Category: intelligence

AI, Breaking News, Cybersecurity, Data Breaches, Endpoint, Europe, Exploits, Global Security News, Government & Policy, hacking, hacking news, intelligence, Security

Dutch agencies hit by Ivanti EPMM exploit exposing employee contact data

February 10, 2026

Dutch agencies confirmed attacks exploiting Ivanti EPMM flaws that exposed employee contact data at the data protection authority and courts. Dutch authorities said cyberattacks hit the Dutch Data Protection Authority and the Council for the Judiciary after hackers exploited newly disclosed flaws in Ivanti Endpoint Manager Mobile (EPMM). The incidents were reported to parliament, and…

China-linked APT UNC3886 targets Singapore telcos

February 10, 2026

China-linked group UNC3886 targeted Singapore ’s telecom sector in a cyber espionage campaign, Singapore’s Cyber Security Agency revealed. Cyber Security Agency of Singapore (CSA) and the Infocomm Media Development Authority (IMDA) ran Operation CYBER GUARDIAN to protect the telecom sector. Since July 2025, investigations showed China-linked UNC3886 launched a targeted campaign against all four major…

China-linked Amaranth-Dragon hackers target Southeast Asian governments in 2025

February 5, 2026

China-linked hackers tracked as Amaranth-Dragon targeted government and law enforcement agencies across Southeast Asia in 2025. CheckPoint says China-linked threat actors, tracked as Amaranth-Dragon, carried out cyber-espionage campaigns in 2025 targeting government and law enforcement agencies across Southeast Asia. The activity is linked to the APT41 ecosystem and affected countries including Thailand, Indonesia, Singapore, and…

APT28 exploits Microsoft Office flaw in Operation Neusploit

February 3, 2026

Russia-linked APT28 is behind Operation Neusploit, exploiting a newly disclosed Microsoft Office vulnerability in targeted attacks. Russia-linked group APT28 (aka UAC-0001, aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) is behind Operation Neusploit, a campaign that exploits a newly disclosed Microsoft Office vulnerability. The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations…

China-linked APT UAT-8837 targets North American critical infrastructure

January 17, 2026

Cisco Talos says a China-linked group, tracked as UAT-8837, has targeted North American critical infrastructure since last year. Cisco Talos reports that threat group UAT-8837, likely linked to China, has targeted critical infrastructure in North America since at least last year. The activity shows tactics overlapping with known China-linked clusters. “Cisco Talos is closely tracking…

China bans U.S. and Israeli cybersecurity software over security concerns

January 15, 2026

China has told domestic firms to stop using U.S. and Israeli cybersecurity software, citing national security concerns amid rising tech tensions. Reuters reported that China has ordered domestic companies to stop using cybersecurity solutions from more than a dozen U.S. and Israeli firms, citing national security risks. Tensions remain high over China’s push in semiconductors…

CERT-UA reports PLUGGYAPE cyberattacks on defense forces

January 14, 2026

CERT-UA reported PLUGGYAPE malware attacks on Ukraine’s defense forces, linked with medium confidence to Russia’s Void Blizzard group. The Computer Emergency Response Team of Ukraine (CERT-UA) reported new cyberattacks against Ukraine’s defense forces using PLUGGYAPE malware. Government experts attributed the attack with medium confidence to the Russian-linked group Void Blizzard (aka Laundry Bear, UAC-0190), active…

Credential-harvesting attacks by APT28 hit Turkish, European, and Central Asian organizations

January 12, 2026

Russia-linked cyberespionage group APT28 targets energy, nuclear, and policy staff in Turkey, Europe, North Macedonia, and Uzbekistan with credential-harvesting attacks. Between February and September 2025, Recorded Future’s Insikt Group observed Russia-linked group APT28 (aka UAC-0001, Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) running credential-harvesting campaigns. Targets included Turkish energy and nuclear agency staff, European think tank personnel, and organizations…

North Korea–linked APT Kimsuky behind quishing attacks, FBI warns

January 10, 2026

FBI warns that North Korea–linked APT group Kimsuky is targeting governments, think tanks, and academic institutions with quishing attacks. North Korea–linked APT group Kimsuky is targeting government agencies, academic institutions, and think tanks using spear-phishing emails that contain malicious QR codes (quishing), the FBI warns. “As of 2025, Kimsuky actors have targeted think tanks, academic…

