SCtoCS
@sctocs.bsky.social
SCtoCS is your go-to partner for complete cyber protection and for latest Cyber Security News.
Two Chrome extensions were found stealing credentials from 170+ sites — a major privacy and security threat.
🔗 sctocs.com/chrome-exten...
🔗 sctocs.com/chrome-exten...
Two Chrome Extensions Caught Secretly Stealing Credentials From Over 170 Websites - SCtoCS
Two malicious Chrome extensions were discovered secretly stealing user credentials from more than 170 websites, posing serious security and privacy risks.
sctocs.com
December 24, 2025 at 6:42 PM
Two Chrome extensions were found stealing credentials from 170+ sites — a major privacy and security threat.
🔗 sctocs.com/chrome-exten...
🔗 sctocs.com/chrome-exten...
INTERPOL arrests 574 suspects in Africa as a Ukrainian ransomware affiliate pleads guilty — a major global cybercrime action.
🔗 sctocs.com/interpol-arr...
🔗 sctocs.com/interpol-arr...
INTERPOL Arrests 574 Across Africa As Ukrainian Ransomware Affiliate Pleads Guilty - SCtoCS
INTERPOL has arrested 574 suspects across Africa, while a Ukrainian ransomware affiliate has pleaded guilty in a related cybercrime case.
sctocs.com
December 24, 2025 at 6:13 PM
INTERPOL arrests 574 suspects in Africa as a Ukrainian ransomware affiliate pleads guilty — a major global cybercrime action.
🔗 sctocs.com/interpol-arr...
🔗 sctocs.com/interpol-arr...
The U.S. DoJ has seized a fraud-related domain tied to a $14.6M bank account takeover scheme.
Another significant move against cyber-enabled financial crime.
🔗 sctocs.com/us-doj-seize...
Another significant move against cyber-enabled financial crime.
🔗 sctocs.com/us-doj-seize...
U.S. DoJ Seizes Fraud Domain Linked To 14.6 Million Dollar Bank Account Takeover Scheme - SCtoCS
The U.S. Department of Justice has seized a fraud domain tied to a 14.6 million dollar bank account takeover scheme targeting victims nationwide.
sctocs.com
December 24, 2025 at 6:09 PM
The U.S. DoJ has seized a fraud-related domain tied to a $14.6M bank account takeover scheme.
Another significant move against cyber-enabled financial crime.
🔗 sctocs.com/us-doj-seize...
Another significant move against cyber-enabled financial crime.
🔗 sctocs.com/us-doj-seize...
A critical vulnerability in the n8n workflow automation platform (CVE-2025-68613, CVSS 9.9) can allow authenticated attackers to execute arbitrary code and compromise systems. Over 103,000 instances are potentially exposed — update to the latest patched versions!
🔗 sctocs.com/critical-n8n...
🔗 sctocs.com/critical-n8n...
Critical N8n Flaw With CVSS 9.9 Allows Arbitrary Code Execution Across Thousands Of Instances - SCtoCS
A critical n8n vulnerability rated CVSS 9.9 enables arbitrary code execution across thousands of exposed instances, requiring urgent patching.
sctocs.com
December 24, 2025 at 1:20 PM
A critical vulnerability in the n8n workflow automation platform (CVE-2025-68613, CVSS 9.9) can allow authenticated attackers to execute arbitrary code and compromise systems. Over 103,000 instances are potentially exposed — update to the latest patched versions!
🔗 sctocs.com/critical-n8n...
🔗 sctocs.com/critical-n8n...
A malicious npm package posing as a WhatsApp API library (lotusbail) has been stealing WhatsApp messages, contact lists, login tokens, and more — with over 56K downloads. Attackers can even link their device to your account for persistent access.
🔗 sctocs.com/fake-whatsap...
🔗 sctocs.com/fake-whatsap...
Fake WhatsApp API Package On Npm Steals Messages, Contacts, And Login Tokens - SCtoCS
A fake WhatsApp API package published on npm is stealing user messages, contacts, and login tokens, posing serious supply chain security risks.
sctocs.com
December 23, 2025 at 12:16 AM
A malicious npm package posing as a WhatsApp API library (lotusbail) has been stealing WhatsApp messages, contact lists, login tokens, and more — with over 56K downloads. Attackers can even link their device to your account for persistent access.
