Geek-Guy.com

Category: APT

AI, APT, china, Cybersecurity, Global Security News, Government & Policy, malware, Russia, Technology

Google finds state-sponsored hackers use AI at ‘all stages’ of attack cycle 

A new report from Google found evidence that state-sponsored hacking groups have leveraged AI tool Gemini at nearly every stage of the cyber attack cycle. The research underscores how AI tools have matured in their cyber offensive capabilities, even as it doesn’t reveal novel or paradigm shifting uses of the technology. John Hultquist, chief analyst…

Read more →

AI, APT, china, Data Breaches, Don't miss, Global Security News, Hot stuff, Network Security, News

Singapore telcos breached in China-linked cyber espionage campaign

Singapore’s four major telecommunications companies were hit by a coordinated cyber espionage campaign last year, the country’s Cyber Security Agency (CSA) has revealed. An advanced persistent threat group known as UNC3886 has probed deep into the networks of M1, SIMBA Telecom, Singtel, and StarHub, spurring Singapore’s security agencies to mount a large cyber defence operation.…

Read more →

AI, APT, Breaking News, china, Data Breaches, Exploits, Global Security News, Government & Policy, hacking, intelligence, Network Security, Security

China-linked APT UNC3886 targets Singapore telcos

China-linked group UNC3886 targeted Singapore ’s telecom sector in a cyber espionage campaign, Singapore’s Cyber Security Agency revealed. Cyber Security Agency of Singapore (CSA) and the Infocomm Media Development Authority (IMDA) ran Operation CYBER GUARDIAN to protect the telecom sector. Since July 2025, investigations showed China-linked UNC3886 launched a targeted campaign against all four major…

Read more →

AI, APT, Data Breaches, Don't miss, Global Security News, News

Poland’s energy control systems were breached through exposed VPN access

On 29 December 2025, coordinated cyberattacks unfolded across Poland’s critical infrastructure, targeting energy and industrial organizations. The attackers struck numerous wind and solar farms, a private manufacturing company, and a heat and power (CHP) plant, but failed to negatively affect energy generation or distribution. Poland’s national computer emergency response team, CERT Polska, assessed that all…

Read more →

AI, APT, china, Cyber warfare, Exploits, Global Security News, Government & Policy, hacking, intelligence, malware

China-linked Amaranth-Dragon hackers target Southeast Asian governments in 2025

China-linked hackers tracked as Amaranth-Dragon targeted government and law enforcement agencies across Southeast Asia in 2025. CheckPoint says China-linked threat actors, tracked as Amaranth-Dragon, carried out cyber-espionage campaigns in 2025 targeting government and law enforcement agencies across Southeast Asia. The activity is linked to the APT41 ecosystem and affected countries including Thailand, Indonesia, Singapore, and…

Read more →

APT, Exploits, Global Security News, hacking, intelligence, malware, Security

APT28 exploits Microsoft Office flaw in Operation Neusploit

Russia-linked APT28 is behind Operation Neusploit, exploiting a newly disclosed Microsoft Office vulnerability in targeted attacks. Russia-linked group APT28 (aka UAC-0001, aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) is behind Operation Neusploit, a campaign that exploits a newly disclosed Microsoft Office vulnerability. The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations…

Read more →

APT, Asia Pacific, Breaking News, Global Security News, hacking, malware, Security

Notepad++ infrastructure hack likely tied to China-nexus APT Lotus Blossom

Rapid7 researchers say the Notepad++ hosting breach is likely linked to the China-nexus Lotus Blossom APT group. Recently, the Notepad++ maintainer revealed that nation-state hackers compromised the hosting provider’s infrastructure, redirecting update traffic to malicious servers. The attack did not exploit flaws in Notepad++ code but intercepted updates before they reached users. “According to the…

Read more →

APT, Asia Pacific, Authentication, Cybercrime, Global Security News, Research, Threats

China-based espionage group compromised Notepad++ for six months

A China-based threat group operating for almost two decades broke into the internal systems of Notepad++, an extremely popular open source-code editor, to spy on a select group of targeted users, researchers at Rapid7 said Monday. Don Ho, the author and maintainer of the open-source tool, said independent security researchers confirmed a China state-sponsored group…

Read more →

APT, Asia Pacific, Authentication, Cybercrime, Global Security News, Research, Threats

China-based espionage group compromised Notepad++ for six months

A China-based threat group operating for almost two decades broke into the internal systems of Notepad++, an extremely popular open source-code editor, to spy on a select group of targeted users, researchers at Rapid7 said Monday. Don Ho, the author and maintainer of the open-source tool, said independent security researchers confirmed a China state-sponsored group…

Read more →

APT, Breaking News, Exploits, Global Security News, hacking, hacking news, Security

Nation-state hack exploited hosting infrastructure to hijack Notepad++ updates

Notepad++ maintainer says nation-state attackers hijacked the app’s update system by redirecting traffic at the hosting provider level. The Notepad++ maintainer revealed that nation-state hackers compromised the hosting provider’s infrastructure, redirecting update traffic to malicious servers. The attack did not exploit flaws in Notepad++ code but intercepted updates before they reached users. “According to the…

Read more →

APT, Breaking News, Exploits, Global Security News, hacking, hacking news, Security

Nation-state hack exploited hosting infrastructure to hijack Notepad++ updates

Notepad++ maintainer says nation-state attackers hijacked the app’s update system by redirecting traffic at the hosting provider level. The Notepad++ maintainer revealed that nation-state hackers compromised the hosting provider’s infrastructure, redirecting update traffic to malicious servers. The attack did not exploit flaws in Notepad++ code but intercepted updates before they reached users. “According to the…

Read more →

APT, Breaking News, Exploits, Global Security News, hacking, hacking news, Security

Nation-state hack exploited hosting infrastructure to hijack Notepad++ updates

Notepad++ maintainer says nation-state attackers hijacked the app’s update system by redirecting traffic at the hosting provider level. The Notepad++ maintainer revealed that nation-state hackers compromised the hosting provider’s infrastructure, redirecting update traffic to malicious servers. The attack did not exploit flaws in Notepad++ code but intercepted updates before they reached users. “According to the…

Read more →

APT, Breaking News, Exploits, Global Security News, hacking, hacking news, Security

