sctocs

Proof of Concept Exploit Released for Nothing Phone Remote Code Execution Vulnerability

A proof of concept exploit, called Fenrir and published by researcher R0rt1z2, has been released for a critical weakness in the secure boot chain used by the Nothing Phone (2a) and CMF Phone 1, and likely present in other devices using MediaTek system on chips. The exploit lets an attacker run code at the highest […]

Proof of Concept Exploit Released for Nothing Phone Remote Code Execution Vulnerability Read More »

Shuyal Stealer Targets 19 Browsers to Harvest Login Credentials

Shuyal Stealer has quickly become one of the most flexible credential theft tools observed in recent months. First seen in early August, its modular design enables it to target a wide variety of web browsers, including Chromium-based, Gecko-based, and legacy engines, making it a high-risk threat for many environments. Early signs and impact Initial indicators

Shuyal Stealer Targets 19 Browsers to Harvest Login Credentials Read More »

Microsoft Events Vulnerability Exposes User Data from Registration and Waitlist Databases

A major security vulnerability was discovered in the Microsoft Events platform, which could have allowed unauthorized access to personal information stored in two separate databases — the event registration list and the waitlist database. Discovery of the Flaw The issue was identified by a 15-year-old bug bounty researcher, known as Faav, who uncovered that the flaw exposed

Microsoft Events Vulnerability Exposes User Data from Registration and Waitlist Databases Read More »

Microsoft 365 Outage Blocks Access to Admin Center, Core Services, and Entra ID

A significant service outage has disrupted Microsoft 365, preventing users from accessing key services, including the Admin Center and applications that depend on Microsoft Entra ID for authentication. The issue began on Thursday, October 9, 2025, and is impacting organizations worldwide. Widespread Service Disruption The outage has affected users attempting to log in to the Microsoft 365

Microsoft 365 Outage Blocks Access to Admin Center, Core Services, and Entra ID Read More »

Critical Flaw in WordPress Service Finder Theme Allows Authentication Bypass by Attackers

A serious security flaw has been discovered in the popular Service Finder WordPress theme, which attackers are actively exploiting to gain unauthorized access to websites. This vulnerability allows threat actors to log in as any user, including administrators, and take complete control of affected sites. Details of the Vulnerability The flaw, tracked as CVE-2025-5947 with a

Critical Flaw in WordPress Service Finder Theme Allows Authentication Bypass by Attackers Read More »

AI Emerges as Russia’s Latest Cyber Weapon in Its War on Ukraine

Russian hackers have taken their cyber offensive to a new level by integrating artificial intelligence (AI) into cyber attacks against Ukraine, according to a report published by the State Service for Special Communications and Information Protection of Ukraine (SSSCIP). The report revealed that during the first half of 2025 (H1 2025), hackers began using AI

AI Emerges as Russia’s Latest Cyber Weapon in Its War on Ukraine Read More »

Critical Figma MCP Flaw Allows Remote Code Execution, Users Urged to Patch Immediately

A serious security flaw has been discovered in the figma-developer-mcp (Model Context Protocol) server, which could allow attackers to execute arbitrary code remotely. Although the issue has now been patched, experts are warning users to update immediately to prevent exploitation. Details of the Vulnerability The vulnerability, tracked as CVE-2025-53967 with a CVSS score of 7.5,

Critical Figma MCP Flaw Allows Remote Code Execution, Users Urged to Patch Immediately Read More »

LockBit, Qilin, and DragonForce Collaborate to Strengthen Ransomware Operations

Three leading ransomware groups—DragonForce, LockBit, and Qilin—have officially joined forces, signaling a notable shift in the global cyber threat landscape. This strategic partnership aims to enhance the effectiveness of ransomware operations, according to a report by ReliaQuest shared with The Hacker News. “Following LockBit’s recent return, this alliance is expected to enable the sharing of

LockBit, Qilin, and DragonForce Collaborate to Strengthen Ransomware Operations Read More »

Hackers Compromise WordPress Sites to Fuel Next-Generation ClickFix Phishing Campaigns

Cybersecurity teams have uncovered a coordinated campaign that compromises WordPress websites to inject malicious JavaScript, with the goal of redirecting visitors to fraudulent, malware laden pages. These drive by injections impersonate legitimate checks, tricking users into following steps that ultimately deliver malware or credential theft. What researchers found, and how the injection works Researchers at

Hackers Compromise WordPress Sites to Fuel Next-Generation ClickFix Phishing Campaigns Read More »

Chinese Hackers Use Open-Source Nezha Tool in Latest Cyberattack Campaign

Threat actors believed to be linked to China have repurposed a legitimate open-source monitoring framework, Nezha, to conduct a coordinated cyberattack, researchers found. The campaign, observed in August 2025 by Huntress, used a log poisoning technique to plant a PHP web shell on vulnerable web servers, then leveraged that access to deploy Nezha and ultimately

Chinese Hackers Use Open-Source Nezha Tool in Latest Cyberattack Campaign Read More »