🔗 sctocs.com/fake-whatsap...
🔗 sctocs.com/fake-whatsap...
Android malware campaigns are now combining dropper apps, SMS theft, and RAT remote control features to compromise mobile devices at scale.
🔗 sctocs.com/android-malw...
🔗 sctocs.com/android-malw...
Android Malware Campaigns Combine Droppers, SMS Theft, And RAT Capabilities At Scale - SCtoCS
Large scale Android malware operations are merging droppers, SMS theft, and RAT features to expand control and data theft capabilities.
sctocs.com
December 22, 2025 at 11:29 PM
Android malware campaigns are now combining dropper apps, SMS theft, and RAT remote control features to compromise mobile devices at scale.
🔗 sctocs.com/android-malw...
🔗 sctocs.com/android-malw...
The Iranian APT group Infy (aka Prince of Persia) has re-emerged with new malware activity after years of silence — deploying updated Foudre & Tonnerre malware via phishing and advanced C2 techniques. Stay alert!
🔗 sctocs.com/iranian-infy...
🔗 sctocs.com/iranian-infy...
sctocs.com
December 22, 2025 at 5:40 PM
The Iranian APT group Infy (aka Prince of Persia) has re-emerged with new malware activity after years of silence — deploying updated Foudre & Tonnerre malware via phishing and advanced C2 techniques. Stay alert!
🔗 sctocs.com/iranian-infy...
🔗 sctocs.com/iranian-infy...
The U.S. Department of Justice has charged 54 people in a major ATM jackpotting case using Ploutus malware to make machines dispense cash illegally. This malware-based attack affected ATMs across the country. Stay informed:
🔗 sctocs.com/us-doj-charg...
🔗 sctocs.com/us-doj-charg...
U.S. DOJ Charges 54 Suspects In ATM Jackpotting Scheme Using Ploutus Malware - SCtoCS
The U.S. DOJ has charged 54 individuals linked to an ATM jackpotting operation that used Ploutus malware to steal cash from machines.
sctocs.com
December 22, 2025 at 3:07 PM
The U.S. Department of Justice has charged 54 people in a major ATM jackpotting case using Ploutus malware to make machines dispense cash illegally. This malware-based attack affected ATMs across the country. Stay informed:
🔗 sctocs.com/us-doj-charg...
🔗 sctocs.com/us-doj-charg...
Russia-linked hackers are exploiting Microsoft 365 device code phishing — tricking users into giving up authentication codes that grant attackers access tokens for account takeovers. Be cautious with unexpected invites and suspicious links!
🔗 sctocs.com/russia-linke...
🔗 sctocs.com/russia-linke...
Russia Linked Hackers Abuse Microsoft 365 Device Code Phishing For Account Takeovers - SCtoCS
Russia linked threat actors are using Microsoft 365 device code phishing to hijack accounts, enabling stealthy access and long term compromise.
sctocs.com
December 19, 2025 at 8:25 PM
Russia-linked hackers are exploiting Microsoft 365 device code phishing — tricking users into giving up authentication codes that grant attackers access tokens for account takeovers. Be cautious with unexpected invites and suspicious links!
🔗 sctocs.com/russia-linke...
🔗 sctocs.com/russia-linke...
Security Alert: Attackers are spreading CountLoader and GachiLoader malware through cracked software and misleading YouTube videos. These loaders can install additional threats and steal sensitive data.
Avoid pirated downloads and stay protected. 🔐
🔗 sctocs.com/cracked-soft...
Avoid pirated downloads and stay protected. 🔐
🔗 sctocs.com/cracked-soft...
Cracked Software And YouTube Videos Used To Spread CountLoader And GachiLoader Malware - SCtoCS
Threat actors are abusing cracked software and YouTube videos to distribute CountLoader and GachiLoader malware to unsuspecting users.
sctocs.com
December 19, 2025 at 7:56 PM
Security Alert: Attackers are spreading CountLoader and GachiLoader malware through cracked software and misleading YouTube videos. These loaders can install additional threats and steal sensitive data.
Avoid pirated downloads and stay protected. 🔐
🔗 sctocs.com/cracked-soft...