Nation-state hack exploited hosting infrastructure to hijack Notepad++ updates

Notepad++ maintainer says nation-state attackers hijacked the app’s update system by redirecting traffic at the hosting provider level. The Notepad++ maintainer revealed that nation-state hackers compromised the hosting provider’s infrastructure, redirecting update traffic to malicious servers. The attack did not exploit flaws in Notepad++ code but intercepted updates before they reached users. “According to the…

Read more →

APT, Cyber warfare, Exploits, Global Security News, Security

Cyberattacks Disrupt Communications at Wind, Solar, and Heat Facilities in Poland

CERT Polska said cyberattacks hit 30+ wind and solar farms, a manufacturer, and a major CHP plant supplying heat to nearly 500,000 people. On December 29, 2025, Poland faced coordinated cyberattacks targeting over 30 wind and solar farms, a manufacturing company, and a major heat and power plant serving nearly 500,000 people, CERT Polska reported.…

Read more →

APT, Cybercrime, Exploits, Global Security News, hacking, Security

Nation-state and criminal actors leverage WinRAR flaw in attacks

Multiple threat actors exploited a now-patched critical WinRAR flaw to gain initial access and deliver various malicious payloads. Google Threat Intelligence Group (GTIG) revealed that multiple threat actors, including APTs and financially motivated groups, are exploiting the CVE-2025-8088 flaw in RARLAB WinRAR to establish initial access and deploy a diverse array of payloads. The WinRAR…

Read more →

APT, Artificial Intelligence, Global Security News, hacking, malware, Security

North Korea–linked KONNI uses AI to build stealthy malware tooling

Check Point links an active phishing campaign to North Korea–aligned KONNI, targeting developers with fake blockchain project docs and using an AI-written PowerShell backdoor. Check Point Research uncovered an active phishing campaign attributed to the North Korea–linked KONNI group (aka Kimsuky, Earth Imp, TA406, Thallium, Vedalia, and Velvet Chollima). The operation targets software developers and engineers using fake project…

Read more →

APT, Breaking News, Cyber warfare, Global Security News, hacking, malware

Russia-linked Sandworm APT implicated in major cyber attack on Poland’s power grid

Russia-linked APT Sandworm launched what was described as the largest cyber attack on Poland’s power grid in Dec 2025. ESET linked a late-2025 cyberattack on Poland’s energy system to the Russia-linked Sandworm APT. “Based on our analysis of the malware and associated TTPs, we attribute the attack to the Russia-aligned Sandworm APT with medium confidence due to…

Read more →

APT, Breaking News, Cyber warfare, Global Security News, hacking, malware

Russia-linked Sandworm APT implicated in major cyber attack on Poland’s power grid

Russia-linked APT Sandworm launched what was described as the largest cyber attack on Poland’s power grid in Dec 2025. ESET linked a late-2025 cyberattack on Poland’s energy system to the Russia-linked Sandworm APT. “Based on our analysis of the malware and associated TTPs, we attribute the attack to the Russia-aligned Sandworm APT with medium confidence due to…

Read more →

APT, Breaking News, Cyber warfare, Exploits, Global Security News, intelligence, Security

China-linked APT UAT-8837 targets North American critical infrastructure

Cisco Talos says a China-linked group, tracked as UAT-8837, has targeted North American critical infrastructure since last year. Cisco Talos reports that threat group UAT-8837, likely linked to China, has targeted critical infrastructure in North America since at least last year. The activity shows tactics overlapping with known China-linked clusters. “Cisco Talos is closely tracking…

Read more →

APT, Breaking News, china, Exploits, Global Security News, hacking, Security

China-linked APT UAT-9686 abused now patched maximum severity AsyncOS bug

Cisco fixed a maximum severity AsyncOS flaw in Secure Email products, previously exploited as a zero-day by China-linked APT group UAT-9686. Cisco fixed a critical AsyncOS flaw, tracked as CVE-2025-20393 (CVSS score of 10.0), affecting Secure Email Gateway and Email and Web Manager, previously exploited as a zero-day by China-linked APT group UAT-9686. Cisco detected attacks…

Read more →

AI, Apps, APT, Blog, CERT-UA, CVEs, Cybersecurity, Exploits, Global Security News, Government & Policy, malware, Network Security, Pluggyape, Risk Management, Russia

UAC-0190 Attack Detection: Fake Charity Lures Used to Deploy the PLUGGYAPE Backdoor Against the Ukrainian Armed Forces

On January 12, 2026, the CERT-UA team disclosed a targeted cyber-espionage campaign against the Ukrainian Armed Forces that abused charity-themed social engineering to deliver the PLUGGYAPE backdoor. The activity, observed between October and December 2025, is attributed with medium confidence to the russia-aligned threat actor known as Void Blizzard (Laundry Bear), tracked by CERT-UA as…

Read more →

AI, Apps, APT, Blog, CERT-UA, CVEs, Cybersecurity, Exploits, Global Security News, Government & Policy, malware, Network Security, Pluggyape, Risk Management, Russia

UAC-0190 Attack Detection: Fake Charity Lures Used to Deploy the PLUGGYAPE Backdoor Against the Ukrainian Armed Forces

On January 12, 2026, the CERT-UA team disclosed a targeted cyber-espionage campaign against the Ukrainian Armed Forces that abused charity-themed social engineering to deliver the PLUGGYAPE backdoor. The activity, observed between October and December 2025, is attributed with medium confidence to the russia-aligned threat actor known as Void Blizzard (Laundry Bear), tracked by CERT-UA as…

Read more →

AI, Apps, APT, Blog, CERT-UA, CVEs, Cybersecurity, Exploits, Global Security News, Government & Policy, malware, Network Security, Pluggyape, Risk Management, Russia

UAC-0190 Attack Detection: Fake Charity Lures Used to Deploy the PLUGGYAPE Backdoor Against the Ukrainian Armed Forces

On January 12, 2026, the CERT-UA team disclosed a targeted cyber-espionage campaign against the Ukrainian Armed Forces that abused charity-themed social engineering to deliver the PLUGGYAPE backdoor. The activity, observed between October and December 2025, is attributed with medium confidence to the russia-aligned threat actor known as Void Blizzard (Laundry Bear), tracked by CERT-UA as…

Read more →

APT, Breaking News, Europe, Global Security News, hacking, intelligence, Security

Credential-harvesting attacks by APT28 hit Turkish, European, and Central Asian organizations

