Stay informed about the latest software vulnerabilities to protect your systems and data. Here are some recent vulnerabilities and security concerns highlighted by Redditors:

ToddyCat Group Attacks

The hacking group ToddyCat has been actively compromising corporate email data and Microsoft 365 tokens using sophisticated tools.

• Outlook Emails and Microsoft 365 Tokens: ToddyCat uses custom tools like TCSectorCopy to steal Outlook OST files and SharpTokenFinder with ProcDump for in-memory attacks on Microsoft 365 tokens. "The hacking group ToddyCat has adopted new methods to compromise corporate email data, utilizing sophisticated tools to steal Outlook emails and Microsoft 365 access tokens."

• ESET Command Line Scanner Exploit: They have also leveraged a security flaw in ESET Command Line Scanner to deploy TCESB malware. "Recent exploits include leveraging a security flaw in ESET Command Line Scanner to deploy malware TCESB."

Blender File Exploitation

Users of Blender are at risk from malicious .blend files that deploy StealC V2 data-stealing malware.

• Malicious .blend Files: These files are distributed on platforms like CGTrader and execute embedded Python scripts upon opening, if Auto Run is enabled. "Cybersecurity researchers reveal a new campaign leveraging Blender files to deploy StealC V2 data-stealing malware."

• StealC V2 Capabilities: The malware targets 23 web browsers, 100 web plugins and extensions, cryptocurrency wallets, messaging services, and VPNs. ["The StealC V2 malware targets various applications and browser extensions."](https://www.reddit.com/r/pwnhub/comments/1p6g