sctocs

marcsimmons westblock parlimentexterior 1113x800

Canada House of Commons Hit by Microsoft Exploit

On August 9, 2025, the Canadian House of Commons experienced a cyberattack in which threat actors exploited a recently disclosed Microsoft vulnerability to gain unauthorized access to sensitive employee data. The incident highlights the persistent cybersecurity challenges facing Canadian government institutions amid a rapidly escalating global threat landscape. Details of the Breach According to an […]

Canada House of Commons Hit by Microsoft Exploit Read More »

add a heading (1)

Hackers Use Phishlet for FIDO Downgrade Attacks

FIDO Passkeys Face New Downgrade Attack Threat A new and highly sophisticated cyber threat has surfaced, targeting one of the most trusted authentication technologies in modern cybersecurity. FIDO-based passkeys, widely regarded as the gold standard for phishing-resistant authentication, are now vulnerable to an advanced downgrade attack. This technique forces users to abandon strong FIDO authentication

Hackers Use Phishlet for FIDO Downgrade Attacks Read More »

cyberattacks iot blog img

Global Brute-Force Hits Fortinet SSL VPNs Before Shift

Cybersecurity researchers have reported a sharp increase in brute-force traffic targeting Fortinet SSL VPN devices, raising concerns over a possible build-up to a broader exploitation campaign. According to threat intelligence firm GreyNoise, the coordinated activity was first detected on August 3, 2025, involving more than 780 unique malicious IP addresses. Within the past 24 hours

Global Brute-Force Hits Fortinet SSL VPNs Before Shift Read More »

c0004cd9 86e7 468d a9af a5c33309db60

Researchers Discover XZ Utils Backdoor in Dozens of Docker Hub Images, Increasing Supply Chain Risks

Security researchers have discovered dozens of Docker Hub images infected with the notorious XZ Utils backdoor, more than a year after the incident was first revealed. Even more concerning, several other images have been built on top of these compromised base images, spreading the backdoor indirectly across the Docker ecosystem, according to a Binarly Research

Researchers Discover XZ Utils Backdoor in Dozens of Docker Hub Images, Increasing Supply Chain Risks Read More »

images

BlackSuit Ransomware Servers Targeting U.S. Critical Infrastructure Dismantled in Major Law Enforcement Operation

In a landmark coordinated effort, international law enforcement agencies have taken down critical infrastructure linked to the BlackSuit ransomware group (also known as Royal), marking a significant blow against one of the most persistent cybercriminal operations targeting the United States. The operation, conducted on July 24, 2025, led to the seizure of four servers, nine

BlackSuit Ransomware Servers Targeting U.S. Critical Infrastructure Dismantled in Major Law Enforcement Operation Read More »

SSHamble, a New Open-Source Tool to Exploit Vulnerabilities in the SSH Protocol

SSHamble – An Advanced Open-Source Tool for Uncovering SSH Vulnerabilities SSHamble is a cutting-edge open-source reconnaissance utility built to detect and exploit security weaknesses in SSH protocol implementations across internet-facing systems. First showcased at DEFCON 33, the tool has already revealed major flaws in enterprise networking equipment and exposed widespread SSH misconfigurations impacting millions of

SSHamble, a New Open-Source Tool to Exploit Vulnerabilities in the SSH Protocol Read More »

Hackers Exploit Google Paid Ads with Fake Tesla Websites to Spread Malware

Hackers Exploit Google Paid Ads with Fake Tesla Websites to Spread Malware In recent weeks, several sponsored advertisements began appearing at the top of Google search results, claiming to offer preorders for Tesla’s upcoming Optimus robots. These ads redirected unsuspecting users to fraudulent microsites designed to mimic Tesla’s official branding, tricking them into paying a

Hackers Exploit Google Paid Ads with Fake Tesla Websites to Spread Malware Read More »

Cyberattack on Bouygues Telecom Exposes Data of 6.4 Million Customers

Cyberattack on Bouygues Telecom Exposes Data of 6.4 Million Customers A major cyberattack has hit French telecommunications giant Bouygues Telecom, compromising personal data belonging to 6.4 million customers. The breach, detected on August 4th, has raised serious concerns over data security and customer safety. Details of the Breach Bouygues, which serves nearly 27 million mobile

Cyberattack on Bouygues Telecom Exposes Data of 6.4 Million Customers Read More »

Hackers Can Exploit New Win-DDoS Flaws to Convert Public Domain Controllers into DDoS Botnets

Hackers Can Exploit New Win-DDoS Flaws to Turn Public Domain Controllers into Powerful Botnets A newly discovered attack method could be used to hijack thousands of publicly accessible Domain Controllers (DCs) worldwide, transforming them into a massive botnet capable of delivering high-powered Distributed Denial-of-Service (DDoS) attacks. The technique, named Win-DDoS, was uncovered by SafeBreach researchers

Hackers Can Exploit New Win-DDoS Flaws to Convert Public Domain Controllers into DDoS Botnets Read More »