sctocs

add a heading (3)

Cryptojacking Attack Exploits Redis Servers to Deploy Miners, Disable Security

A highly advanced cryptojacking campaign has been uncovered, where misconfigured Redis servers are being exploited across multiple regions. The attackers deploy cryptocurrency miners while simultaneously disabling key security defenses, turning exposed systems into long-term profit engines. TA-NATALSTATUS Threat Actor The group behind this operation, tracked as TA-NATALSTATUS, has been active since 2020. However, in 2025 […]

Cryptojacking Attack Exploits Redis Servers to Deploy Miners, Disable Security Read More »

add a heading (2)

Chinese MURKY PANDA Targets Government and Professional Services

A China-linked advanced threat actor, tracked as MURKY PANDA, has become a major concern in global cybersecurity. Since late 2024, the group has been actively targeting government agencies, legal firms, professional services, technology providers, and academic institutions across North America. Advanced Capabilities in Cyber Operations MURKY PANDA is recognized for its ability to exploit cloud

Chinese MURKY PANDA Targets Government and Professional Services Read More »

add a heading

Chinese Hackers Murky, Genesis, Glacial Panda Intensify Cloud and Telecom Espionage

Cybersecurity researchers have raised alarms over increasing cyber-espionage activity linked to China-based threat groups. Among them, Murky Panda, Genesis Panda, and Glacial Panda have been spotlighted for aggressively targeting cloud infrastructures and telecommunications networks to harvest sensitive intelligence. Murky Panda Exploiting Cloud Relationships A recent CrowdStrike report highlights that Murky Panda, also known as Silk

Chinese Hackers Murky, Genesis, Glacial Panda Intensify Cloud and Telecom Espionage Read More »

flaws

Commvault Pre-Auth Exploit Chains Could Allow Remote Code Execution

Commvault has issued critical security updates to patch four vulnerabilities that could allow attackers to execute remote code on vulnerable systems. Affected Versions The flaws exist in Commvault versions prior to 11.36.60. The vulnerabilities are: Discovery and Fixes The vulnerabilities were discovered by Sonny Macdonald and Piotr Bazydlo from watchTowr Labs in April 2025. Commvault

Commvault Pre-Auth Exploit Chains Could Allow Remote Code Execution Read More »

add a heading (1)

Cybercriminals Use CORNFLAKE.V3 Backdoor with ClickFix and Fake CAPTCHA

Threat actors are increasingly using a deceptive method known as ClickFix to spread a powerful backdoor called CORNFLAKE.V3. How ClickFix Works According to Google-owned Mandiant, the campaign is operated by UNC5518, an access-as-a-service group. Attackers lure victims to fake CAPTCHA pages, tricking them into following instructions that ultimately provide attackers with access to their systems.

Cybercriminals Use CORNFLAKE.V3 Backdoor with ClickFix and Fake CAPTCHA Read More »

add a heading (11)

‘QuirkyLoader’ Malware Distributes Infostealers and RATs

A sophisticated malware loader known as QuirkyLoader has emerged as a serious cyber threat, actively spreading prominent infostealers and remote access trojans (RATs) since November 2024. This malware stands out due to its ability to deliver multiple types of malicious payloads, including Agent Tesla, AsyncRAT, FormBook, MassLogger, Remcos, Rhadamanthys, and Snake Keylogger, making it a

‘QuirkyLoader’ Malware Distributes Infostealers and RATs Read More »

Blue Report 2025: Weak Passwords and Compromised Accounts Findings

Security professionals often focus on countering the latest sophisticated attack methods. However, the most damaging breaches frequently stem not from cutting-edge exploits, but from compromised accounts and cracked credentials. Despite widespread awareness, Picus Security’s Blue Report 2025 reveals that many organizations still struggle to prevent password attacks and detect malicious activity using stolen credentials. A

Blue Report 2025: Weak Passwords and Compromised Accounts Findings Read More »

add a heading (30)

Microsoft VS Code Remote-SSH Extension Exploited to Run Malicious Code

A severe security flaw has been identified in Microsoft’s VS Code Remote-SSH extension, enabling attackers to execute malicious code on a developer’s local machine by abusing compromised remote servers. Security experts have demonstrated this exploit, named “Vibe Hacking”, which takes advantage of the trusted link between remote development environments and local systems. The issue impacts

Microsoft VS Code Remote-SSH Extension Exploited to Run Malicious Code Read More »

add a heading (29)

Critical Apache Tika PDF Parser Flaw Exposes Sensitive Data

A newly discovered security flaw in Apache Tika’s PDF parser module poses a serious threat to enterprise environments. The vulnerability, tracked as CVE-2025-54988, has been rated critical by security researchers because it enables attackers to steal sensitive data and send malicious requests to internal systems. Key Points XXE Vulnerability Explained The vulnerability arises from an

Critical Apache Tika PDF Parser Flaw Exposes Sensitive Data Read More »

add a heading (28)

Russian Hackers Exploit 7-Year-Old Cisco Flaw to Steal Industrial Configs

A Russian state-backed cyber espionage group known as Static Tundra has been exploiting a seven-year-old flaw in Cisco networking devices to steal sensitive configuration data and maintain hidden access across critical infrastructure networks. This group, tied to Russia’s Federal Security Service (FSB) Center 16, has been targeting outdated and unpatched devices since 2015. Their operations

Russian Hackers Exploit 7-Year-Old Cisco Flaw to Steal Industrial Configs Read More »