint Manager Mobile (EPMM). The malicious activity was identified inside the network of an unnamed organization, where attackers leveraged vulnerabilities CVE-2025-4427 and CVE-2025-4428 to compromise systems. How the

CISA Warns Of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 And CVE-2025-4428 Read More »