sctocs

add a heading (5)

Docker Patches CVE-2025-9074 Critical Container Escape Vulnerability (CVSS 9.3)

Docker has rolled out security updates to fix a critical vulnerability (CVE-2025-9074) in Docker Desktop for Windows and macOS. This flaw, rated 9.3 out of 10 on the CVSS scale, could allow attackers to escape container isolation and gain host-level access. The issue has been patched in Docker Desktop version 4.44.3. According to Docker’s security […]

Docker Patches CVE-2025-9074 Critical Container Escape Vulnerability (CVSS 9.3) Read More »

add a heading (4)

UNC6384 Chinese Hackers Use Valid Code Signing Certificates to Bypass Security

In early 2025, a covert cyber-espionage campaign targeted diplomats and government organizations across Southeast Asia and other regions. At the core of this operation is STATICPLUGIN, a downloader cleverly disguised as a legitimate Adobe plugin update. Malicious Redirect via Captive Portal Victims experienced a captive portal hijack, redirecting browsers to malicious domains. The landing page,

UNC6384 Chinese Hackers Use Valid Code Signing Certificates to Bypass Security Read More »

add a heading (3)

CISA Alerts on Citrix RCE and Privilege Escalation Flaws Being Exploited

CISA has released a critical security advisory highlighting three recently discovered vulnerabilities that are actively targeted by attackers. On August 25, 2025, these high-risk Common Vulnerabilities and Exposures (CVEs) were added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog, signaling an urgent need for both government agencies and private organizations to act swiftly. Key Highlights Citrix

CISA Alerts on Citrix RCE and Privilege Escalation Flaws Being Exploited Read More »

add a heading (2)

30,000+ IPs Used by Hackers to Scan and Exploit Microsoft Remote Desktop Protocol (RDP) Services

A large-scale coordinated campaign has been detected targeting Microsoft Remote Desktop Protocol (RDP) services, where attackers deployed more than 30,000 unique IP addresses to probe for weaknesses in RD Web Access and RDP Web Client authentication portals. Security analysts warn that this represents one of the largest RDP reconnaissance operations in recent years, suggesting that

30,000+ IPs Used by Hackers to Scan and Exploit Microsoft Remote Desktop Protocol (RDP) Services Read More »

add a heading (1)

Critical Tableau Server Flaw Allows Attackers to Upload and Execute Malicious Files

A severe security flaw has been discovered in Tableau Server, which could allow attackers to upload and execute malicious files, leading to full system takeover. This vulnerability, tracked as CVE-2025-26496 with a CVSS score of 9.6, impacts several versions of Tableau Server and Tableau Desktop on both Windows and Linux platforms. Key Highlights Tableau Server

Critical Tableau Server Flaw Allows Attackers to Upload and Execute Malicious Files Read More »

add a heading (1)

PoC Exploit and Technical Analysis Published for Apple Zero-Day RCE Vulnerability

A newly disclosed critical zero-click exploit (CVE-2025-43300) poses a serious threat to Apple devices. The flaw exists in Apple’s RawCamera.bundle, specifically within the JPEG Lossless Decompression implementation, and allows attackers to execute arbitrary code by sending maliciously crafted DNG (Digital Negative) files. What makes this vulnerability alarming is that no user interaction is required. Simply

PoC Exploit and Technical Analysis Published for Apple Zero-Day RCE Vulnerability Read More »

add a heading

Hackers Exploit SendGrid Service to Steal User Login Credentials

A highly advanced phishing operation has been detected, abusing the trusted reputation of SendGrid to harvest user credentials. Attackers are using SendGrid’s legitimate cloud-based email service to distribute phishing emails that evade traditional email security filters. Campaign Overview This campaign relies on psychological manipulation and urgency tactics, with three crafted email themes designed to pressure

Hackers Exploit SendGrid Service to Steal User Login Credentials Read More »

add a heading

KorPlug Malware Analysis Reveals TTPs, Control Flow, and IOCs

A newly analyzed malware strain named KorPlug has surfaced as a significant cybersecurity threat. This malware leverages advanced obfuscation techniques that make detection and reverse engineering extremely challenging. Obfuscation and Execution Techniques KorPlug stands out due to its use of O-LLVM-based obfuscation, which transforms normal program structures into complex control flow graphs (CFGs). These techniques

KorPlug Malware Analysis Reveals TTPs, Control Flow, and IOCs Read More »

add a heading

Chinese Hacker Sentenced for Using Kill Switch on Ohio Company’s Global Network

A 55-year-old Chinese national, Davis Lu, has been sentenced to four years in federal prison for executing a destructive insider cyberattack on the global IT infrastructure of his former employer in Beachwood, Ohio. Lu exploited his privileged role as a software developer to implant advanced malware that disrupted thousands of users across multiple countries. The

Chinese Hacker Sentenced for Using Kill Switch on Ohio Company’s Global Network Read More »

vecteezy hacker in dark room with hooded sweatshirt red warning 69524586

Transparent Tribe Uses Malicious Desktop Shortcuts in Phishing Attacks on Indian Government

The advanced persistent threat (APT) group Transparent Tribe (APT36) has been observed targeting Indian government entities through a new campaign that leverages malicious desktop shortcut files on both Windows and BOSS Linux systems. According to CYFIRMA, attackers are relying on spear-phishing emails to gain initial access. In the case of Linux BOSS systems, malicious .desktop

Transparent Tribe Uses Malicious Desktop Shortcuts in Phishing Attacks on Indian Government Read More »