Avoid pirated downloads and stay protected. 🔐
🔗 sctocs.com/cracked-soft...
WatchGuard security alert
A critical Fireware OS VPN vulnerability (CVE-2025-14733) in Firebox is being actively exploited, allowing remote attackers to run code on affected systems. Patch your devices now!
🔗 sctocs.com/watchguard-f...
A critical Fireware OS VPN vulnerability (CVE-2025-14733) in Firebox is being actively exploited, allowing remote attackers to run code on affected systems. Patch your devices now!
🔗 sctocs.com/watchguard-f...
WatchGuard Warns Of Active Exploitation Of Critical Fireware OS VPN Vulnerability - SCtoCS
WatchGuard is warning about active exploitation of a critical Fireware OS VPN vulnerability, urging organizations to apply fixes immediately.
sctocs.com
December 19, 2025 at 7:15 PM
WatchGuard security alert
A critical Fireware OS VPN vulnerability (CVE-2025-14733) in Firebox is being actively exploited, allowing remote attackers to run code on affected systems. Patch your devices now!
🔗 sctocs.com/watchguard-f...
A critical Fireware OS VPN vulnerability (CVE-2025-14733) in Firebox is being actively exploited, allowing remote attackers to run code on affected systems. Patch your devices now!
🔗 sctocs.com/watchguard-f...
RaccoonO365 developer arrested in Nigeria!
Nigeria Police, with Microsoft & FBI support, detained the alleged creator of the RaccoonO365 phishing toolkit used to steal Microsoft 365 credentials via fake login pages.
🔗 sctocs.com/nigeria-arre...
Nigeria Police, with Microsoft & FBI support, detained the alleged creator of the RaccoonO365 phishing toolkit used to steal Microsoft 365 credentials via fake login pages.
🔗 sctocs.com/nigeria-arre...
Nigeria Arrests RaccoonO365 Phishing Developer Tied To Microsoft 365 Attacks - SCtoCS
Nigerian authorities have arrested the developer behind RaccoonO365 phishing tools linked to widespread Microsoft 365 credential theft attacks.
sctocs.com
December 19, 2025 at 6:46 PM
RaccoonO365 developer arrested in Nigeria!
Nigeria Police, with Microsoft & FBI support, detained the alleged creator of the RaccoonO365 phishing toolkit used to steal Microsoft 365 credentials via fake login pages.
🔗 sctocs.com/nigeria-arre...
Nigeria Police, with Microsoft & FBI support, detained the alleged creator of the RaccoonO365 phishing toolkit used to steal Microsoft 365 credentials via fake login pages.
🔗 sctocs.com/nigeria-arre...
Cisco security alert: A critical zero-day (CVE-2025-20393) in AsyncOS email security appliances is being actively exploited by a China-linked threat group. Restrict exposure & harden systems now — no patch yet.
🔗 sctocs.com/cisco-active...
🔗 sctocs.com/cisco-active...
Cisco Warns Of Active Attacks Exploiting Unpatched Zero Day In AsyncOS Email Security Appliances - SCtoCS
Cisco is warning about active attacks exploiting an unpatched zero day vulnerability in AsyncOS email security appliances, urging immediate mitigation.
sctocs.com
December 19, 2025 at 12:12 PM
Cisco security alert: A critical zero-day (CVE-2025-20393) in AsyncOS email security appliances is being actively exploited by a China-linked threat group. Restrict exposure & harden systems now — no patch yet.
🔗 sctocs.com/cisco-active...
🔗 sctocs.com/cisco-active...
North Korea-linked hackers stole $2.02B in crypto in 2025, accounting for most global thefts and marking a record year for state-affiliated cybercrime.
🔗 sctocs.com/north-korea-...
🔗 sctocs.com/north-korea-...
North Korea Linked Hackers Steal 2.02 Billion Dollars In 2025 To Lead Global Crypto Theft - SCtoCS
North Korea linked hackers stole 2.02 billion dollars in cryptocurrency in 2025, making them the top source of global crypto theft activity.
sctocs.com
December 19, 2025 at 11:20 AM
North Korea-linked hackers stole $2.02B in crypto in 2025, accounting for most global thefts and marking a record year for state-affiliated cybercrime.
