sctocs

add a heading (11)

Kea DHCP Vulnerability Enables Remote Crash Attack

A newly revealed security flaw in the ISC Kea DHCP server has raised serious concerns for organizations worldwide. Tracked as CVE-2025-40779, this vulnerability allows remote attackers to crash DHCPv4 services using a single specially crafted unicast packet, leading to potential large-scale network disruptions. Key Points Technical Details The flaw arises from an assertion failure in […]

Kea DHCP Vulnerability Enables Remote Crash Attack Read More »

add a heading (10)

CISA Issues Warning on Citrix NetScaler Zero-Day RCE Exploit

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released an urgent advisory about a newly discovered zero-day flaw in Citrix NetScaler appliances. The issue, tracked as CVE-2025-7775, is a memory overflow vulnerability that enables remote code execution (RCE). Reports confirm that threat actors are already exploiting this weakness, which led to its immediate addition

CISA Issues Warning on Citrix NetScaler Zero-Day RCE Exploit Read More »

add a heading (9)

New Malware Exploits TASPEN to Target Indonesian Senior Citizens

A new and highly coordinated malware campaign has surfaced in Indonesia, specifically preying on senior citizens who depend on the nation’s official pension system. The attackers are exploiting the credibility of PT Dana Tabungan dan Asuransi Pegawai Negeri (TASPEN), the state-owned pension fund that manages more than $15.9 billion in assets for millions of retired

New Malware Exploits TASPEN to Target Indonesian Senior Citizens Read More »

add a heading (8)

Underground Ransomware Gang Reveals New Global Attack Tactics

Over the past year, the Underground ransomware group has risen as a major threat to organizations worldwide, spanning multiple industries and countries. Initially spotted in July 2023, the gang reappeared in May 2024 with a Dedicated Leak Site (DLS), signaling a shift toward more advanced and strategic operations. Their attacks now reach from the United

Underground Ransomware Gang Reveals New Global Attack Tactics Read More »

add a heading (7)

Malicious Nx Packages in ‘s1ngularity’ Attack Leak 2,349 GitHub, Cloud, and AI Credentials

The maintainers of the Nx build system have warned users about a supply chain attack that allowed cybercriminals to release malicious versions of the popular npm package along with supporting plugins, designed to steal sensitive information. According to the advisory published on Wednesday, “Malicious versions of the Nx package, and certain auxiliary plugins, were uploaded

Malicious Nx Packages in ‘s1ngularity’ Attack Leak 2,349 GitHub, Cloud, and AI Credentials Read More »

5g (14)

BruteForceAI Tool Automates Login Page Detection and Smart Brute-Force Attacks

BruteForceAI, created by security researcher Mor David, is a modern penetration testing tool that combines large language models (LLMs) with browser automation to automatically detect login forms and perform advanced brute-force testing. By merging AI-powered form analysis, evasion strategies, and detailed logging, this framework makes credential-testing faster and more efficient, helping security professionals quickly uncover

BruteForceAI Tool Automates Login Page Detection and Smart Brute-Force Attacks Read More »

5g (13)

Spotify Introduces Direct Messaging for Music Sharing, Security Risks Analyzed

Spotify has officially launched a new in-app direct messaging feature called Messages, now available to both Free and Premium users aged 16 and above in select regions. The update went live on August 26, 2025, and is designed to make sharing music, podcasts, and audiobooks more seamless while encouraging social engagement inside the platform. How

Spotify Introduces Direct Messaging for Music Sharing, Security Risks Analyzed Read More »

5g (12)

ShadowSilk Targets 35 Organizations in Central Asia and APAC via Telegram Bots

A newly identified hacking cluster known as ShadowSilk has been linked to a wave of cyber intrusions aimed at government agencies in Central Asia and the Asia-Pacific (APAC) region. Rising Campaigns and Overlaps with Other Groups Group-IB reports that nearly 36 victims have been confirmed so far, with attackers primarily focused on stealing sensitive data.

ShadowSilk Targets 35 Organizations in Central Asia and APAC via Telegram Bots Read More »

5g (11)

ZipLine Campaign Targets Manufacturing Firms with In-Memory MixShell Malware

A newly uncovered phishing operation called the ZipLine campaign is actively targeting U.S. manufacturing companies. The attackers disguise themselves as business partners and exploit supply chain importance to deliver a fileless, memory-resident malware known as MixShell. Unconventional Phishing Tactics Unlike traditional phishing methods, ZipLine reverses the workflow. Instead of sending the first email, threat actors

ZipLine Campaign Targets Manufacturing Firms with In-Memory MixShell Malware Read More »

5g (9)

DOGE Accused of Uploading Social Security Data to Unsecured Cloud

A whistleblower report filed today accuses the Department of Government Efficiency (DOGE) within the Social Security Administration (SSA) of secretly replicating the nation’s entire Social Security dataset in an unsecured cloud environment. According to the disclosure, this action placed over 300 million Americans at risk of identity theft, financial fraud, and potential loss of Social

DOGE Accused of Uploading Social Security Data to Unsecured Cloud Read More »