Russia-linked cyberespionage group APT28 targets energy, nuclear, and policy staff in Turkey, Europe, North Macedonia, and Uzbekistan with credential-harvesting attacks. Between February and September 2025, Recorded Future’s Insikt Group observed Russia-linked group APT28 (aka UAC-0001, Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) running credential-harvesting campaigns. Targets included Turkish energy and nuclear agency staff, European think tank personnel, and organizations…

Read more →

APT, Breaking News, Exploits, fbi, Global Security News, intelligence, Security

North Korea–linked APT Kimsuky behind quishing attacks, FBI warns

FBI warns that North Korea–linked APT group Kimsuky is targeting governments, think tanks, and academic institutions with quishing attacks. North Korea–linked APT group Kimsuky is targeting government agencies, academic institutions, and think tanks using spear-phishing emails that contain malicious QR codes (quishing), the FBI warns. “As of 2025, Kimsuky actors have targeted think tanks, academic…

Read more →

APT, Asia Pacific, Breaking News, Global Security News, hacking, intelligence, malware

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

China-linked UAT-7290 has targeted South Asia and Southeastern Europe since 2022, conducting espionage and deploying RushDrop, DriveSwitch, and SilentRaid. China-linked threat actor UAT-7290 has conducted espionage attacks since at least 2022, targeting South Asia and Southeastern Europe. UAT-7290 primarily targets telecom providers, it conducts espionage by deeply embedding in victim networks and also operates Operational…

Read more →

APT, Asia Pacific, Breaking News, Global Security News, hacking, intelligence, malware

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

China-linked UAT-7290 has targeted South Asia and Southeastern Europe since 2022, conducting espionage and deploying RushDrop, DriveSwitch, and SilentRaid. China-linked threat actor UAT-7290 has conducted espionage attacks since at least 2022, targeting South Asia and Southeastern Europe. UAT-7290 primarily targets telecom providers, it conducts espionage by deeply embedding in victim networks and also operates Operational…

Read more →

APT, Asia Pacific, Breaking News, Global Security News, hacking, intelligence, malware

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

China-linked UAT-7290 has targeted South Asia and Southeastern Europe since 2022, conducting espionage and deploying RushDrop, DriveSwitch, and SilentRaid. China-linked threat actor UAT-7290 has conducted espionage attacks since at least 2022, targeting South Asia and Southeastern Europe. UAT-7290 primarily targets telecom providers, it conducts espionage by deeply embedding in victim networks and also operates Operational…

Read more →

APT, Asia Pacific, Breaking News, Global Security News, hacking, intelligence, malware

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

China-linked UAT-7290 has targeted South Asia and Southeastern Europe since 2022, conducting espionage and deploying RushDrop, DriveSwitch, and SilentRaid. China-linked threat actor UAT-7290 has conducted espionage attacks since at least 2022, targeting South Asia and Southeastern Europe. UAT-7290 primarily targets telecom providers, it conducts espionage by deeply embedding in victim networks and also operates Operational…

Read more →

APT, Asia Pacific, Breaking News, Global Security News, hacking, intelligence, malware

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

China-linked UAT-7290 has targeted South Asia and Southeastern Europe since 2022, conducting espionage and deploying RushDrop, DriveSwitch, and SilentRaid. China-linked threat actor UAT-7290 has conducted espionage attacks since at least 2022, targeting South Asia and Southeastern Europe. UAT-7290 primarily targets telecom providers, it conducts espionage by deeply embedding in victim networks and also operates Operational…

Read more →

APT, Asia Pacific, Breaking News, Global Security News, hacking, intelligence, malware

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

China-linked UAT-7290 has targeted South Asia and Southeastern Europe since 2022, conducting espionage and deploying RushDrop, DriveSwitch, and SilentRaid. China-linked threat actor UAT-7290 has conducted espionage attacks since at least 2022, targeting South Asia and Southeastern Europe. UAT-7290 primarily targets telecom providers, it conducts espionage by deeply embedding in victim networks and also operates Operational…

Read more →

APT, Asia Pacific, Breaking News, Global Security News, hacking, intelligence, malware

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

China-linked UAT-7290 has targeted South Asia and Southeastern Europe since 2022, conducting espionage and deploying RushDrop, DriveSwitch, and SilentRaid. China-linked threat actor UAT-7290 has conducted espionage attacks since at least 2022, targeting South Asia and Southeastern Europe. UAT-7290 primarily targets telecom providers, it conducts espionage by deeply embedding in victim networks and also operates Operational…

Read more →

APT, Asia Pacific, Breaking News, Global Security News, hacking, intelligence, malware

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

China-linked UAT-7290 has targeted South Asia and Southeastern Europe since 2022, conducting espionage and deploying RushDrop, DriveSwitch, and SilentRaid. China-linked threat actor UAT-7290 has conducted espionage attacks since at least 2022, targeting South Asia and Southeastern Europe. UAT-7290 primarily targets telecom providers, it conducts espionage by deeply embedding in victim networks and also operates Operational…

Read more →

APT, Asia Pacific, Breaking News, Global Security News, hacking, intelligence, malware

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

China-linked UAT-7290 has targeted South Asia and Southeastern Europe since 2022, conducting espionage and deploying RushDrop, DriveSwitch, and SilentRaid. China-linked threat actor UAT-7290 has conducted espionage attacks since at least 2022, targeting South Asia and Southeastern Europe. UAT-7290 primarily targets telecom providers, it conducts espionage by deeply embedding in victim networks and also operates Operational…

Read more →

APT, Asia Pacific, Breaking News, Global Security News, hacking, intelligence, malware

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

China-linked UAT-7290 has targeted South Asia and Southeastern Europe since 2022, conducting espionage and deploying RushDrop, DriveSwitch, and SilentRaid. China-linked threat actor UAT-7290 has conducted espionage attacks since at least 2022, targeting South Asia and Southeastern Europe. UAT-7290 primarily targets telecom providers, it conducts espionage by deeply embedding in victim networks and also operates Operational…

Read more →

Deeper Network Promo Deeper Network Promo Deeper Network Promo Image

APT, Asia Pacific, Breaking News, Global Security News, hacking, intelligence, malware

