Obsidian Plugin Exploitation Spreads PHANTOMPULSE RAT In Targeted Finance And Crypto Attacks - SCtoCS Obsidian plugin abuse delivers PHANTOMPULSE RAT in targeted finance and crypto attacks, exposing risks in third-party plugins and note-taking tools.

A new campaign is abusing Obsidian’s plugin ecosystem to deliver the PHANTOMPULSE RAT.

Targets in finance and crypto are lured via LinkedIn and Telegram, then tricked into enabling malicious plugins that silently execute code and take control of systems.

sctocs.com/obsidian-plu...

UAC-0247 Launches Data-Theft Malware Campaign Against Ukrainian Clinics And Government Entities - SCtoCS UAC-0247 targets Ukrainian clinics and government entities in a data-theft malware campaign, raising concerns over critical infrastructure security.

A cyber campaign linked to UAC-0247 is targeting Ukrainian healthcare and government sectors with data-stealing malware.

The attacks use phishing emails disguised as aid proposals to deploy malware that steals browser and WhatsApp data and enables remote system access.

sctocs.com/uac-0247-ukr...

N8n Webhooks Exploited Since October 2025 To Spread Malware Through Phishing Emails - SCtoCS n8n webhooks have been abused since October 2025 to deliver malware via phishing emails, highlighting rising threats in automated workflow tools.

Security researchers warn that attackers are exploiting n8n automation workflows to deliver malware through phishing emails.

sctocs.com/n8n-webhooks...

Microsoft Releases Security Updates Fixing SharePoint Zero-Day And 168 Additional Vulnerabilities - SCtoCS Microsoft fixes a SharePoint zero-day and 168 vulnerabilities in April 2026 Patch Tuesday, urging organizations to apply updates immediately for security.

Microsoft has fixed 168 vulnerabilities in its latest Patch Tuesday release, including a critical SharePoint zero-day flaw actively exploited by attackers.

Read more:
sctocs.com/microsoft-sh...

Backdoored Smart Slider 3 Pro Update Delivered Via Compromised Nextend Servers In Supply Chain Attack - SCtoCS Attackers compromised Nextend servers to push a backdoored Smart Slider 3 Pro update, enabling remote code execution and full site compromise.

The official Smart Slider 3 Pro update was compromised, allowing attackers to insert a backdoor and gain unauthorized access to websites.

This attack targeted Nextend’s update infrastructure, putting thousands of sites at risk.
sctocs.com/smart-slider...

UAT-10362 Launches Spear-Phishing Campaigns Targeting Taiwanese NGOs With LucidRook Malware - SCtoCS UAT-10362 targets Taiwanese NGOs with LucidRook malware via spear-phishing, using DLL sideloading and stealth techniques to exfiltrate sensitive data.

Reports indicate UAT-10362 is behind targeted spear-phishing attacks on Taiwanese NGOs and universities.

The campaign deploys LucidRook malware, designed for stealth, data exfiltration, and persistent access.

sctocs.com/uat-10362-lu...

Reports indicate APT28 is deploying PRISMEX malware in a campaign targeting Ukraine and NATO partners.

The operation uses zero-day exploits and stealth techniques to infiltrate systems and maintain long-term access.

sctocs.com/apt28-prisme...

Reports indicate Anthropic’s Claude Mythos AI has identified thousands of zero-day vulnerabilities in major software systems.

Experts warn the technology could transform cybersecurity—but also introduce new risks.

sctocs.com/anthropic-cl...

North Korea-Linked Hackers Distribute Over 1,700 Malicious Packages Across Npm, PyPI, Go, And Rust Ecosystems - SCtoCS North Korea-linked hackers spread 1,700+ malicious packages across npm, PyPI, Go, and Rust, targeting developers in a large-scale supply chain attack.

Reports reveal a North Korea-linked campaign spreading over 1,700 malicious packages across major open-source ecosystems.

The attack targets developers and software supply chains through disguised libraries.

sctocs.com/north-korea-...

Iran-Linked Hackers Target Internet-Exposed PLCs To Disrupt U.S. Critical Infrastructure - SCtoCS Iran-linked hackers exploit internet-exposed PLCs to disrupt U.S. critical infrastructure, impacting water, energy, and industrial control systems.

Reports indicate Iran-linked hackers are exploiting PLCs and industrial control systems in the U.S.