Iran cuts Internet nationwide amid deadly protest crackdown

January 9, 2026

Iran shut down the internet as protests spread nationwide. Dozens were killed in a violent crackdown amid soaring inflation and a collapsing currency. Iran has shut down the internet nationwide as protests spread across multiple cities. Security forces responded with a violent crackdown that reportedly killed dozens. Demonstrations continued despite the blackout, with shops closing…

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

January 9, 2026

China-linked UAT-7290 has targeted South Asia and Southeastern Europe since 2022, conducting espionage and deploying RushDrop, DriveSwitch, and SilentRaid. China-linked threat actor UAT-7290 has conducted espionage attacks since at least 2022, targeting South Asia and Southeastern Europe. UAT-7290 primarily targets telecom providers, it conducts espionage by deeply embedding in victim networks and also operates Operational…

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

January 9, 2026

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

January 9, 2026

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

January 9, 2026

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

January 9, 2026

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

January 9, 2026

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

January 9, 2026

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

January 9, 2026

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

January 9, 2026

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

January 9, 2026

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

January 9, 2026

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

January 9, 2026

China-linked groups intensify attacks on Taiwan’s critical infrastructure, NSB warns

January 8, 2026

Taiwan says China-linked cyberattacks on its energy sector rose tenfold in 2025, hitting critical infrastructure across nine sectors, with total incidents up 6%. Taiwan reports China-linked cyberattacks on its energy sector surged tenfold in 2025, targeting critical infrastructure across nine sectors, with total incidents up 6% YoY. Taiwan’s National Security Bureau (NSB) reports China launched…

Russia-linked APT UAC-0184 uses Viber to spy on Ukrainian military in 2025

January 5, 2026

Russia-linked APT UAC-0184 targets Ukrainian military and government bodies via Viber, delivering malicious ZIP files for espionage in 2025. Russia-linked threat actor UAC-0184 (aka Hive0156) is targeting Ukrainian military and government entities, using Viber messages to deliver malicious ZIP files as part of ongoing intelligence-gathering operations in 2025. “Recent monitoring data from the 360 Advanced…

What is happening to the Internet in Venezuela? Did the U.S. use cyber capabilities?

January 4, 2026

In light of the tragic events that have occurred in Venezuela, what is happening to the Internet in the country, and how are users accessing it? Yesterday, the United States launched a “large scale strike” in Venezuela, capturing Venezuelan President Nicolas Maduro and his wife. Former Venezuelan leader Nicolás Maduro and his wife were taken…

President Trump blocks $2.9M Emcore chip sale over security concerns

January 4, 2026

Trump ordered the divestment of a $2.9M chip deal, citing U.S. national security risks if HieFo retained control of Emcore ’s technology. President Trump ordered the divestment of a $2.9 million chips deal, citing national security risks tied to HieFo Corp.’s control of Emcore ’s chip technology. HieFo (short for High Efficiency Photonics) is a…

Mustang Panda deploys ToneShell via signed kernel-mode rootkit driver

December 30, 2025

China-linked APT Mustang Panda used a signed kernel-mode rootkit driver to load shellcode and deploy its ToneShell backdoor. China-linked APT Mustang Panda (aka Hive0154, HoneyMyte, Camaro Dragon, RedDelta or Bronze President) was observed using a signed kernel-mode rootkit driver with embedded shellcode to deploy its ToneShell backdoor. Mustang Panda has been active since at least 2012, targeting American and European entities such as…

Evasive Panda cyberespionage campaign uses DNS poisoning to install MgBot backdoor

December 29, 2025

China-linked APT Evasive Panda used DNS poisoning to deliver the MgBot backdoor in targeted cyber-espionage attacks in Türkiye, China, and India. Kaspersky researchers spotted the China-linked APT group Evasive Panda (aka Daggerfly, Bronze Highland, and StormBamboo) running a targeted cyber-espionage campaign using DNS poisoning to deliver the MgBot backdoor against victims in Türkiye, China, and…

Infy Returns: Iran-linked hacking group shows renewed activity

December 22, 2025

Researchers report renewed activity by Iran-linked Infy (Prince of Persia), showing the hacking group remains active and dangerous after years of silence. SafeBreach researchers have spotted renewed activity from the Iran-linked APT group Infy, also known as Prince of Persia, nearly five years after its last known campaigns in Europe. SafeBreach warns the group remains…

Russia was behind a destructive cyber attack on a water utility in 2024, Denmark says