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

China-linked UAT-7290 has targeted South Asia and Southeastern Europe since 2022, conducting espionage and deploying RushDrop, DriveSwitch, and SilentRaid. China-linked threat actor UAT-7290 has conducted espionage attacks since at least 2022, targeting South Asia and Southeastern Europe. UAT-7290 primarily targets telecom providers, it conducts espionage by deeply embedding in victim networks and also operates Operational…

Read more →

APT, Asia Pacific, Breaking News, Global Security News, hacking, intelligence, malware

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

China-linked UAT-7290 has targeted South Asia and Southeastern Europe since 2022, conducting espionage and deploying RushDrop, DriveSwitch, and SilentRaid. China-linked threat actor UAT-7290 has conducted espionage attacks since at least 2022, targeting South Asia and Southeastern Europe. UAT-7290 primarily targets telecom providers, it conducts espionage by deeply embedding in victim networks and also operates Operational…

Read more →

APT, Exploits, Global Security News, hacking, hacking news, intelligence, malware

Russia-linked APT UAC-0184 uses Viber to spy on Ukrainian military in 2025

Russia-linked APT UAC-0184 targets Ukrainian military and government bodies via Viber, delivering malicious ZIP files for espionage in 2025. Russia-linked threat actor UAC-0184 (aka Hive0156) is targeting Ukrainian military and government entities, using Viber messages to deliver malicious ZIP files as part of ongoing intelligence-gathering operations in 2025. “Recent monitoring data from the 360 ​​Advanced…

Read more →

APT, Asia Pacific, Breaking News, Global Security News, intelligence, malware, Security

Mustang Panda deploys ToneShell via signed kernel-mode rootkit driver

China-linked APT Mustang Panda used a signed kernel-mode rootkit driver to load shellcode and deploy its ToneShell backdoor. China-linked APT Mustang Panda (aka Hive0154, HoneyMyte, Camaro Dragon, RedDelta or Bronze President) was observed using a signed kernel-mode rootkit driver with embedded shellcode to deploy its ToneShell backdoor. Mustang Panda has been active since at least 2012, targeting American and European entities such as…

Read more →

APT, Asia Pacific, china, Global Security News, intelligence, malware, Security

Evasive Panda cyberespionage campaign uses DNS poisoning to install MgBot backdoor

China-linked APT Evasive Panda used DNS poisoning to deliver the MgBot backdoor in targeted cyber-espionage attacks in Türkiye, China, and India. Kaspersky researchers spotted the China-linked APT group Evasive Panda (aka Daggerfly, Bronze Highland, and StormBamboo) running a targeted cyber-espionage campaign using DNS poisoning to deliver the MgBot backdoor against victims in Türkiye, China, and…

Read more →

APT, Breaking News, Cyber warfare, Europe, Global Security News, hacking, intelligence

Infy Returns: Iran-linked hacking group shows renewed activity

Researchers report renewed activity by Iran-linked Infy (Prince of Persia), showing the hacking group remains active and dangerous after years of silence. SafeBreach researchers have spotted renewed activity from the Iran-linked APT group Infy, also known as Prince of Persia, nearly five years after its last known campaigns in Europe. SafeBreach warns the group remains…

Read more →

APT, Breaking News, Cyber warfare, Exploits, Global Security News, hacking, Security

China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager

Cisco disclosed a critical zero-day (CVE-2025-20393) in Secure Email Gateway and Secure Email and Web Manager, actively exploited by a China-linked group. Cisco disclosed a critical zero-day, tracked as CVE-2025-20393, in Secure Email Gateway and Secure Email/Web Manager, which is actively exploited by a China-linked threat group. Cisco reported a December 10 campaign targeting certain…

Read more →

APT, china, Cybersecurity, Exploits, Global Security News, Research, Threats

Cisco customers hit by fresh wave of zero-day attacks from China-linked APT

Cisco customers are confronting a fresh wave of attacks from a Chinese threat group that has actively exploited a critical zero-day vulnerability affecting the vendor’s software for email and web security since at least late November, the company said in an advisory Wednesday.  Cisco said it became aware of the attacks Dec. 10. The defect…

Read more →

APT, Breaking News, Cyber warfare, Exploits, Global Security News, hacking, intelligence

Russian state hackers targeted Western critical infrastructure for years, Amazon says

Amazon disclosed a years-long Russian state-backed cyber campaign targeting Western critical infrastructure from 2021 to 2025. Amazon Threat Intelligence reports a long-running Russian state-backed campaign (2021–2025) targeting Western critical infrastructure. Threat actors shifted from exploiting vulnerabilities to abusing misconfigured network edge devices, enabling credential theft and lateral movement with lower risk. The researchers linked the…

Read more →

APT, Breaking News, Cyber warfare, Europe, Global Security News, intelligence, Security

Germany calls in Russian Ambassador over air traffic control hack claims

Germany summoned Russia’s ambassador over alleged cyberattacks on air traffic control and a disinformation campaign ahead of national elections. Germany summoned Russia’s ambassador after accusing Moscow of cyber attacks against its air traffic control authority and running a disinformation campaign ahead of February’s election. The German government announced it has clear evidence linking an August…

Read more →

APT, Breaking News, Cyber warfare, Exploits, Global Security News, malware, Security

New EtherRAT backdoor surfaces in React2Shell attacks tied to North Korea

NK-linked hackers are likely exploiting the React2Shell flaw to deploy a newly discovered remote access trojan, dubbed EtherRAT. North Korea–linked threat actors are likely exploiting the new critical React2Shell flaw (CVE-2025-55182) to deploy a previously unknown remote access trojan called EtherRAT, Sysdig researchers warn. The vulnerability CVE-2025-55182, is a pre-authentication remote code execution issue in React…

Read more →

APT, Breaking News, Exploits, Global Security News, hacking, intelligence, Security

AWS: China-linked threat actors weaponized React2Shell hours after disclosure

Multiple China-linked threat actors began exploiting the CVE-2025-55182, aka React2Shell flaw, within hours, AWS Security warns. Multiple China-linked threat actors began exploiting the CVE-2025-55182, also known as the React2Shell flaw, within hours, according to AWS Security. The researchers confirmed that this vulnerability doesn’t affect AWS services, however they opted to share threat intelligence data to…

Read more →

APT, Breaking News, Global Security News, hacking, information security news, malware, North America