The campaign targets critical infrastructure and has already led to disruptions in some sectors.

sctocs.com/iran-hackers...

Russian APT28 Exploits SOHO Routers In Global DNS Hijacking And Cyber Espionage Campaign - SCtoCS Russian APT28 exploits SOHO routers for DNS hijacking, enabling AiTM attacks to steal credentials and spy on global government and enterprise networks.

Russian group APT28 is exploiting vulnerable SOHO routers in a global DNS hijacking campaign.

Attackers redirect traffic to intercept data and steal credentials.

sctocs.com/apt28-soho-r...

China-Linked Storm-1175 Exploits Zero-Day Flaws To Rapidly Deploy Medusa Ransomware Attacks - SCtoCS China-linked Storm-1175 exploits zero-day and known flaws to deploy Medusa ransomware within hours, targeting exposed systems across multiple sectors.

Storm-1175, a China-linked group, is launching ultra-fast ransomware attacks using zero-day exploits.

Read more:
sctocs.com/china-storm-...

Iran-Linked Password Spraying Campaign Targets Over 300 Israeli Microsoft 365 Organizations - SCtoCS Iran-linked actors launch password spraying attacks on 300+ Israeli Microsoft 365 organizations, targeting cloud accounts to gain access and exfiltrate sensitive data.

A major Iran-linked campaign targeted Microsoft 365 accounts across Israel using password spraying — a simple but dangerous attack method.

Read more:
sctocs.com/iran-passwor...

Microsoft Warns Of WhatsApp-Delivered VBS Malware Exploiting UAC Bypass On Windows - SCtoCS Microsoft warns of VBS malware spread via WhatsApp that exploits UAC bypass to hijack Windows systems and gain unauthorized access.

Microsoft has identified a new malware campaign spreading via WhatsApp using VBS files to compromise Windows systems.

Read more:
sctocs.com/microsoft-wh...

Silver Fox Expands Asia-Focused Cyber Campaign Using AtlasCross RAT And Fake Domains - SCtoCS Silver Fox broadens its Asia cyber campaign, deploying AtlasCross RAT and fake domains to infiltrate networks and steal sensitive information.

Advanced Malware Alert

Silver Fox is targeting Asia with AtlasCross RAT, delivered fake domains mimicking trusted apps. The malware enables stealthy remote access and data theft.

sctocs.com/silver-fox-a...

Axios Supply Chain Attack Delivers Cross-Platform RAT Through Compromised Npm Account - SCtoCS Axios supply chain attack spreads a cross-platform RAT via a compromised npm account, putting developers and systems at risk of remote control.

Axios npm package was compromised, delivering a cross-platform RAT through a malicious dependency during installation.

sctocs.com/axios-supply...

OpenAI Fixes ChatGPT Data Exfiltration Flaw And Codex Vulnerability Exposing GitHub Tokens - SCtoCS OpenAI patches ChatGPT data exfiltration flaw and Codex vulnerability that exposed GitHub tokens, highlighting risks in AI-driven development tools.

OpenAI patched vulnerabilities in ChatGPT and Codex that could allow silent data leaks and GitHub token theft through prompt injection and command injection techniques.

sctocs.com/openai-chatg...

DeepLoad Malware Leverages ClickFix And WMI Persistence To Steal Browser Credentials - SCtoCS DeepLoad malware uses ClickFix and WMI persistence techniques to steal browser credentials, enabling attackers to maintain access and exfiltrate sensitive data.

Advanced Malware Alert

DeepLoad malware is spreading via ClickFix, stealing browser credentials and maintaining persistence using WMI—even after cleanup.

sctocs.com/deepload-mal...

Russian CTRL Toolkit Uses Malicious LNK Files To Hijack RDP Through FRP Tunnels - SCtoCS Russian CTRL toolkit spreads via malicious LNK files, hijacking RDP connections using FRP tunnels to gain unauthorized access to targeted systems.

Advanced Malware Alert

Russian CTRL toolkit is spreading through fake LNK files, hijacking RDP sessions and using FRP tunnels for stealthy remote access and data exfiltration.

sctocs.com/russian-ctrl...

Three China-Linked Threat Clusters Launch Coordinated Cyber Campaign Against Southeast Asian Government In 2025 - SCtoCS Three China-linked clusters targeted a Southeast Asian government in 2025, deploying advanced malware and espionage tools to gain persistent access.