🔗 sctocs.com/north-korea-...
🔗 sctocs.com/north-korea-...
Threat alert
China-aligned APT LongNosedGoblin is abusing Windows Group Policy to spread espionage malware across target networks, using cloud services for stealthy C&C.
sctocs.com/china-aligne...
China-aligned APT LongNosedGoblin is abusing Windows Group Policy to spread espionage malware across target networks, using cloud services for stealthy C&C.
sctocs.com/china-aligne...
China Aligned Threat Group Abuses Windows Group Policy To Deploy Espionage Malware - SCtoCS
A China aligned threat group is using Windows Group Policy to deploy espionage malware, enabling stealthy compromise of targeted environments.
sctocs.com
December 19, 2025 at 10:00 AM
Threat alert
China-aligned APT LongNosedGoblin is abusing Windows Group Policy to spread espionage malware across target networks, using cloud services for stealthy C&C.
sctocs.com/china-aligne...
China-aligned APT LongNosedGoblin is abusing Windows Group Policy to spread espionage malware across target networks, using cloud services for stealthy C&C.
sctocs.com/china-aligne...
HPE OneView RCE Alert (CVSS 10.0)
A critical flaw (CVE-2025-37164) allows unauthenticated remote code execution on HPE OneView systems before v11.00. Patch or upgrade immediately.
🔗 sctocs.com/hpe-oneview-...
A critical flaw (CVE-2025-37164) allows unauthenticated remote code execution on HPE OneView systems before v11.00. Patch or upgrade immediately.
🔗 sctocs.com/hpe-oneview-...
HPE OneView Flaw CVSS 10.0 Enables Unauthenticated Remote Code Execution - SCtoCS
A critical HPE OneView vulnerability rated CVSS 10.0 allows unauthenticated attackers to execute remote code, posing severe risks to enterprise systems.
sctocs.com
December 19, 2025 at 9:35 AM
HPE OneView RCE Alert (CVSS 10.0)
A critical flaw (CVE-2025-37164) allows unauthenticated remote code execution on HPE OneView systems before v11.00. Patch or upgrade immediately.
🔗 sctocs.com/hpe-oneview-...
A critical flaw (CVE-2025-37164) allows unauthenticated remote code execution on HPE OneView systems before v11.00. Patch or upgrade immediately.
🔗 sctocs.com/hpe-oneview-...
Mobile threat alert
Kimsuky is using QR code phishing that impersonates delivery apps to spread the DocSwap Android malware, giving attackers remote access on infected devices.
🔗 sctocs.com/kimsuky-docs...
Kimsuky is using QR code phishing that impersonates delivery apps to spread the DocSwap Android malware, giving attackers remote access on infected devices.
🔗 sctocs.com/kimsuky-docs...
Kimsuky Spreads DocSwap Android Malware Through QR Phishing Posing As Delivery App - SCtoCS
Kimsuky is distributing DocSwap Android malware using QR code phishing that masquerades as a delivery app, targeting unsuspecting mobile users.
sctocs.com
December 18, 2025 at 7:32 PM
Mobile threat alert
Kimsuky is using QR code phishing that impersonates delivery apps to spread the DocSwap Android malware, giving attackers remote access on infected devices.
🔗 sctocs.com/kimsuky-docs...
Kimsuky is using QR code phishing that impersonates delivery apps to spread the DocSwap Android malware, giving attackers remote access on infected devices.
🔗 sctocs.com/kimsuky-docs...
A critical ASUS Live Update flaw (CVE-2025-59374) has been added to CISA’s KEV catalog due to confirmed active exploitation tied to a supply chain compromise. Discontinue or patch now.
🔗 sctocs.com/cisa-asus-li...
🔗 sctocs.com/cisa-asus-li...
CISA Flags Critical ASUS Live Update Flaw Following Evidence Of Active Exploitation - SCtoCS
CISA has flagged a critical ASUS Live Update vulnerability after confirming active exploitation, warning users to patch systems immediately.
sctocs.com
December 18, 2025 at 6:57 PM
A critical ASUS Live Update flaw (CVE-2025-59374) has been added to CISA’s KEV catalog due to confirmed active exploitation tied to a supply chain compromise. Discontinue or patch now.
