sctocs

Microsoft IIS Flaw Lets Unauthorized Attackers Execute Malicious Code

Microsoft has revealed a newly discovered critical flaw in its Internet Information Services (IIS) web server, posing potential risks to businesses and organizations using Windows Server for web hosting. The issue, identified as CVE-2025-59282, could allow attackers to execute arbitrary code without authorization under specific conditions. Though not yet exploited in active attacks, cybersecurity experts […]

Microsoft IIS Flaw Lets Unauthorized Attackers Execute Malicious Code Read More »

Windows Remote Desktop Client Flaw Enables Remote Code Execution

Microsoft has addressed a critical security flaw in the Windows Remote Desktop Client that could allow attackers to execute arbitrary code on a user’s system. The issue, identified as CVE-2025-58718, was disclosed on October 14, 2025, and rated as Important in severity. Although no active exploitation has been reported, cybersecurity researchers warn that the flaw

Windows Remote Desktop Client Flaw Enables Remote Code Execution Read More »

GhostBat RAT Masquerades as Fake RTO Android Apps to Steal Banking Data from Indian Users

A new, persistent Android campaign, attributed to GhostBat RAT, impersonates Regional Transport Office, RTO, applications to steal banking data from Indian users. Attackers distribute malicious droppers through WhatsApp, SMS with shortened URLs, GitHub hosted APKs, and compromised websites, then use multi stage loading, ZIP header manipulation, native libraries, and extensive string obfuscation to avoid detection

GhostBat RAT Masquerades as Fake RTO Android Apps to Steal Banking Data from Indian Users Read More »

Chinese Hackers Employ Geo Mapping Tool to Maintain Year Long Persistence

Researchers have discovered that the China-backed advanced persistent threat (APT) group Flax Typhoon maintained long-term access to a geographic information system (ArcGIS) by exploiting trusted software components. Instead of using traditional malware, the attackers converted a legitimate software extension into a persistent backdoor, forcing even the vendor to update its documentation. Turning Legitimate Software into

Chinese Hackers Employ Geo Mapping Tool to Maintain Year Long Persistence Read More »

Chrome Use-After-Free Vulnerability Enables Remote Code Execution

Google has released an urgent security update for its Chrome browser after identifying a high-severity use-after-free vulnerability that could allow attackers to execute arbitrary code on users’ devices. This flaw, if exploited, could let hackers take full control of a system simply through a malicious website visit, making it critical for users to update immediately.

Chrome Use-After-Free Vulnerability Enables Remote Code Execution Read More »

Active Exploitation of Windows Remote Access Connection Manager 0-Day Vulnerability

Microsoft has issued a serious warning after confirming that a newly discovered zero-day vulnerability in the Windows Remote Access Connection Manager (RasMan) service is being actively exploited in real-world attacks. The flaw allows threat actors to gain SYSTEM-level privileges, giving them complete control over the targeted machine. This vulnerability, tracked as CVE-2025-59230, is considered a

Active Exploitation of Windows Remote Access Connection Manager 0-Day Vulnerability Read More »

FortiPAM and FortiSwitch Manager Flaws Allow Attackers to Bypass Authentication

Fortinet has released an urgent security advisory about a critical vulnerability affecting FortiPAM and FortiSwitch Manager. The flaw could allow threat actors to completely bypass authentication mechanisms by using brute-force attack methods, giving them potential access to sensitive systems. Technical Details This vulnerability, tracked as CVE-2025-49201, results from a weak authentication mechanism in the Web

FortiPAM and FortiSwitch Manager Flaws Allow Attackers to Bypass Authentication Read More »

npm, PyPI, and RubyGems Packages Caught Exfiltrating Developer Data to Discord Channels

Cybersecurity researchers have uncovered several malicious packages in the npm, Python (PyPI), and RubyGems ecosystems that are exfiltrating sensitive developer data using Discord webhooks as their command-and-control (C2) channels. These compromised packages allow attackers to send stolen information directly to Discord channels they control. Discord Webhooks Used as a Stealthy Data Channel Discord webhooks provide

npm, PyPI, and RubyGems Packages Caught Exfiltrating Developer Data to Discord Channels Read More »

Researchers Reveal TA585’s MonsterV2 Malware Capabilities, Full Attack Chain

Cybersecurity researchers have exposed a previously undocumented threat actor, TA585, which delivers an off-the-shelf malware called MonsterV2 through targeted phishing campaigns. Proofpoint researchers describe TA585 as operating a self-owned, end-to-end attack chain, managing infrastructure, delivery, and payload installation without relying on third-party distribution services. Background and delivery methods TA585 has used multiple delivery techniques in

Researchers Reveal TA585’s MonsterV2 Malware Capabilities, Full Attack Chain Read More »

RondoDox Botnet Exploits 50+ Vulnerabilities from 30 Vendors in Ongoing Attacks

Cybersecurity researchers have uncovered an ongoing wave of RondoDox botnet campaigns that now exploit more than 50 security vulnerabilities affecting over 30 technology vendors. Trend Micro described this campaign as an “exploit shotgun” strategy, where attackers target a broad spectrum of internet-exposed infrastructure including routers, DVRs, NVRs, CCTV systems, web servers, and other network-connected devices.

RondoDox Botnet Exploits 50+ Vulnerabilities from 30 Vendors in Ongoing Attacks Read More »