Coordinated Cyber Attack Alert

Three China-linked threat clusters targeted a Southeast Asian government using stealthy tactics for long-term espionage and data collection.

sctocs.com/china-linked...

Iran-Linked Hackers Compromise FBI Director’s Personal Email, Launch Wiper Attack On Stryker - SCtoCS Iran-linked hackers breached the FBI director’s personal email and launched a destructive wiper attack on Stryker, disrupting systems and leaking data.

Major Cybersecurity Incident

Iran-linked hackers compromised the FBI Director’s personal email and carried out a wiper attack on Stryker, disrupting global operations.

sctocs.com/iran-linked-...

Citrix NetScaler Faces Active Reconnaissance For CVE-2026-3055 High-Severity Memory Overread Vulnerability - SCtoCS Citrix NetScaler is under active reconnaissance targeting CVE-2026-3055, a critical memory overread flaw with a CVSS score of 9.3.

Critical Vulnerability Alert

Attackers are scanning for CVE-2026-3055 in Citrix NetScaler, a high-severity memory overread flaw. Exploitation may follow soon.

sctocs.com/citrix-netsc...

CISA Adds CVE-2025-53521 To KEV List Following Active Exploitation Of F5 BIG-IP APM - SCtoCS CISA adds CVE-2025-53521 to KEV after active exploitation targeting F5 BIG-IP APM, highlighting urgent patching and security risks.

Critical Vulnerability Alert

CISA has added CVE-2025-53521 to its KEV list due to active exploitation affecting F5 BIG-IP APM systems.

sctocs.com/cisa-cve-202...

TeamPCP Distributes Malicious Telnyx Packages On PyPI, Conceals Data Stealer Inside WAV Files - SCtoCS TeamPCP uploads malicious Telnyx packages to PyPI, hiding a data stealer inside WAV files to evade detection and compromise developer systems.

TeamPCP is distributing malicious PyPI packages with hidden data stealers concealed in WAV files via steganography.

sctocs.com/teampcp-mali...

AitM Phishing Attack Targets TikTok Business Accounts By Bypassing Cloudflare Turnstile Security - SCtoCS AitM phishing campaign targets TikTok business accounts, bypassing Cloudflare Turnstile protection to steal credentials and gain unauthorized access.

Critical Phishing Alert

AitM phishing campaign is targeting TikTok business accounts and bypassing Cloudflare Turnstile protections to steal credentials.

sctocs.com/aitm-phishin...

Bearlyfy Targets Russian Firms With Custom GenieLocker Ransomware - SCtoCS The Bearlyfy group is targeting Russian companies using custom GenieLocker ransomware to encrypt systems and demand payment.

Critical Ransomware Alert

Bearlyfy is deploying GenieLocker ransomware to target Russian organizations. A targeted campaign causing operational disruption and financial risk.

sctocs.com/bearlyfy-gen...

Critical Flaws In LangChain And LangGraph Expose Files, Secrets, And Databases - SCtoCS Vulnerabilities in LangChain and LangGraph could expose sensitive files, secrets, and databases in widely used AI applications.

Vulnerabilities in LangChain and LangGraph can expose sensitive files, secrets, and databases. Immediate action is required to secure AI applications.

sctocs.com/langchain-la...

China Linked Red Menshen Uses Stealthy BPFDoor Implants To Spy Through Telecom Networks - SCtoCS The Red Menshen group is deploying stealthy BPFDoor implants to conduct cyber espionage operations through telecom network infrastructure.

Red Menshen is using BPFDoor backdoors to infiltrate telecom networks and conduct covert surveillance. Detection is difficult due to stealth techniques.

sctocs.com/red-menshen-...

Claude Extension Vulnerability Allowed Zero Click XSS And Prompt Injection Via Any Website - SCtoCS A flaw in the Claude browser extension enabled zero click XSS and prompt injection attacks from any website, risking data exposure.

Critical Browser Security

A vulnerability in the Claude extension allowed zero-click XSS and prompt injection from any website, putting users at risk without interaction.

sctocs.com/claude-exten...

LeakBase Administrator Arrested In Russia Over Massive Stolen Credential Marketplace - SCtoCS The administrator of LeakBase has been arrested in Russia for operating a large marketplace trading stolen credentials worldwide.

The administrator of LeakBase, a marketplace for stolen credentials, has been arrested in Russia. A key move in disrupting cybercrime operations.

sctocs.com/leakbase-adm...