sctocs

add a heading (26)

CISA Issues Four ICS Advisories on Vulnerabilities and Exploits

On August 19, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) released four detailed Industrial Control Systems (ICS) advisories, warning of serious security flaws in critical infrastructure sectors such as energy and manufacturing. The reported issues carry CVSS severity scores between 5.8 and 9.8, highlighting the urgent need for action from administrators and security teams. […]

CISA Issues Four ICS Advisories on Vulnerabilities and Exploits Read More »

add a heading (24)

Scattered Spider Hacker Sentenced to 10 Years for $13M SIM Swapping Crypto Theft

A 20-year-old member of the cybercrime gang Scattered Spider has been sentenced to 10 years in U.S. federal prison for his involvement in a series of major hacking campaigns and cryptocurrency theft operations. Sentencing Details Noah Michael Urban pleaded guilty in April 2025 to charges of wire fraud and aggravated identity theft, according to reports from Bloomberg and

Scattered Spider Hacker Sentenced to 10 Years for $13M SIM Swapping Crypto Theft Read More »

add a heading (23)

Hackers Exploit ADFS and Office.com to Steal Microsoft 365 Credentials

A new and highly deceptive phishing campaign is targeting Microsoft 365 accounts by abusing Microsoft’s own Active Directory Federation Services (ADFS). The attackers redirect users from legitimate office.com links to malicious login pages, making the scam exceptionally hard to detect. Evolution of Phishing Attacks Researchers at cybersecurity firm Push Security revealed this tactic, describing it

Hackers Exploit ADFS and Office.com to Steal Microsoft 365 Credentials Read More »

add a heading (22)

RingReaper Malware Targets Linux Servers, Evades EDR

A newly discovered malware called RingReaper is actively targeting Linux servers, raising serious concerns due to its advanced evasion strategies that undermine traditional endpoint detection and response (EDR) solutions. How RingReaper Operates RingReaper functions as a post-exploitation agent that takes advantage of the Linux kernel’s io_uring interface, a modern asynchronous I/O system designed for high-performance

RingReaper Malware Targets Linux Servers, Evades EDR Read More »

add a heading (21)

Threat Actors Use GenAI to Craft Realistic Phishing Content

Cybercriminals are increasingly taking advantage of generative AI platforms to create advanced phishing campaigns that are much harder for traditional security systems to detect. The rapid growth of GenAI services has built an environment where attackers can easily generate realistic phishing emails, mimic trusted organizations, and scale attacks with very little technical skill required. Modern

Threat Actors Use GenAI to Craft Realistic Phishing Content Read More »

add a heading (10)

Scaly Wolf Hackers Target Organizations to Steal Secrets

The cybersecurity world is once again witnessing the rise of advanced threat actors, with groups adopting increasingly complex attack chains to infiltrate corporate systems and extract confidential information. A new investigation by security experts has revealed an ongoing campaign conducted by the Scaly Wolf Advanced Persistent Threat (APT) group). This operation successfully compromised a Russian

Scaly Wolf Hackers Target Organizations to Steal Secrets Read More »

add a heading (9)

FBI Warns: FSB-Linked Hackers Exploit Unpatched Cisco Devices

A Russian state-backed cyber espionage group known as Static Tundra has been actively abusing a seven-year-old Cisco vulnerability to maintain long-term access to targeted networks. Targets and Regions Affected According to Cisco Talos, the campaign is directed at organizations in telecommunications, higher education, and manufacturing across North America, Europe, Asia, and Africa. Victims are chosen

FBI Warns: FSB-Linked Hackers Exploit Unpatched Cisco Devices Read More »

add a heading (20)

VirtualBox 7.2 Adds Windows 11/Arm VM Support and 50 Bug  Fixes

Oracle has officially rolled out VirtualBox 7.2, a powerful upgrade to its open-source virtualization software. Released on August 14, 2025, this version introduces strong support for Windows 11/Arm virtualization, a redesigned graphical interface, and more than 50 bug fixes. The release strengthens VirtualBox’s position in the evolving Arm-based ecosystem, while still ensuring reliable performance for

VirtualBox 7.2 Adds Windows 11/Arm VM Support and 50 Bug  Fixes Read More »

add a heading (8)

Rockwell ControlLogix Ethernet Flaw Enables Remote Code Execution

A severe security flaw has been identified in Rockwell Automation’s ControlLogix Ethernet communication modules. This issue could allow remote attackers to execute arbitrary code on industrial control systems, posing a high risk to manufacturing and automation operations. The vulnerability, tracked as CVE-2025-7353, has been rated with a CVSS score of 9.8, placing it in the

Rockwell ControlLogix Ethernet Flaw Enables Remote Code Execution Read More »

add a heading (7)

Critical PostgreSQL Flaws Enable Code Injection in Restorations

The PostgreSQL Global Development Group has rolled out emergency security updates across all supported versions to fix three newly discovered vulnerabilities that expose organizations to arbitrary code execution risks during database restoration processes. These vulnerabilities affect PostgreSQL versions 13 through 17, with security patches available in the latest releases: 17.6, 16.10, 15.14, 14.19, and 13.22.

Critical PostgreSQL Flaws Enable Code Injection in Restorations Read More »