sctocs

Oracle Issues Urgent Patch for CVE-2025-61882 Exploited by Cl0p in Data Theft Attacks

Oracle has released an emergency patch to address a serious security vulnerability in its E-Business Suite. The flaw, identified as CVE-2025-61882 with a CVSS score of 9.8, has already been actively exploited in data theft campaigns carried out by the Cl0p ransomware group. Details of the Vulnerability The issue lies in the Oracle Concurrent Processing […]

Oracle Issues Urgent Patch for CVE-2025-61882 Exploited by Cl0p in Data Theft Attacks Read More »

Detour Dog Exposed for Operating DNS-Based Malware Factory Linked to Strela Stealer

A cybercriminal known as Detour Dog has been exposed as the operator behind large-scale DNS-powered malware campaigns that distribute Strela Stealer, an information-stealing malware. Security researchers from Infoblox have traced the attacker’s infrastructure, revealing how it fuels the spread of a backdoor named StarFish, which acts as the entry point for Strela Stealer infections. Background

Detour Dog Exposed for Operating DNS-Based Malware Factory Linked to Strela Stealer Read More »

Researchers Alert on SORVEPOTEL, a Self-Spreading Malware Targeting WhatsApp Users

A newly discovered malware campaign is targeting WhatsApp users in Brazil, spreading rapidly through phishing techniques. The malware, named SORVEPOTEL by Trend Micro researchers, is designed for fast propagation rather than data theft or ransomware. The attack begins when compromised WhatsApp accounts send phishing messages containing malicious ZIP file attachments. These files often appear as

Researchers Alert on SORVEPOTEL, a Self-Spreading Malware Targeting WhatsApp Users Read More »

CISA Warns Meteobridge CVE-2025-4008 Vulnerability Is Actively Exploited

Security firm ONEKEY, which discovered and reported the flaw in February 2025, explained that the Meteobridge web application, built using CGI shell scripts and C, exposes a script called template.cgi through the /cgi-bin/template.cgi directory. This script’s insecure use of eval makes it possible for attackers to inject malicious commands through specially crafted requests. For instance,

CISA Warns Meteobridge CVE-2025-4008 Vulnerability Is Actively Exploited Read More »

New “Cavalry Werewolf” Attack Targets Russian Agencies With FoalShell and StallionRAT

A threat actor, tracked by security researchers as Cavalry Werewolf, has been observed targeting Russian government organisations and critical industry networks, using malware families known as FoalShell and StallionRAT. Cybersecurity vendor BI.ZONE links this cluster to multiple other tracked groups, including SturgeonPhisher, Silent Lynx, Comrade Saiga, ShadowSilk, and Tomiris, which suggests overlapping toolsets and tactics.

New “Cavalry Werewolf” Attack Targets Russian Agencies With FoalShell and StallionRAT Read More »

Confucius Hackers Target Pakistan With WooperStealer and Anondoor Malware

A persistent threat actor known as Confucius has been linked to a fresh phishing campaign focused on Pakistan, deploying information stealers and, more recently, a Python-based backdoor. Security firms have observed the group using malware families such as WooperStealer and Anondoor to harvest sensitive data and to establish longer-term access on compromised systems. Background and

Confucius Hackers Target Pakistan With WooperStealer and Anondoor Malware Read More »

Red Hat Data Breach, Hackers Claim Access to 28K Private GitHub Repositories

A hacking group calling itself the Crimson Collective has allegedly carried out one of the most severe breaches in recent memory, targeting Red Hat’s private GitHub repositories. According to their claims, nearly 570GB of compressed data was extracted from more than 28,000 internal repositories, making this incident a potential milestone in the history of technology-related

Red Hat Data Breach, Hackers Claim Access to 28K Private GitHub Repositories Read More »

Android Spyware Masquerades as Signal Encryption Plugin and ToTok Pro, Users at Risk

Cybersecurity experts have uncovered two dangerous Android spyware campaigns known as ProSpy and ToSpy, targeting users in the United Arab Emirates (U.A.E.). These malicious campaigns disguise themselves as popular apps such as Signal Encryption Plugin and ToTok Pro to trick unsuspecting victims into installing spyware on their devices. Fake Apps and Distribution Tactics According to

Android Spyware Masquerades as Signal Encryption Plugin and ToTok Pro, Users at Risk Read More »

Hackers Exploit Milesight Routers to Send Phishing SMS to Users in Europe

Unknown threat actors have abused Milesight industrial cellular routers to send phishing SMS messages, or smishing, targeting users across several European countries since at least February 2022. French cybersecurity firm SEKOIA reports that attackers leveraged exposed router APIs to distribute malicious links, with a focus on Sweden, Italy, and Belgium. The campaigns impersonated government services,

Hackers Exploit Milesight Routers to Send Phishing SMS to Users in Europe Read More »

Android Banking Trojan “Klopatra” Hides VNC Access to Take Control of Smartphones

A newly discovered Android banking trojan named Klopatra has infected more than 3,000 devices, with the majority of cases reported in Spain and Italy. The malware, identified by the Italian fraud prevention company Cleafy in late August 2025, is a sophisticated remote access trojan (RAT) that leverages Hidden Virtual Network Computing (VNC) for remote control,

Android Banking Trojan “Klopatra” Hides VNC Access to Take Control of Smartphones Read More »