🔗 sctocs.com/cisa-asus-li...
🔗 sctocs.com/cisa-asus-li...
SonicWall security update
SonicWall patched CVE-2025-40602 — an actively exploited privilege escalation bug in SMA 1000 appliances that could lead to root RCE when chained with another flaw. Patch ASAP.
🔗 sctocs.com/sonicwall-cv...
SonicWall patched CVE-2025-40602 — an actively exploited privilege escalation bug in SMA 1000 appliances that could lead to root RCE when chained with another flaw. Patch ASAP.
🔗 sctocs.com/sonicwall-cv...
SonicWall Patches Actively Exploited CVE-2025-40602 In SMA 100 Appliances - SCtoCS
SonicWall has fixed the actively exploited CVE-2025-40602 vulnerability affecting SMA 100 appliances, urging users to apply updates immediately.
sctocs.com
December 17, 2025 at 9:46 PM
SonicWall security update
SonicWall patched CVE-2025-40602 — an actively exploited privilege escalation bug in SMA 1000 appliances that could lead to root RCE when chained with another flaw. Patch ASAP.
🔗 sctocs.com/sonicwall-cv...
SonicWall patched CVE-2025-40602 — an actively exploited privilege escalation bug in SMA 1000 appliances that could lead to root RCE when chained with another flaw. Patch ASAP.
🔗 sctocs.com/sonicwall-cv...
Kimwolf botnet alert
~1.8 million Android TV devices have been hijacked into the Kimwolf botnet, launching massive DDoS attacks and acting as proxies. Secure your network and update devices.
🔗 sctocs.com/kimwolf-botn...
~1.8 million Android TV devices have been hijacked into the Kimwolf botnet, launching massive DDoS attacks and acting as proxies. Secure your network and update devices.
🔗 sctocs.com/kimwolf-botn...
Kimwolf Botnet Hijacks 1.8 Million Android TVs To Launch Massive DDoS Attacks - SCtoCS
The Kimwolf botnet has taken over 1.8 million Android TVs and is using them to conduct large scale DDoS attacks worldwide.
sctocs.com
December 17, 2025 at 9:22 PM
Kimwolf botnet alert
~1.8 million Android TV devices have been hijacked into the Kimwolf botnet, launching massive DDoS attacks and acting as proxies. Secure your network and update devices.
🔗 sctocs.com/kimwolf-botn...
~1.8 million Android TV devices have been hijacked into the Kimwolf botnet, launching massive DDoS attacks and acting as proxies. Secure your network and update devices.
🔗 sctocs.com/kimwolf-botn...
APT28 phishing alert
Russia-linked APT28 is actively targeting UKR(.)net users with credential-harvesting attacks using fake login pages and malicious PDF lures — stealing passwords and 2FA codes.
🔗 sctocs.com/apt28-ukr-ne...
Russia-linked APT28 is actively targeting UKR(.)net users with credential-harvesting attacks using fake login pages and malicious PDF lures — stealing passwords and 2FA codes.
🔗 sctocs.com/apt28-ukr-ne...
APT28 Targets Ukrainian UKR Net Users In Long Running Credential Phishing Campaign - SCtoCS
APT28 is running a long term credential phishing campaign targeting Ukrainian UKR net users, aiming to steal accounts and gather intelligence.
sctocs.com
December 17, 2025 at 8:50 PM
APT28 phishing alert
Russia-linked APT28 is actively targeting UKR(.)net users with credential-harvesting attacks using fake login pages and malicious PDF lures — stealing passwords and 2FA codes.
🔗 sctocs.com/apt28-ukr-ne...
Russia-linked APT28 is actively targeting UKR(.)net users with credential-harvesting attacks using fake login pages and malicious PDF lures — stealing passwords and 2FA codes.
🔗 sctocs.com/apt28-ukr-ne...
Phishing alert
ForumTroll is using fake eLibrary emails to target Russian scholars, stealing credentials and spreading malware. Be cautious with suspicious academic emails.
🔗 sctocs.com/forumtroll-p...
ForumTroll is using fake eLibrary emails to target Russian scholars, stealing credentials and spreading malware. Be cautious with suspicious academic emails.
