sctocs

Researchers Reveal Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation

Windows RPC Vulnerability CVE-2025-49760 Enables EPM Poisoning and Privilege Escalation Attacks Cybersecurity experts have revealed fresh details about a now-patched flaw in Microsoft Windows Remote Procedure Call (RPC) that could allow attackers to spoof legitimate services and impersonate trusted servers. The issue, tracked as CVE-2025-49760 with a CVSS score of 3.5, was described by Microsoft as a Windows […]

Researchers Reveal Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation Read More »

WinRAR Zero-Day Exploited to Deliver Malware During Archive Extraction

WinRAR Vulnerability CVE-2025-8088 Exploited as Zero-Day to Deploy RomCom Malware A critical security flaw in WinRAR, identified as CVE-2025-8088, has been exploited in zero-day phishing campaigns to install the RomCom malware. This vulnerability, a directory traversal bug, was addressed in WinRAR version 7.13. It allows attackers to create malicious archive files that, when extracted, can

WinRAR Zero-Day Exploited to Deliver Malware During Archive Extraction Read More »

Google Confirms Data Breach Exposed Potential Google Ads Customer Information

“Google Confirms Data Breach Exposed Potential Google Ads Customer Information” Google has confirmed a data breach involving one of its corporate Salesforce CRM instances used for communicating with potential Google Ads customers. The incident exposed basic business contact details but did not affect financial or active Ads account data. In a data breach notification sent to affected parties and

Google Confirms Data Breach Exposed Potential Google Ads Customer Information Read More »

Embargo Ransomware Rakes in $34.2 Million in Crypto Since April 2024

Embargo Ransomware Rakes in $34.2 Million in Crypto Since April 2024 A recent report from blockchain intelligence firm TRM Labs reveals that the Embargo ransomware group has generated approximately $34.2 million in cryptocurrency since its emergence in April 2024. Most of the identified victims are based in the United States, particularly within the healthcare, business services, and manufacturing

Embargo Ransomware Rakes in $34.2 Million in Crypto Since April 2024 Read More »

Darknet Market Escrow Systems at Risk of Administrator Exit Scams

Darknet markets operate outside the control of traditional payment processors and legal systems, making escrow systems essential for securing cryptocurrency transactions between buyers and sellers. These systems, often using multisignature (multisig) wallets and automated release mechanisms, are designed to enhance transaction safety and manage disputes. While they offer improved protection compared to direct payments, weaknesses

Darknet Market Escrow Systems at Risk of Administrator Exit Scams Read More »

GPT-5 Jailbreak and Zero-Click AI Agent Exploits Threaten Cloud and IoT Security

Cybersecurity researchers have revealed a new jailbreak method targeting OpenAI’s GPT-5 language model, enabling it to bypass ethical safeguards and produce harmful instructions. The method, developed by NeuralTrust, combines a known exploit called Echo Chamber with a narrative-driven approach to manipulate the AI’s responses. By seeding the conversation with subtle cues and reinforcing them through storytelling, attackers

GPT-5 Jailbreak and Zero-Click AI Agent Exploits Threaten Cloud and IoT Security Read More »

Cisco Reports CRM Data Breach From Vishing Attack, No Sensitive Data Exposed

Cisco has confirmed a security breach involving a third-party cloud-based Customer Relationship Management (CRM) system. This breach exposed limited profile details of users registered on Cisco.com, such as names, email addresses, and phone numbers. The incident came to light on July 24, 2025, when a vishing (voice phishing) attack targeted one of Cisco’s representatives. This

Cisco Reports CRM Data Breach From Vishing Attack, No Sensitive Data Exposed Read More »

CISA Issues Alert on Actively Exploited D-Link Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a new alert, adding three critical D-Link vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, confirming they are being actively exploited in real-world cyberattacks. These vulnerabilities pose serious risks to both federal and non-federal networks by exposing IP cameras and video recorders to remote exploitation.

CISA Issues Alert on Actively Exploited D-Link Vulnerabilities Read More »

Microsoft Launches Zero-Day Quest Hacking Contest With $5 Million in Rewards

Microsoft Relaunches Zero Day Quest With $5 Million in Bounties for Critical AI and Cloud Vulnerabilities Microsoft has officially reintroduced its industry-shaping Zero Day Quest, the largest public hacking event in cybersecurity history, now offering up to $5 million in bounties for impactful vulnerability discoveries across its critical platforms. This year’s initiative builds upon last

Microsoft Launches Zero-Day Quest Hacking Contest With $5 Million in Rewards Read More »

Cyber Attacks on AI Infrastructure Surge as Critical Vulnerabilities Are Exposed

In a troubling new development, cybercriminals are increasingly targeting the core infrastructure behind artificial intelligence, including GPU clusters, model-serving gateways, and training pipelines used in large language model (LLM) deployments. Over the past six months, a new malware family dubbed “ShadowInit” has been observed in attacks focused not just on GPU resources but on stealing

Cyber Attacks on AI Infrastructure Surge as Critical Vulnerabilities Are Exposed Read More »