sctocs

Trivy Supply Chain Attack Spreads CanisterWorm Across 47 npm Packages

A large-scale supply chain attack targeting the widely used Trivy security scanner has escalated into a self-propagating malware campaign, infecting at least 47 npm packages with a newly identified worm known as CanisterWorm. Security researchers report that the attackers are likely continuing their operations beyond the initial compromise, expanding the infection across multiple software ecosystems […]

Trivy Supply Chain Attack Spreads CanisterWorm Across 47 npm Packages Read More »

Magento PolyShell Vulnerability Allows Unauthenticated File Uploads, RCE, and Account Takeover

A serious security flaw has been identified in Magento that allows unauthenticated attackers to upload malicious files, execute remote code, and potentially take over user accounts. This issue, referred to as PolyShell, has been analyzed by the security firm Sansec. The vulnerability affects all versions of Magento Open Source and Adobe Commerce up to 2.4.9-alpha2.

Magento PolyShell Vulnerability Allows Unauthenticated File Uploads, RCE, and Account Takeover Read More »

Trivy GitHub Actions Compromised, 75 Tags Hijacked to Steal CI CD Secrets

A major supply chain security incident has affected the widely used open-source vulnerability scanner Trivy, maintained by Aqua Security. Attackers compromised its GitHub Actions ecosystem and manipulated version tags to distribute malware designed to steal sensitive CI/CD secrets. The attack targeted repositories including aquasecurity/trivy-action and aquasecurity/setup-trivy, which are commonly used in CI/CD pipelines to scan

Trivy GitHub Actions Compromised, 75 Tags Hijacked to Steal CI CD Secrets Read More »

Critical Langflow Vulnerability CVE-2026-33017 Exploited Within 20 Hours of Disclosure

A newly disclosed critical vulnerability in the open-source AI platform Langflow has already been actively exploited within just 20 hours of its public announcement, demonstrating how quickly attackers weaponize newly discovered security flaws. The vulnerability, tracked as CVE-2026-33017 with a CVSS score of 9.3, is caused by a combination of missing authentication and unsafe code

Critical Langflow Vulnerability CVE-2026-33017 Exploited Within 20 Hours of Disclosure Read More »

Google Introduces 24 Hour Delay for Unverified App Sideloading to Curb Malware and Scams

Google has unveiled a new security measure aimed at reducing malware infections and online scams on Android devices. The update introduces an “advanced flow” for sideloading apps, requiring users to wait 24 hours before installing applications from unverified developers. This move is designed to strengthen user protection while still preserving Android’s flexibility and openness. The

Google Introduces 24 Hour Delay for Unverified App Sideloading to Curb Malware and Scams Read More »

DoJ Takes Down 3 Million Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks

The U.S. Department of Justice has announced a major cybersecurity operation that successfully disrupted the command-and-control infrastructure used by multiple large-scale Internet of Things botnets, including AISURU, Kimwolf, JackSkid, and Mossad. This coordinated law enforcement effort, carried out under court authorization, also involved international cooperation with authorities from Canada and Germany. Several leading technology and

DoJ Takes Down 3 Million Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks Read More »

Apple Alerts That Older iPhones Are Vulnerable to Coruna and DarkSword Exploit Kit Attacks

Apple has released an urgent security advisory, cautioning users who are still operating older versions of iOS to immediately update their devices. The warning highlights active cyberattacks carried out using advanced exploit kits such as Coruna and DarkSword, which are targeting outdated iPhones through malicious web content. These exploit kits are designed to take advantage

Apple Alerts That Older iPhones Are Vulnerable to Coruna and DarkSword Exploit Kit Attacks Read More »

Speagle Malware Compromises Cobra DocGuard to Steal Data via Infected Servers

Cybersecurity experts have identified a newly discovered malware strain named Speagle, which manipulates the features and infrastructure of a legitimate document security tool, Cobra DocGuard, to carry out covert data theft operations. According to a recent report by Symantec and Carbon Black researchers, the malware quietly collects sensitive data from infected systems and transfers it

Speagle Malware Compromises Cobra DocGuard to Steal Data via Infected Servers Read More »

54 EDR Killers Leverage BYOVD to Exploit 35 Signed Vulnerable Drivers and Disable Security

A new cybersecurity analysis has revealed that dozens of endpoint detection and response (EDR) killer tools are actively exploiting trusted system components to disable security protections. Researchers have identified 54 such tools leveraging the Bring Your Own Vulnerable Driver (BYOVD) technique by abusing at least 35 signed but vulnerable drivers. According to ESET, these tools

54 EDR Killers Leverage BYOVD to Exploit 35 Signed Vulnerable Drivers and Disable Security Read More »

New Perseus Android Banking Malware Monitors Notes Apps to Steal Sensitive Data

Cybersecurity researchers have identified a new Android malware strain called Perseus, which is actively being deployed to perform device takeover (DTO) and financial fraud. The malware is designed to compromise Android devices, steal sensitive information, and enable attackers to control infected systems remotely. According to ThreatFabric, Perseus builds upon earlier malware families like Cerberus and

New Perseus Android Banking Malware Monitors Notes Apps to Steal Sensitive Data Read More »