MuddyWater strikes Israel with advanced MuddyViper malware

Iran-linked threat actor MuddyWater targeted multiple Israeli sectors with a new MuddyViper backdoor in recent attacks. ESET researchers uncovered a new MuddyWater campaign targeting Israeli organizations and one confirmed Egyptian target. The Iran-linked APT group MuddyWater (aka SeedWorm, TEMP.Zagros, Mango Sandstorm, TA450, and Static Kitten) deployed custom tools to evade defenses and maintain persistence. They used a Fooder loader,…

Read more →

APT, Global Security News, hacking, malware, Security

Contagious Interview campaign expands with 197 npm Ppackages spreading new OtterCookie malware

North Korea-linked actors behind Contagious Interview uploaded 197 new malicious npm packages to distribute a new OtterCookie malware version. North Korea-linked threat actors added 197 new malicious npm packages to spread updated OtterCookie malware as part of the ongoing Contagious Interview campaign, cybersecurity firm Socket warns. The Contagious Interview campaign, active since November 2023 and linked to…

Read more →

APT, Breaking News, Exploits, Global Security News, intelligence, malware, Security

For the first time, a RomCom payload has been observed being distributed via SocGholish

RomCom malware used the SocGholish fake update loader to deliver Mythic Agent to a U.S. civil engineering firm. In September 2025, Arctic Wolf Labs observed RomCom threat actors delivering the Mythic Agent via SocGholish to a U.S. company. The researchers noticed that the payload executed about 10 minutes after initial exploitation, marking the first time…

Read more →

APT, Asia Pacific, Breaking News, Global Security News, intelligence, malware, Security

BadAudio malware: how APT24 scaled its cyberespionage through supply chain attacks

APT24 used supply chain attacks and varied techniques to deploy the BadAudio malware in a long-running cyberespionage campaign. China-linked group APT24 used supply-chain attacks and multiple techniques over three years to deploy the BadAudio downloader and additional malware payloads, Google Threat Intelligence Group (GTIG) warns. According to the researchers, the group shifted from broad web…

Read more →

APT, Cyber warfare, Exploits, Global Security News, hacking, Security

Cyber-enabled kinetic targeting: Iran-linked actor uses cyber operations to support physical attacks

Iran-linked actors mapped ship AIS data ahead of a missile strike attempt, highlighting the rise of cyber operations enabling real-world attacks. Iran-linked threat actors mapped ship Automatic Identification System (AIS) data shortly before an attempted missile strike, showing how Tehran-aligned groups use cyber operations to support and amplify real-world kinetic attacks. The research demonstrates that…

Read more →

APT, Asia Pacific, Breaking News, Cyber warfare, Global Security News, hacking, intelligence

Anthropic: China-backed hackers launch first large-scale autonomous AI cyberattack

China-linked actors used Anthropic’s AI to automate and run cyberattacks in a sophisticated 2025 espionage campaign using advanced agentic tools. China-linked threat actors used Anthropic’s AI to automate and execute cyberattacks in a highly sophisticated espionage campaign in September 2025. The cyber spies leveraged advanced “agentic” capabilities rather than using AI only for guidance. Attackers…

Read more →

APT, Asia Pacific, Breaking News, Cyber warfare, Global Security News, hacking, intelligence

Australia’s spy chief warns of China-linked threats to critical infrastructure

Australia’s spy chief warns China-linked actors are probing critical infrastructure and preparing for cyber sabotage and espionage. Australia’s intelligence chief Mike Burgess warned that China-linked threat actors are probing critical infrastructure and, in some cases, have gained access. He said at least two Chinese state-sponsored groups are positioning themselves for future sabotage and espionage operations…

Read more →

APT, Asia Pacific, Cyber warfare, Global Security News, hacking, intelligence, malware

China-linked hackers target U.S. non-profit in long-term espionage campaign

A China-linked group targeted a U.S. non-profit to gain long-term access, part of wider attacks on U.S. entities tied to policy matters. China-linked hackers breached a U.S. policy-focused nonprofit in April 2025, maintaining weeks of access. They used DLL sideloading via vetysafe.exe, a tactic used by other Chinese APT groups like Space Pirates, Kelp, and…

Read more →

APT, Cyber warfare, Exploits, Global Security News, hacking, hacking news, malware

Russia-linked APT InedibleOchotense impersonates ESET to deploy backdoor on Ukrainian systems

Russia-linked group InedibleOchotense used fake ESET installers in phishing attacks on Ukrainian targets in May 2025. Russia-linked group InedibleOchotense used trojanized ESET installers in phishing attacks against Ukrainian entities detected in May 2025. The campaign used emails and Signal messages to deliver trojanized ESET installers that installed both legitimate software and the Kalambur backdoor. “Another…

Read more →

APT, Breaking News, Global Security News, hacking, hacking news, Security

SonicWall blames state-sponsored hackers for September security breach

Cybersecurity firm SonicWall attributed the September security breach exposing firewall configuration files to state-sponsored hackers. In September, SonicWall urged customers to reset credentials after firewall backup files tied to MySonicWall accounts were exposed. The company announced it had blocked attackers’ access and was working with cybersecurity experts and law enforcement agencies to determine the scope…

Read more →

APT, cyber attack, cyber crime, Global Security News, malware, Security

New Dante Spyware Linked to Rebranded Hacking Team, Now Memento Labs

Kaspersky researchers uncovered Operation ForumTroll, an attack campaign utilising the new ‘Dante’ spyware developed by Memento Labs, the rebranded Hacking Team. The attacks used a Chrome zero-day vulnerability (CVE-2025-2783) and COM hijacking for persistence, confirming the continued deployment of advanced surveillance tools by the controversial Italian firm.

Read more →

APT, Asia Pacific, Breaking News, Cyber warfare, Global Security News, intelligence, malware

China-linked UNC6384 exploits Windows zero-day to spy on European diplomats

A China-linked APT group UNC6384 exploits a Windows zero-day in an active cyber espionage targeting European diplomats. Arctic Wolf Labs researchers uncovered a cyber espionage campaign by China-linked APT UNC6384 targeting diplomatic entities in Hungary, Belgium, and other EU nations. UNC6384 is a China-nexus actor recently detailed by Google TAG, has expanded from targeting Southeast…

Read more →

APT, Breaking News, Cyber warfare, Exploits, Global Security News, hacking, intelligence

Russian hackers, likely linked to Sandworm, exploit legitimate tools against Ukrainian targets

Russian actors, likely linked to Sandworm, targeted Ukrainian firms using LotL tactics and dual-use tools to steal data and stay hidden, says Symantec and Carbon Black. Russian threat actors, likely linked to the APT Sandworm, targeted Ukrainian organizations to steal sensitive data and maintain long-term network access, Symantec Threat Hunter Team and Carbon Black report.…

Read more →

APT, Breaking News, Exploits, Global Security News, hacking, intelligence, malware

Memento Labs, the ghost of Hacking Team, has returned — or maybe it was never gone at all.