December 19, 2025

Denmark has blamed Russia for a destructive cyberattack on a water utility, calling it part of Moscow’s hybrid campaign against Western critical infrastructure. Denmark has accused Russia of orchestrating destructive cyberattacks against a water utility in 2024, framing them as part of broader hybrid attacks on Western critical infrastructure. Denmark’s Defence Intelligence Service attributed a…

GNV ferry fantastic under cyberattack probe amid remote hijack fears

December 17, 2025

French prosecutors probe a suspected cyberattack on GNV ferry Fantastic, raising concerns of a possible remote hijack. French prosecutors are investigating a suspected cyberattack on the GNV ferry Fantastic, raising fears of a potential remote hijack. The ferry Fantastic sails between Sète and North Africa, and French authorities are investigating a suspected attempt to compromise…

Russian state hackers targeted Western critical infrastructure for years, Amazon says

December 17, 2025

Amazon disclosed a years-long Russian state-backed cyber campaign targeting Western critical infrastructure from 2021 to 2025. Amazon Threat Intelligence reports a long-running Russian state-backed campaign (2021–2025) targeting Western critical infrastructure. Threat actors shifted from exploiting vulnerabilities to abusing misconfigured network edge devices, enabling credential theft and lateral movement with lower risk. The researchers linked the…

French Interior Minister says hackers breached its email servers

December 16, 2025

The French interior minister confirmed that a cyberattack breached the Interior Ministry, compromising its email servers. The French Interior Minister Laurent Nunez announced on Friday that threat actors compromised email servers at the Ministry of the Interior. The attack was detected overnight between December 11 and 12, and according to the French interior minister, attackers…

Germany calls in Russian Ambassador over air traffic control hack claims

December 13, 2025

Germany summoned Russia’s ambassador over alleged cyberattacks on air traffic control and a disinformation campaign ahead of national elections. Germany summoned Russia’s ambassador after accusing Moscow of cyber attacks against its air traffic control authority and running a disinformation campaign ahead of February’s election. The German government announced it has clear evidence linking an August…

AWS: China-linked threat actors weaponized React2Shell hours after disclosure

December 8, 2025

Multiple China-linked threat actors began exploiting the CVE-2025-55182, aka React2Shell flaw, within hours, AWS Security warns. Multiple China-linked threat actors began exploiting the CVE-2025-55182, also known as the React2Shell flaw, within hours, according to AWS Security. The researchers confirmed that this vulnerability doesn’t affect AWS services, however they opted to share threat intelligence data to…

Deeper Network Promo Deeper Network Promo

Asia Pacific, Breaking News, Cyber warfare, Global Security News, hacking, intelligence, Mobile

BRICKSTORM backdoor exposed: CISA warns of advanced China-backed intrusions

December 5, 2025

CISA details BRICKSTORM, a China-linked backdoor used by China-linked APTs to secure long-term persistence on compromised systems. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed technical details on BRICKSTORM, a backdoor used by China state-sponsored threat actors to gain and maintain long-term persistence on compromised systems, highlighting ongoing PRC cyber-espionage activity. “The Cybersecurity…

For the first time, a RomCom payload has been observed being distributed via SocGholish

November 26, 2025

RomCom malware used the SocGholish fake update loader to deliver Mythic Agent to a U.S. civil engineering firm. In September 2025, Arctic Wolf Labs observed RomCom threat actors delivering the Mythic Agent via SocGholish to a U.S. company. The researchers noticed that the payload executed about 10 minutes after initial exploitation, marking the first time…

CISA: Spyware and RATs used to target WhatsApp and Signal Users

November 25, 2025

CISA warns that threat actors are actively using commercial spyware and RATs to target users of mobile messaging apps WhatsApp and Signal. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of threat actors using commercial spyware and remote access trojans (RATs) to target users of popular instant messaging applications, including WhatsApp and Signal.…

BadAudio malware: how APT24 scaled its cyberespionage through supply chain attacks

November 22, 2025

APT24 used supply chain attacks and varied techniques to deploy the BadAudio malware in a long-running cyberespionage campaign. China-linked group APT24 used supply-chain attacks and multiple techniques over three years to deploy the BadAudio downloader and additional malware payloads, Google Threat Intelligence Group (GTIG) warns. According to the researchers, the group shifted from broad web…

