sctocs

MystRodX Exploits DNS and ICMP Channels to Steal Data From Compromised Systems

A newly uncovered backdoor malware known as MystRodX has raised alarms in the cybersecurity community. Operating silently for more than 20 months, this advanced threat has been able to exfiltrate sensitive information using covert communication techniques that bypass standard defenses. Initially mistaken for a Mirai botnet variant, MystRodX is far more dangerous. Instead of relying […]

MystRodX Exploits DNS and ICMP Channels to Steal Data From Compromised Systems Read More »

Phishing Campaign Hid for 3 Years on Google Cloud and Cloudflare Services

A highly advanced phishing campaign managed to stay undetected for more than three years while operating through Google Cloud and Cloudflare services. The attackers impersonated leading corporations, including major defense contractor Lockheed Martin, raising concerns about the detection gaps in two of the world’s most trusted internet infrastructure providers. How the Campaign Worked The operation

Phishing Campaign Hid for 3 Years on Google Cloud and Cloudflare Services Read More »

CISA Alerts on Critical SunPower Vulnerability Allowing Attackers Full Device Access

The Cybersecurity and Infrastructure Security Agency (CISA) has released a high-priority security advisory concerning a critical flaw in SunPower PVS6 solar monitoring devices. This weakness, registered as CVE-2025-9696, could give cyber attackers full administrative control over affected systems, creating serious risks for solar energy infrastructure across the globe. Overview of the Vulnerability The flaw arises

CISA Alerts on Critical SunPower Vulnerability Allowing Attackers Full Device Access Read More »

CISA Adds TP-Link and WhatsApp Flaws to KEV Catalog Amid Active Exploitation

CISA Flags TP-Link and WhatsApp Flaws in KEV Catalog Amid Ongoing Exploitation image import The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added two newly discovered vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, warning organizations about the growing risk of active exploitation. These flaws impact TP-Link TL-WA855RE Wi-Fi Range Extenders and the

CISA Adds TP-Link and WhatsApp Flaws to KEV Catalog Amid Active Exploitation Read More »

Cloudflare Blocks Record-Breaking 11.5 Tbps DDoS Attack

Cloudflare has once again proven the strength of its global defense infrastructure by automatically stopping a record-breaking 11.5 terabits per second (Tbps) distributed denial-of-service (DDoS) attack. This massive cyber offensive is now the largest volumetric DDoS attack ever mitigated, highlighting both the scale of modern threats and the growing sophistication of attackers. The Attack in

Cloudflare Blocks Record-Breaking 11.5 Tbps DDoS Attack Read More »

Salesloft Takes Drift Offline After OAuth Token Theft Hits Hundreds of Organizations

Salesloft has announced that it will temporarily take Drift offline after a large-scale cyberattack led to the theft of OAuth tokens from hundreds of organizations. The decision, revealed on Tuesday, comes after reports confirmed that attackers had compromised Drift’s systems, affecting many companies that rely on its chatbot and integration services. Why Drift Is Going

Salesloft Takes Drift Offline After OAuth Token Theft Hits Hundreds of Organizations Read More »

Ukrainian Network FDN3 Launches Massive Brute-Force Attacks on SSL VPN and RDP Devices

Cybersecurity researchers have identified a Ukraine-based IP network, FDN3 (AS211736), as the source of massive brute-force and password spraying attacks against SSL VPN and RDP systems. These activities took place between June and July 2025 and have raised concerns about the growing abuse of bulletproof hosting infrastructure to launch large-scale cyberattacks. The Origin of Attacks

Ukrainian Network FDN3 Launches Massive Brute-Force Attacks on SSL VPN and RDP Devices Read More »

Malicious npm Package nodejs-smtp Mimics Nodemailer, Targets Atomic and Exodus Wallets

Discovery of a Malicious Package Cybersecurity experts have identified a deceptive npm package called nodejs-smtp, designed to compromise desktop applications for cryptocurrency wallets such as Atomic and Exodus on Windows systems. The package was uploaded to the npm registry in April 2025 by a user named “nikotimon.” Although it has since been removed, it managed

Malicious npm Package nodejs-smtp Mimics Nodemailer, Targets Atomic and Exodus Wallets Read More »

Android Droppers Now Deliver SMS Stealers and Spyware, Not Just Banking Trojans

Cybersecurity experts have noticed a notable shift in Android malware campaigns, where dropper apps—traditionally used to deliver banking trojans—are now distributing simpler malicious software such as SMS stealers and lightweight spyware. According to a report by ThreatFabric last week, these campaigns often impersonate government or banking apps in India and other Asian countries. The Dutch

Android Droppers Now Deliver SMS Stealers and Spyware, Not Just Banking Trojans Read More »

Hackers Exploit Windows Defender Application Control Policies to Disable EDR Agents

Cyber attackers are abusing Windows Defender Application Control (WDAC) policies to shut down Endpoint Detection and Response (EDR) agents, leaving organizations with serious visibility gaps in their defenses. What started as a proof-of-concept has now evolved into a real-world threat adopted by advanced groups, including ransomware operators such as Black Basta. Key Insights According to

Hackers Exploit Windows Defender Application Control Policies to Disable EDR Agents Read More »