🔗 sctocs.com/forumtroll-p...
New ForumTroll Phishing Attacks Target Russian Scholars Via Fake ELibrary Emails - SCtoCS
ForumTroll phishing campaigns are targeting Russian scholars using fake eLibrary emails to steal credentials and conduct targeted espionage.
sctocs.com
December 17, 2025 at 8:47 PM
Phishing alert
ForumTroll is using fake eLibrary emails to target Russian scholars, stealing credentials and spreading malware. Be cautious with suspicious academic emails.
🔗 sctocs.com/forumtroll-p...
ForumTroll is using fake eLibrary emails to target Russian scholars, stealing credentials and spreading malware. Be cautious with suspicious academic emails.
🔗 sctocs.com/forumtroll-p...
GhostPoster malware alert
17 Firefox add-ons (50K+ downloads) hid malicious JS in their logo images to hijack links, inject tracking, and carry out ad fraud. Check and remove suspicious extensions now.
🔗 sctocs.com/ghostposter-...
17 Firefox add-ons (50K+ downloads) hid malicious JS in their logo images to hijack links, inject tracking, and carry out ad fraud. Check and remove suspicious extensions now.
🔗 sctocs.com/ghostposter-...
GhostPoster Malware Discovered In 17 Firefox Add Ons With Over 50,000 Downloads - SCtoCS
GhostPoster malware has been found embedded in 17 Firefox add ons with more than 50,000 downloads, posing serious risks to user security.
sctocs.com
December 17, 2025 at 4:26 PM
GhostPoster malware alert
17 Firefox add-ons (50K+ downloads) hid malicious JS in their logo images to hijack links, inject tracking, and carry out ad fraud. Check and remove suspicious extensions now.
🔗 sctocs.com/ghostposter-...
17 Firefox add-ons (50K+ downloads) hid malicious JS in their logo images to hijack links, inject tracking, and carry out ad fraud. Check and remove suspicious extensions now.
🔗 sctocs.com/ghostposter-...
Ink Dragon espionage alert
A China-linked threat actor is hacking government networks with ShadowPad and FINALDRAFT malware, turning compromised servers into stealthy C2 relays. Secure exposed services now.
🔗 sctocs.com/china-linked...
A China-linked threat actor is hacking government networks with ShadowPad and FINALDRAFT malware, turning compromised servers into stealthy C2 relays. Secure exposed services now.
🔗 sctocs.com/china-linked...
China Linked Ink Dragon Hacks Governments Using ShadowPad And FINALDRAFT Malware - SCtoCS
China linked Ink Dragon is targeting government entities using ShadowPad and FINALDRAFT malware in ongoing cyber espionage operations.
sctocs.com
December 17, 2025 at 3:34 PM
Ink Dragon espionage alert
A China-linked threat actor is hacking government networks with ShadowPad and FINALDRAFT malware, turning compromised servers into stealthy C2 relays. Secure exposed services now.
🔗 sctocs.com/china-linked...
A China-linked threat actor is hacking government networks with ShadowPad and FINALDRAFT malware, turning compromised servers into stealthy C2 relays. Secure exposed services now.
🔗 sctocs.com/china-linked...
AWS security alert
Compromised IAM credentials are fueling a large crypto mining campaign in AWS. Rotate keys, enforce MFA, and monitor cloud usage urgently.
🔗 sctocs.com/compromised-...
Compromised IAM credentials are fueling a large crypto mining campaign in AWS. Rotate keys, enforce MFA, and monitor cloud usage urgently.
🔗 sctocs.com/compromised-...
Compromised IAM Credentials Fuel Large AWS Crypto Mining Campaign - SCtoCS
Stolen IAM credentials are being abused to run a large scale AWS crypto mining campaign, leading to cloud resource abuse and financial losses.
sctocs.com
December 16, 2025 at 7:16 PM
AWS security alert
Compromised IAM credentials are fueling a large crypto mining campaign in AWS. Rotate keys, enforce MFA, and monitor cloud usage urgently.
🔗 sctocs.com/compromised-...
Compromised IAM credentials are fueling a large crypto mining campaign in AWS. Rotate keys, enforce MFA, and monitor cloud usage urgently.
🔗 sctocs.com/compromised-...