North Korean threat actors use JSON sites to deliver malware via trojanized code

November 17, 2025

North Korean Contagious Interview actors now host malware on JSON storage sites to deliver trojanized code projects, NVISO reports. North Korea-linked actors behind the Contagious Interview campaign have updated their tactics, using JSON storage services (e.g. JSON Keeper, JSONsilo, and npoint.io) to host and deliver malware through trojanized code projects, according to a new NVISO report. “NVISO…

Five admit helping North Korea evade sanctions through IT worker schemes

November 16, 2025

Five pleaded guilty to aiding North Korea ’s illicit revenue via IT worker fraud, violating international sanctions. The U.S. Department of Justice announced that five people have pleaded guilty to helping North Korea secretly generate revenue by running illegal IT-worker schemes that violated international sanctions. The individuals – Audricus Phagnasay (24), Jason Salazar (30), Alexander…

Anthropic: China-backed hackers launch first large-scale autonomous AI cyberattack

November 16, 2025

China-linked actors used Anthropic’s AI to automate and run cyberattacks in a sophisticated 2025 espionage campaign using advanced agentic tools. China-linked threat actors used Anthropic’s AI to automate and execute cyberattacks in a highly sophisticated espionage campaign in September 2025. The cyber spies leveraged advanced “agentic” capabilities rather than using AI only for guidance. Attackers…

Australia’s spy chief warns of China-linked threats to critical infrastructure

November 12, 2025

Australia’s spy chief warns China-linked actors are probing critical infrastructure and preparing for cyber sabotage and espionage. Australia’s intelligence chief Mike Burgess warned that China-linked threat actors are probing critical infrastructure and, in some cases, have gained access. He said at least two Chinese state-sponsored groups are positioning themselves for future sabotage and espionage operations…

North Korea-linked Konni APT used Google Find Hub to erase data and spy on defectors

November 11, 2025

North Korea-linked APT Konni posed as counselors to steal data and wipe Android phones via Google Find Hub in Sept 2025. Genians Security Center researchers warn that the North Korea-linked Konni APT group (aka Kimsuky, Earth Imp, TA406, Thallium, Vedalia, and Velvet Chollima) posed as counselors to hack Android and Windows, stealing data and wiping phones…

China-linked hackers target U.S. non-profit in long-term espionage campaign

November 8, 2025

A China-linked group targeted a U.S. non-profit to gain long-term access, part of wider attacks on U.S. entities tied to policy matters. China-linked hackers breached a U.S. policy-focused nonprofit in April 2025, maintaining weeks of access. They used DLL sideloading via vetysafe.exe, a tactic used by other Chinese APT groups like Space Pirates, Kelp, and…

A new Italian citizen was targeted with Paragon’s Graphite spyware. We have a serious problem

November 8, 2025

An Italian political adviser was targeted with Paragon’s Graphite spyware, becoming the fifth Italian in the ongoing government surveillance activity. Italian political adviser Francesco Nicodemo said he was targeted with Paragon’s Graphite spyware, becoming the fifth Italian in the ongoing government surveillance activity. Graphite is an invasive, non-auditable spyware that covertly accesses sensitive phone data;…

Alleged Russia-linked Curly COMrades exploit Windows Hyper-V to evade EDRs

November 6, 2025

Curly COMrades threat actors exploit Windows Hyper-V to hide Linux VMs, evade EDR tools, and deploy custom malware undetected. Bitdefender researchers, aided by Georgia’s CERT, uncovered that Curly COMrades, a group linked to Russian interests, abused Windows Hyper-V to gain covert, long-term access to victims. Threat actors created hidden Alpine Linux VMs (120MB/256MB) hosting custom…

China-linked UNC6384 exploits Windows zero-day to spy on European diplomats

November 1, 2025

A China-linked APT group UNC6384 exploits a Windows zero-day in an active cyber espionage targeting European diplomats. Arctic Wolf Labs researchers uncovered a cyber espionage campaign by China-linked APT UNC6384 targeting diplomatic entities in Hungary, Belgium, and other EU nations. UNC6384 is a China-nexus actor recently detailed by Google TAG, has expanded from targeting Southeast…

Suspected Chinese actors compromise U.S. Telecom firm Ribbon Communications

October 31, 2025

A nation-state actor, likely a China-nexus one, hacked the U.S.-based technology company Ribbon Communications. Ribbon Communications is a U.S.-based technology company that provides telecommunications and networking. Ribbon Communications employs approximately 3,052 people as of December 31, 2024. The company reported annual revenue of US $834 million in 2024. The U.S. telecom provider disclosed a cyberattack…

