sctocs

add a heading (8)

Azure Default API Flaw Allows Cross-Tenant Compromise

A major security vulnerability was uncovered in Microsoft Azure’s API Connection infrastructure, allowing attackers to break tenant boundaries and gain unauthorized access to sensitive resources worldwide. The researcher behind the discovery, Gulbrandsrud, was awarded a $40,000 bug bounty and invited to present the findings at Black Hat. The issue originated from Azure’s shared API Management […]

Azure Default API Flaw Allows Cross-Tenant Compromise Read More »

add a heading (7)

Colt Admits Customer Data Theft Following Ransomware Attack

Colt Technology Services, a leading telecommunications provider, has confirmed that a ransomware attack on August 12, 2025, resulted in the theft of sensitive customer data. The company revealed that attackers gained access to confidential files containing customer information. Soon after, the document titles were leaked on dark web forums, forcing Colt to take urgent containment

Colt Admits Customer Data Theft Following Ransomware Attack Read More »

add a heading (5)

South Asian APTs Exploit Novel Tools to Target Military-Adjacent Phones

A highly capable South Asian Advanced Persistent Threat (APT) group has launched a coordinated cyber-espionage campaign aimed at military personnel and defense organizations across Sri Lanka, Bangladesh, Pakistan, and Turkey. The attackers are using a multi-layered strategy that combines targeted phishing with custom Android malware to compromise the smartphones of individuals connected to military institutions.

South Asian APTs Exploit Novel Tools to Target Military-Adjacent Phones Read More »

add a heading (4)

Malicious Go Module Acts as SSH Brute Forcer, Steals Passwords via Telegram

A new and sophisticated supply chain attack has been uncovered, targeting developers through a malicious Go module package. This package disguises itself as a legitimate SSH brute force tool but secretly collects and transmits stolen credentials to cybercriminal operators. Disguised Package with Hidden Malicious Intent The malicious package, named “golang-random-ip-ssh-bruteforce,” promotes itself as a fast

Malicious Go Module Acts as SSH Brute Forcer, Steals Passwords via Telegram Read More »

add a heading (3)

Cryptojacking Attack Exploits Redis Servers to Deploy Miners, Disable Security

A highly advanced cryptojacking campaign has been uncovered, where misconfigured Redis servers are being exploited across multiple regions. The attackers deploy cryptocurrency miners while simultaneously disabling key security defenses, turning exposed systems into long-term profit engines. TA-NATALSTATUS Threat Actor The group behind this operation, tracked as TA-NATALSTATUS, has been active since 2020. However, in 2025

Cryptojacking Attack Exploits Redis Servers to Deploy Miners, Disable Security Read More »

add a heading (2)

Chinese MURKY PANDA Targets Government and Professional Services

A China-linked advanced threat actor, tracked as MURKY PANDA, has become a major concern in global cybersecurity. Since late 2024, the group has been actively targeting government agencies, legal firms, professional services, technology providers, and academic institutions across North America. Advanced Capabilities in Cyber Operations MURKY PANDA is recognized for its ability to exploit cloud

Chinese MURKY PANDA Targets Government and Professional Services Read More »

add a heading

Chinese Hackers Murky, Genesis, Glacial Panda Intensify Cloud and Telecom Espionage

Cybersecurity researchers have raised alarms over increasing cyber-espionage activity linked to China-based threat groups. Among them, Murky Panda, Genesis Panda, and Glacial Panda have been spotlighted for aggressively targeting cloud infrastructures and telecommunications networks to harvest sensitive intelligence. Murky Panda Exploiting Cloud Relationships A recent CrowdStrike report highlights that Murky Panda, also known as Silk

Chinese Hackers Murky, Genesis, Glacial Panda Intensify Cloud and Telecom Espionage Read More »

flaws

Commvault Pre-Auth Exploit Chains Could Allow Remote Code Execution

Commvault has issued critical security updates to patch four vulnerabilities that could allow attackers to execute remote code on vulnerable systems. Affected Versions The flaws exist in Commvault versions prior to 11.36.60. The vulnerabilities are: Discovery and Fixes The vulnerabilities were discovered by Sonny Macdonald and Piotr Bazydlo from watchTowr Labs in April 2025. Commvault

Commvault Pre-Auth Exploit Chains Could Allow Remote Code Execution Read More »

add a heading (1)

Cybercriminals Use CORNFLAKE.V3 Backdoor with ClickFix and Fake CAPTCHA

Threat actors are increasingly using a deceptive method known as ClickFix to spread a powerful backdoor called CORNFLAKE.V3. How ClickFix Works According to Google-owned Mandiant, the campaign is operated by UNC5518, an access-as-a-service group. Attackers lure victims to fake CAPTCHA pages, tricking them into following instructions that ultimately provide attackers with access to their systems.

Cybercriminals Use CORNFLAKE.V3 Backdoor with ClickFix and Fake CAPTCHA Read More »