Kaspersky links the first Chrome zero-day of 2025 to tools used in attacks attributed to Memento Labs, formerly known as the Hacking Team. The actor behind Operation ForumTroll used the same tools seen in Dante spyware attacks. Kaspersky researchers linked the first Chrome zero-day of 2025 (CVE-2025-2783), a sandbox escape flaw, to the arsenal of…

Read more →

APT, china, Commentary, Cybersecurity, Exploits, Global Security News, Uncategorized

Shifting from reactive to proactive: Cyber resilience amid nation-state espionage

In recent years, the cybersecurity industry has made significant strides in securing endpoints with advanced Endpoint Detection and Response (EDR) solutions, and we have been successful in making life more difficult for our adversaries.  While this progress is a victory, it has also produced a predictable and dangerous consequence where threat actors are shifting their…

Read more →

APT, Breaking News, Exploits, Global Security News, hacking, intelligence, Security

China-linked hackers exploit patched ToolShell flaw to breach Middle East telecom

China-based threat actors exploited ToolShell SharePoint flaw CVE-2025-53770 soon after its July patch. China-linked threat actors exploited the ToolShell SharePoint flaw vulnerability, tracked as CVE-2025-53770, to breach a telecommunications company in the Middle East after it was addressed by Microsoft in July 2025. “China-based attackers used the ToolShell vulnerability (CVE-2025-53770) to compromise a telecoms company in…

Read more →

APT, Cyber warfare, Europe, Global Security News, hacking, intelligence, malware

Lazarus targets European defense firms in UAV-themed Operation DreamJob

North Korean Lazarus hackers targeted 3 European defense firms via Operation DreamJob, using fake recruitment lures to hit UAV tech staff. North Korea-linked Lazarus APT group (aka Hidden Cobra) launched Operation DreamJob, compromising three European defense companies. Threat actors used fake recruiter profiles to lure employees into UAV technology roles, aiming to gain access to…

Read more →

APT, Breaking News, Exploits, Global Security News, hacking, intelligence, Security

PhantomCaptcha targets Ukraine relief groups with WebSocket RAT in October 2025

PhantomCaptcha phishing campaign hit Ukraine relief groups with a WebSocket RAT on Oct 8, 2025, targeting Red Cross, UNICEF, and others. SentinelOne researchers uncovered PhantomCaptcha, a coordinated spear-phishing campaign on October 8, 2025, targeting Ukraine war relief groups, including Red Cross, UNICEF, NRC, and local administrations. Threat actors used fake emails to deploy a WebSocket-based…

Read more →

APT, Breaking News, Global Security News, hacking, intelligence, malware

Russia-linked COLDRIVER speeds up malware evolution after LOSTKEYS exposure

Russia-linked COLDRIVER rapidly evolved its malware since May 2025, refining tools just days after releasing its LOSTKEYS variant, says Google. The Russia-linked hacking group COLDRIVER has been quickly upgrading its malware since May 2025, when its LOSTKEYS malware was exposed. According to Google’s Threat Intelligence Group, the hackers have been rolling out frequent updates and…

Read more →

APT, Asia Pacific, Breaking News, Cyber warfare, Global Security News, hacking, Security

China-Linked Salt Typhoon breaches European Telecom via Citrix exploit

China-linked Salt Typhoon hacked a European telecom in July 2025 via a Citrix NetScaler Gateway exploit for initial access. A European telecom firm was targeted in July 2025 by China-linked APT group Salt Typhoon (also known as Earth Estries, FamousSparrow, GhostEmperor, UNC5807, RedMike)), which exploited a Citrix NetScaler Gateway to gain initial access. In late…

Read more →

APT, Asia Pacific, Cyber warfare, Global Security News, hacking, intelligence, Security

China-linked APT Jewelbug targets Russian IT provider in rare cross-nation cyberattack

China-linked APT Jewelbug targeted a Russian IT provider for five months in 2025, showing Russia remains exposed to Chinese cyber espionage. China-linked threat actor Jewelbug (aka CL-STA-0049, Earth Alux, and REF7707) carried out a five-month intrusion on a Russian IT service provider, marking its expansion beyond Southeast Asia and South America. The campaign, reported by…

Read more →

APT, Asia Pacific, Breaking News, Global Security News, hacking, intelligence, Security

Flax Typhoon APT exploited ArcGIS server for over a year as a backdoor

China-linked cyberespionage group Flax Typhoon hijacked an ArcGIS system for over a year and used it as a backdoor. China-linked APT group Flax Typhoon (aka Ethereal Panda or RedJuliett) compromised an ArcGIS system for over a year, using it as a backdoor. ArcGIS, a key GIS platform for mapping and analysis, supports vital services like…

Read more →

Deeper Network Promo Deeper Network Promo Deeper Network Promo Image

APT, Breaking News, Cyber warfare, Exploits, Global Security News, hacking, intelligence

Ukraine sees surge in AI-Powered cyberattacks by Russia-linked Threat Actors

Russia-linked actors use AI to craft phishing and malware attacks against entities in Ukraine, says SSSCIP. Russian hackers increasingly use AI in cyberattacks against Ukraine, the country’s State Service for Special Communications and Information Protection (SSSCIP) reported. Beyond AI-generated phishing, some malware samples now show AI-generated code. In H1 2025, Ukraine recorded 3,018 cyber incidents,…

Read more →

APT, Global Security News, hacking, malware, Security

North Korea’s APT37 deploys RokRAT in new phishing campaign against academics

ScarCruft (APT37) launches Operation HanKook Phantom, a phishing campaign using RokRAT to target academics, ex-officials, and researchers. Cybersecurity firm Seqrite Labs uncovered a phishing campaign, tracked as dubbed Operation HanKook Phantom, by the North Korea-linked group APT37 (aka Ricochet Chollima, ScarCruft, Reaper, and Group123). Threat actors are using a fake “National Intelligence Research Society Newsletter…