Ex-Defense contractor exec pleads guilty to selling cyber exploits to Russia

October 30, 2025

Former US defense contractor exec Peter Williams pled guilty to stealing trade secrets and selling cyber exploits to a Russian broker, per the US DOJ. Ex-US defense contractor Peter Williams (39) admits stealing US trade secrets and selling cyber exploits to a Russian broker. Williams, an Australian national, pleaded guilty to stealing and selling U.S.…

Russian hackers, likely linked to Sandworm, exploit legitimate tools against Ukrainian targets

October 29, 2025

Russian actors, likely linked to Sandworm, targeted Ukrainian firms using LotL tactics and dual-use tools to steal data and stay hidden, says Symantec and Carbon Black. Russian threat actors, likely linked to the APT Sandworm, targeted Ukrainian organizations to steal sensitive data and maintain long-term network access, Symantec Threat Hunter Team and Carbon Black report.…

Memento Labs, the ghost of Hacking Team, has returned — or maybe it was never gone at all.

October 27, 2025

Kaspersky links the first Chrome zero-day of 2025 to tools used in attacks attributed to Memento Labs, formerly known as the Hacking Team. The actor behind Operation ForumTroll used the same tools seen in Dante spyware attacks. Kaspersky researchers linked the first Chrome zero-day of 2025 (CVE-2025-2783), a sandbox escape flaw, to the arsenal of…

China-linked hackers exploit patched ToolShell flaw to breach Middle East telecom

October 24, 2025

China-based threat actors exploited ToolShell SharePoint flaw CVE-2025-53770 soon after its July patch. China-linked threat actors exploited the ToolShell SharePoint flaw vulnerability, tracked as CVE-2025-53770, to breach a telecommunications company in the Middle East after it was addressed by Microsoft in July 2025. “China-based attackers used the ToolShell vulnerability (CVE-2025-53770) to compromise a telecoms company in…

Lazarus targets European defense firms in UAV-themed Operation DreamJob

October 23, 2025

North Korean Lazarus hackers targeted 3 European defense firms via Operation DreamJob, using fake recruitment lures to hit UAV tech staff. North Korea-linked Lazarus APT group (aka Hidden Cobra) launched Operation DreamJob, compromising three European defense companies. Threat actors used fake recruiter profiles to lure employees into UAV technology roles, aiming to gain access to…

PhantomCaptcha targets Ukraine relief groups with WebSocket RAT in October 2025

October 22, 2025

PhantomCaptcha phishing campaign hit Ukraine relief groups with a WebSocket RAT on Oct 8, 2025, targeting Red Cross, UNICEF, and others. SentinelOne researchers uncovered PhantomCaptcha, a coordinated spear-phishing campaign on October 8, 2025, targeting Ukraine war relief groups, including Red Cross, UNICEF, NRC, and local administrations. Threat actors used fake emails to deploy a WebSocket-based…

Russia-linked COLDRIVER speeds up malware evolution after LOSTKEYS exposure

October 22, 2025

Russia-linked COLDRIVER rapidly evolved its malware since May 2025, refining tools just days after releasing its LOSTKEYS variant, says Google. The Russia-linked hacking group COLDRIVER has been quickly upgrading its malware since May 2025, when its LOSTKEYS malware was exposed. According to Google’s Threat Intelligence Group, the hackers have been rolling out frequent updates and…

Russian Lynk group leaks sensitive UK MoD files, including info on eight military bases

October 20, 2025

Russian hackers stole and leaked MoD files on eight RAF and Navy bases, exposing staff data in a “catastrophic” cyberattack via Dodd Group breach. Russian cybercrime group Lynx breached Dodd Group, a contractor for the UK Ministry of Defence, stealing and leaking hundreds of sensitive files on eight RAF and Royal Navy bases. The incident…

China finds “irrefutable evidence” of US NSA cyberattacks on time Authority

October 19, 2025

China claims the US NSA hacked its National Time Service Center by exploiting staff phone flaws since March 2022, stealing sensitive data. China’s Ministry of State Security announced it has found “irrefutable evidence” that the US National Security Agency (NSA) conducted cyberattacks on its National Time Service Center, reports Bloomberg. The China National Time Service…

From Airport chaos to cyber intrigue: Everest Gang takes credit for Collins Aerospace breach

