sctocs

New COLDRIVER Malware Campaign Joins BO Team and Bearlyfy in Russia-Focused Cyberattacks

The Russian advanced persistent threat (APT) group COLDRIVER has been linked to a new wave of ClickFix-style attacks, deploying two lightweight malware families identified as BAITSWITCH and SIMPLEFIX.Researchers at Zscaler ThreatLabz detected the multi-stage ClickFix campaign earlier this month. They describe BAITSWITCH as a downloader that eventually drops SIMPLEFIX, a PowerShell-based backdoor. COLDRIVER Expands Arsenal […]

New COLDRIVER Malware Campaign Joins BO Team and Bearlyfy in Russia-Focused Cyberattacks Read More »

Vane Viper Generates 1 Trillion DNS Queries to Power Global Malware and Ad Fraud Network

The cybercriminal group known as Vane Viper has been exposed as a key operator in malicious ad technology (adtech). The group has relied on shell companies and unclear ownership structures to avoid accountability while powering large-scale cybercrime operations. According to a recent technical report published by Infoblox in collaboration with Guardio and Confiant, Vane Viper

Vane Viper Generates 1 Trillion DNS Queries to Power Global Malware and Ad Fraud Network Read More »

Fortra GoAnywhere CVSS 10 Vulnerability Exploited as Zero-Day Before Disclosure

Cybersecurity firm watchTowr Labs has revealed that attackers began exploiting a severe flaw in Fortra GoAnywhere Managed File Transfer (MFT) software as early as September 10, 2025, a full week before it was publicly disclosed. According to Benjamin Harris, CEO and Founder of watchTowr, this is not simply a CVSS 10.0 vulnerability in software often

Fortra GoAnywhere CVSS 10 Vulnerability Exploited as Zero-Day Before Disclosure Read More »

New macOS XCSSET Variant Targets Firefox Using Clipper and Persistence Module

Cybersecurity experts have identified a new variant of the well-known macOS malware XCSSET, now observed in limited-scale attacks. According to a report from the Microsoft Threat Intelligence team, this updated version introduces key changes that include browser-focused attacks, clipboard hijacking, and improved persistence techniques. The malware uses strong encryption, obfuscation methods, and run-only compiled AppleScripts

New macOS XCSSET Variant Targets Firefox Using Clipper and Persistence Module Read More »

Cisco ASA Firewall Zero-Day Exploits Deliver RayInitiator and LINE VIPER Malware

The U.K. National Cyber Security Centre (NCSC) and Cisco have confirmed active exploitation of recently disclosed vulnerabilities in Cisco ASA firewalls to deploy highly persistent and evasive malware families, called RayInitiator and LINE VIPER. The campaign, attributed to a cluster named ArcaneDoor and linked to UAT4356 (aka Storm-1849), targets ASA 5500-X Series appliances, and in

Cisco ASA Firewall Zero-Day Exploits Deliver RayInitiator and LINE VIPER Malware Read More »

Salesforce Fixes Critical ForcedLeak Bug Exposing CRM Data Through AI Prompt Injection

Cybersecurity researchers have disclosed a major flaw in Salesforce Agentforce, a platform designed for building AI-powered agents. The vulnerability, codenamed ForcedLeak (CVSS score: 9.4), could have enabled attackers to exfiltrate sensitive data from Salesforce’s CRM system using an indirect AI prompt injection. The issue was discovered and reported by Noma Security on July 28, 2025.

Salesforce Fixes Critical ForcedLeak Bug Exposing CRM Data Through AI Prompt Injection Read More »

North Korean Hackers Deploy AkdoorTea Backdoor to Target Global Crypto Developers

Cybersecurity researchers have uncovered a new backdoor called AkdoorTea, linked to North Korean threat actors involved in the Contagious Interview campaign. This operation, also known by names such as DEV#POPPER, Famous Chollima, Gwisin Gang, Tenacious Pungsan, UNC5342, and Void Dokkaebi, primarily targets developers working on cryptocurrency and Web3 projects across Windows, Linux, and macOS. According

North Korean Hackers Deploy AkdoorTea Backdoor to Target Global Crypto Developers Read More »

Malicious Rust Crates Steal Solana and Ethereum Wallet Keys with 8,424 Downloads Confirmed

Cybersecurity researchers have uncovered two malicious Rust crates that were impersonating a legitimate library named fast_log in order to steal Solana and Ethereum wallet keys from source code. The rogue crates, titled faster_log and async_println, were published on May 25, 2025, by actors using the aliases rustguruman and dumbnbased. According to software supply chain security

Malicious Rust Crates Steal Solana and Ethereum Wallet Keys with 8,424 Downloads Confirmed Read More »

RedNovember, Chinese Hackers, Target Global Governments Using Pantegana, Cobalt Strike

A cyber espionage cluster previously identified in large-scale campaigns across Africa, Asia, North America, South America, and Oceania has now been assessed as a Chinese state-sponsored threat group. Threat intelligence firm Recorded Future, which earlier tracked this activity under the identifier TAG-100, has elevated the group’s status and assigned it the name RedNovember. Microsoft is

RedNovember, Chinese Hackers, Target Global Governments Using Pantegana, Cobalt Strike Read More »

LNK Stomping Attack Lets Hackers Bypass Windows Mark of the Web

A sophisticated technique, called LNK Stomping, abuses how Windows handles shortcut files to bypass the Mark of the Web, or MoTW, security control. Tracked as CVE-2024-38217 and patched on September 10, 2024, the vulnerability allows attackers to craft malicious LNK files that force Windows Explorer to normalize paths, accidentally strip the Zone.Identifier NTFS alternate data

LNK Stomping Attack Lets Hackers Bypass Windows Mark of the Web Read More »