Read more →

Amazon, APT, Breaking News, Global Security News, hacking, intelligence

Amazon blocks APT29 campaign targeting Microsoft device code authentication

Amazon stopped a Russia-linked APT29 watering hole attack that hijacked Microsoft device code authentication via compromised sites. Amazon announced that it had disrupted an opportunistic watering hole campaign orchestrated by the Russia-linked cyber espionage group APT29 (aka SVR group, Cozy Bear, Nobelium, BlueBravo, Midnight Blizzard, and The Dukes). Amazon experts labeled the attacks as an opportunistic watering hole campaign using compromised…

Read more →

APT, Asia Pacific, Breaking News, Cyber warfare, Global Security News, intelligence, Security

Dutch intelligence warn that China-linked APT Salt Typhoon targeted local critical infrastructure

Dutch intelligence reports Chinese cyber spies (Salt Typhoon, RedMike) targeted the Netherlands, hitting critical infrastructure. The Dutch intelligence and security services MIVD and AIVD say Chinese cyber spies linked to Salt Typhoon (RedMike) targeted the Netherlands in a campaign hitting global critical infrastructure. In late 2024, a large-scale Chinese cyberespionage campaign targeting global telecoms was…

Read more →

APT, Breaking News, Cyber warfare, Exploits, Global Security News, hacking, intelligence

NSA, NCSC, and allies detailed TTPs associated with Chinese APT actors targeting critical infrastructure Orgs

NSA and allies warn that Chinese APT actors, including Salt Typhoon, are targeting critical infrastructure worldwide. The U.S. National Security Agency (NSA), the UK’s National Cyber Security Centre (NCSC), and allies warn Chinese APT actors, linked to Salt Typhoon, are targeting global telecom, government, transport, lodging, and military sectors. “The National Security Agency (NSA) and…

Read more →

APT, Breaking News, Cyber warfare, Exploits, Global Security News, hacking, intelligence

NSA, NCSC, and allies detailed TTPs associated with Chinese APT actors targeting critical infrastructure Orgs

NSA and allies warn that Chinese APT actors, including Salt Typhoon, are targeting critical infrastructure worldwide. The U.S. National Security Agency (NSA), the UK’s National Cyber Security Centre (NCSC), and allies warn Chinese APT actors, linked to Salt Typhoon, are targeting global telecom, government, transport, lodging, and military sectors. “The National Security Agency (NSA) and…

Read more →

APT, Breaking News, Cyber warfare, Exploits, Global Security News, hacking, intelligence

NSA, NCSC, and allies detailed TTPs associated with Chinese APT actors targeting critical infrastructure Orgs

NSA and allies warn that Chinese APT actors, including Salt Typhoon, are targeting critical infrastructure worldwide. The U.S. National Security Agency (NSA), the UK’s National Cyber Security Centre (NCSC), and allies warn Chinese APT actors, linked to Salt Typhoon, are targeting global telecom, government, transport, lodging, and military sectors. “The National Security Agency (NSA) and…

Read more →

APT, Breaking News, Cyber warfare, Exploits, Global Security News, hacking, intelligence

NSA, NCSC, and allies detailed TTPs associated with Chinese APT actors targeting critical infrastructure Orgs

NSA and allies warn that Chinese APT actors, including Salt Typhoon, are targeting critical infrastructure worldwide. The U.S. National Security Agency (NSA), the UK’s National Cyber Security Centre (NCSC), and allies warn Chinese APT actors, linked to Salt Typhoon, are targeting global telecom, government, transport, lodging, and military sectors. “The National Security Agency (NSA) and…

Read more →

APT, Asia Pacific, Breaking News, Global Security News, intelligence, malware, Security

China linked UNC6384 targeted diplomats by hijacking web traffic

The China-linked APT group UNC6384 targeted diplomats by hijacking web traffic to redirect it to a website that delivered malware. China-linked cyberespionage group UNC6384 targeted diplomats by hijacking web traffic to redirect to a website used to deliver malware, Google’s Threat Intelligence Group (GTIG) warns. Cyberspies hijacked a network’s captive portal using an advanced adversary-in-the-middle…

Read more →

APT, Asia Pacific, Breaking News, Global Security News, intelligence, malware, Security

China linked UNC6384 targeted diplomats by hijacking web traffic

The China-linked APT group UNC6384 targeted diplomats by hijacking web traffic to redirect it to a website that delivered malware. China-linked cyberespionage group UNC6384 targeted diplomats by hijacking web traffic to redirect to a website used to deliver malware, Google’s Threat Intelligence Group (GTIG) warns. Cyberspies hijacked a network’s captive portal using an advanced adversary-in-the-middle…

Read more →

APT, Asia Pacific, Breaking News, Global Security News, intelligence, malware, Security

China linked UNC6384 targeted diplomats by hijacking web traffic

The China-linked APT group UNC6384 targeted diplomats by hijacking web traffic to redirect it to a website that delivered malware. China-linked cyberespionage group UNC6384 targeted diplomats by hijacking web traffic to redirect to a website used to deliver malware, Google’s Threat Intelligence Group (GTIG) warns. Cyberspies hijacked a network’s captive portal using an advanced adversary-in-the-middle…

Read more →

APT, Asia Pacific, Breaking News, Global Security News, intelligence, malware, Security

China linked UNC6384 targeted diplomats by hijacking web traffic

The China-linked APT group UNC6384 targeted diplomats by hijacking web traffic to redirect it to a website that delivered malware. China-linked cyberespionage group UNC6384 targeted diplomats by hijacking web traffic to redirect to a website used to deliver malware, Google’s Threat Intelligence Group (GTIG) warns. Cyberspies hijacked a network’s captive portal using an advanced adversary-in-the-middle…

Read more →

APT, Exploits, Global Security News, hacking, information security news, intelligence, Security

ToolShell under siege: Check Point analyzes Chinese APT Storm-2603

Storm-2603 group exploits SharePoint flaws and uses a custom C2 framework, AK47 C2, with HTTP- and DNS-based variants named AK47HTTP and AK47DNS. Check Point Research is tracking a ToolShell campaign exploiting four Microsoft SharePoint flaws, linking it to China-nexus groups APT27, APT31, and a new cluster, Storm-2603. The researchers pointed out that Storm-2603’s goals remain…