October 18, 2025

Everest claims Collins Aerospace hack hitting EU airports, but its leak site vanishes soon after, sparking takedown speculation. Do you remember the Collins Aerospace supply chain attack that disrupted operations at several major European airports, including Heathrow in London, Brussels, and Berlin? In September, a cyberattack on Collins Aerospace disrupted check-in and boarding systems at…

From Airport chaos to cyber intrigue: Everest Gang takes credit for Collins Aerospace breach

October 18, 2025

China-linked APT Jewelbug targets Russian IT provider in rare cross-nation cyberattack

October 16, 2025

China-linked APT Jewelbug targeted a Russian IT provider for five months in 2025, showing Russia remains exposed to Chinese cyber espionage. China-linked threat actor Jewelbug (aka CL-STA-0049, Earth Alux, and REF7707) carried out a five-month intrusion on a Russian IT service provider, marking its expansion beyond Southeast Asia and South America. The campaign, reported by…

Flax Typhoon APT exploited ArcGIS server for over a year as a backdoor

October 15, 2025

China-linked cyberespionage group Flax Typhoon hijacked an ArcGIS system for over a year and used it as a backdoor. China-linked APT group Flax Typhoon (aka Ethereal Panda or RedJuliett) compromised an ArcGIS system for over a year, using it as a backdoor. ArcGIS, a key GIS platform for mapping and analysis, supports vital services like…

Ukraine sees surge in AI-Powered cyberattacks by Russia-linked Threat Actors

October 10, 2025

Russia-linked actors use AI to craft phishing and malware attacks against entities in Ukraine, says SSSCIP. Russian hackers increasingly use AI in cyberattacks against Ukraine, the country’s State Service for Special Communications and Information Protection (SSSCIP) reported. Beyond AI-generated phishing, some malware samples now show AI-generated code. In H1 2025, Ukraine recorded 3,018 cyber incidents,…

Apple issues spyware warnings as CERT-FR confirms attacks

September 12, 2025

Apple warned users of a spyware campaign; France’s cyber agency confirmed targeted iCloud-linked devices may be compromised. Apple warned customers last week about new spyware attacks, the French national Computer Emergency Response Team (CERT-FR) said. The agency confirmed at least four such alerts since early 2025. Apple sent spyware alerts on March 5, April 29,…

Venezuela’s President Maduro said his Huawei Mate X6 cannot be hacked by US cyber spies

September 8, 2025

Venezuela’s President Maduro shows Huawei Mate X6 gift from China’s President Xi Jinping, hailing it as “unhackable” by U.S. spies. Last week, Venezuelan President Nicolás Maduro showcased a Huawei Mate X6 smartphone, reportedly gifted by China’s President Xi Jinping, claiming that US cyber spies cannot hack it. Venezuelan President Maduro said that his device is…

Czech cyber agency NUKIB flags Chinese espionage risks to critical infrastructure

September 7, 2025

Czech cybersecurity agency NUKIB warns of Chinese cyber threats to critical infrastructure, citing the cyberespionage group APT31 and risky devices. The Czech Republic’s National Cyber and Information Security Agency (NUKIB) warns of growing risks from Chinese-linked technologies in critical sectors like energy, healthcare, transport, and government. The agency warns of risks from Chinese-made devices (phones,…

Amazon blocks APT29 campaign targeting Microsoft device code authentication

August 31, 2025

Amazon stopped a Russia-linked APT29 watering hole attack that hijacked Microsoft device code authentication via compromised sites. Amazon announced that it had disrupted an opportunistic watering hole campaign orchestrated by the Russia-linked cyber espionage group APT29 (aka SVR group, Cozy Bear, Nobelium, BlueBravo, Midnight Blizzard, and The Dukes). Amazon experts labeled the attacks as an opportunistic watering hole campaign using compromised…

New zero-click exploit allegedly used to hack WhatsApp users

August 29, 2025

WhatsApp warns users targeted by advanced spyware, sending threat notifications to affected individuals from the past 90 days. A new zero-click exploit used to hack WhatsApp users, reported Donncha Ó Cearbhaill, Head of Security Lab at @AmnestyTech. WhatsApp has just sent out a round of threat notifications to individuals they believe were targeted by an…

Dutch intelligence warn that China-linked APT Salt Typhoon targeted local critical infrastructure