Read more →

APT, Global Security News, hacking, intelligence, malware, Security

Russia-linked APT Secret Blizzard targets foreign embassies in Moscow with ApolloShadow malware

Russia-linked Secret Blizzard targets foreign embassies in Moscow via ISP-level AitM attacks, deploying custom ApolloShadow malware. Microsoft researchers uncovered a cyberespionage campaign by the Russia-linked APT group Secret Blizzard (aka Turla, Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON)  targeting foreign embassies in Moscow. The threat actor uses an adversary-in-the-middle (AiTM) method at the ISP level to deploy custom malware called ApolloShadow. This…

Read more →

APT, Asia Pacific, Cybersecurity, Geopolitics, Global Security News, Research, Threats

Russia-affiliated Secret Blizzard conducting ongoing espionage against embassies in Moscow

A Russian nation-state threat group has been spying on foreign diplomats, managing continuous access to their  communications and data in Moscow since at least 2024, according to Microsoft Threat Intelligence. Secret Blizzard is gaining “adversary-in-the-middle” positions on Russian internet service providers and telecom networks by likely leveraging surveillance tools and deploying malware on targeted devices,…

Read more →

APT, Breaking News, Exploits, Global Security News, hacking, intelligence, Security

China-linked group Fire Ant exploits VMware and F5 flaws since early 2025

China-linked group Fire Ant exploits VMware and F5 flaws to stealthily breach secure systems, reports cybersecurity firm Sygnia. China-linked cyberespionage group Fire Ant is exploiting VMware and F5 vulnerabilities to stealthily access secure, segmented systems, according to Sygnia. Since early 2025, the group has targeted virtualization and networking infrastructure, primarily VMware ESXi and vCenter environments.…

Read more →

APT, Asia Pacific, Breaking News, china, Global Security News, hacking, intelligence

Microsoft linked attacks on SharePoint flaws to China-nexus actors

Microsoft linked SharePoint exploits to China-nexus groups Linen Typhoon, Violet Typhoon, and Storm-2603, active since July 7, 2025. Microsoft confirmed that China-linked groups Linen Typhoon, Violet Typhoon, and Storm-2603 exploited SharePoint flaws for initial access as early as July 7, 2025. “As of this writing, Microsoft has observed two named Chinese nation-state actors, Linen Typhoon…

Read more →

APT, Breaking News, Global Security News, hacking, intelligence, malware, North America

MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict

Iran-linked APT MuddyWater is deploying new DCHSpy spyware variants to target Android users amid the ongoing conflict with Israel. Lookout researchers observed Iran-linked APT MuddyWater  (aka SeedWorm, TEMP.Zagros, and Static Kitten) is deploying a new version of the DCHSpy Android spyware in the context of the Israel-Iran conflict. The first MuddyWater campaign was observed in late 2017, when the APT group targeted entities in…

Read more →

APT, Breaking News, Cyber warfare, Global Security News, hacking, malware

LameHug: first AI-Powered malware linked to Russia’s APT28

LameHug malware uses AI to create data-theft commands on infected Windows systems. Ukraine links it to the Russia-nexus APT28 group. Ukrainian CERT-UA warns of a new malware strain dubbed LameHug that uses a large language model (LLM) to generate commands to be executed on compromised Windows systems. Ukrainian experts attribute the malware to the Russia-linked…

Read more →

APT, Asia Pacific, Breaking News, Global Security News, hacking, intelligence, Security

Salt Typhoon breach: Chinese APT compromises U.S. Army National Guard network

China-linked APT Salt Typhoon breached a U.S. Army National Guard unit’s network, accessed configs, and intercepted communications with other units. A DoD report warns that China-nexus hacking group Salt Typhoon breached a U.S. state’s Army National Guard network from March to December 2024. The APT stole network configs, admin credentials, and data exchanged with units…

Read more →

APT, Breaking News, Global Security News, hacking, hacking news, malware

North Korea-linked actors spread XORIndex malware via 67 malicious npm packages

North Korea-linked hackers uploaded 67 malicious npm packages with XORIndex malware, hitting 17K+ downloads in ongoing supply chain attacks. North Korea-linked threat actors behind the Contagious Interview campaign have uploaded 67 malicious npm packages with XORIndex malware loader, hitting over 17,000 downloads in ongoing supply chain attacks. XORIndex was built to evade detection and deploy…

Read more →

APT, Breaking News, Europe, Global Security News, intelligence, malware

DoNot APT is expanding scope targeting European foreign ministries

DoNot APT, likely an India-linked cyberespionage group, targets European foreign ministries with LoptikMod malware. The DoNot APT group, likely linked to India, has expanded its operations and is targeting European foreign ministries with a new malware, called LoptikMod. The Donot Team (also known as APT-C-35 and Origami Elephant) has been active since 2016, focusing on government entities, foreign…

Read more →

APT, Breaking News, cyber crime, Global Security News, intelligence, malware

Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates

An Iranian ransomware group, Pay2Key.I2P, has intensified attacks on U.S. and Israeli targets, offering affiliates higher profits. The Iranian ransomware group Pay2Key.I2P is stepping up attacks on U.S. and Israeli targets, luring affiliates with higher profit shares. The ransomware gang is the successor to the original Pay2Key group and experts linked it to the Iran-nexus…

Read more →

APT, Global Security News, hacking, intelligence, malware, Security

North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates

North Korea-linked hackers use fake Zoom updates to spread macOS NimDoor malware, targeting crypto firms with stealthy backdoors. North Korea-linked threat actors are targeting Web3 and crypto firms with NimDoor, a rare macOS backdoor disguised as a fake Zoom update. Victims are tricked into installing the malware through phishing links sent via Calendly or Telegram.…

Read more →

APT, Breaking News, china, Exploits, Global Security News, hacking, Security

China-linked group Houken hit French organizations using zero-days

China-linked group Houken hit French govt, telecom, media, finance and transport sectors using Ivanti CSA zero-days, says France’s ANSSI. France’s cyber agency ANSSI revealed that a Chinese hacking group used Ivanti CSA zero-days to target government, telecom, media, finance, and transport sectors. The campaign, active since September 2024, is linked to the Houken intrusion set,…

Read more →