August 29, 2025

Dutch intelligence reports Chinese cyber spies (Salt Typhoon, RedMike) targeted the Netherlands, hitting critical infrastructure. The Dutch intelligence and security services MIVD and AIVD say Chinese cyber spies linked to Salt Typhoon (RedMike) targeted the Netherlands in a campaign hitting global critical infrastructure. In late 2024, a large-scale Chinese cyberespionage campaign targeting global telecoms was…

NSA, NCSC, and allies detailed TTPs associated with Chinese APT actors targeting critical infrastructure Orgs

August 28, 2025

NSA and allies warn that Chinese APT actors, including Salt Typhoon, are targeting critical infrastructure worldwide. The U.S. National Security Agency (NSA), the UK’s National Cyber Security Centre (NCSC), and allies warn Chinese APT actors, linked to Salt Typhoon, are targeting global telecom, government, transport, lodging, and military sectors. “The National Security Agency (NSA) and…

Deeper Network Promo Deeper Network Promo

APT, Breaking News, Cyber warfare, Exploits, Global Security News, hacking, intelligence

NSA, NCSC, and allies detailed TTPs associated with Chinese APT actors targeting critical infrastructure Orgs

August 28, 2025

NSA, NCSC, and allies detailed TTPs associated with Chinese APT actors targeting critical infrastructure Orgs

August 28, 2025

NSA, NCSC, and allies detailed TTPs associated with Chinese APT actors targeting critical infrastructure Orgs

August 28, 2025

China linked UNC6384 targeted diplomats by hijacking web traffic

August 27, 2025

The China-linked APT group UNC6384 targeted diplomats by hijacking web traffic to redirect it to a website that delivered malware. China-linked cyberespionage group UNC6384 targeted diplomats by hijacking web traffic to redirect to a website used to deliver malware, Google’s Threat Intelligence Group (GTIG) warns. Cyberspies hijacked a network’s captive portal using an advanced adversary-in-the-middle…

China linked UNC6384 targeted diplomats by hijacking web traffic

August 27, 2025

China linked UNC6384 targeted diplomats by hijacking web traffic

August 27, 2025

China linked UNC6384 targeted diplomats by hijacking web traffic

August 27, 2025

China Presses Nvidia Over Alleged Backdoors in H20 Chips Amid Tech Tensions

August 2, 2025

China questioned Nvidia over suspected backdoors in its H20 chips, adding to rising tensions in the tech fight between the U.S. and Beijing. China’s internet watchdog has summoned Nvidia over concerns that its H20 AI chips may contain hidden backdoors. Nvidia H20 chips are AI GPUs tailored for the Chinese market, based on Hopper architecture.…

ToolShell under siege: Check Point analyzes Chinese APT Storm-2603

August 1, 2025

Storm-2603 group exploits SharePoint flaws and uses a custom C2 framework, AK47 C2, with HTTP- and DNS-based variants named AK47HTTP and AK47DNS. Check Point Research is tracking a ToolShell campaign exploiting four Microsoft SharePoint flaws, linking it to China-nexus groups APT27, APT31, and a new cluster, Storm-2603. The researchers pointed out that Storm-2603’s goals remain…

Russia-linked APT Secret Blizzard targets foreign embassies in Moscow with ApolloShadow malware

July 31, 2025

Russia-linked Secret Blizzard targets foreign embassies in Moscow via ISP-level AitM attacks, deploying custom ApolloShadow malware. Microsoft researchers uncovered a cyberespionage campaign by the Russia-linked APT group Secret Blizzard (aka Turla, Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON) targeting foreign embassies in Moscow. The threat actor uses an adversary-in-the-middle (AiTM) method at the ISP level to deploy custom malware called ApolloShadow. This…

China-linked group Fire Ant exploits VMware and F5 flaws since early 2025

July 28, 2025

China-linked group Fire Ant exploits VMware and F5 flaws to stealthily breach secure systems, reports cybersecurity firm Sygnia. China-linked cyberespionage group Fire Ant is exploiting VMware and F5 vulnerabilities to stealthily access secure, segmented systems, according to Sygnia. Since early 2025, the group has targeted virtualization and networking infrastructure, primarily VMware ESXi and vCenter environments.…

Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

July 26, 2025

Arizona woman gets 8 years for helping North Korea-linked threat actors to infiltrate 309 U.S. firms with fake IT jobs. Christina Marie Chapman (50) from Arizona, was sentenced to 102 months in prison for aiding North Korean IT workers in infiltrating 309 U.S. companies. She pleaded guilty to charges including aggravated identity theft, conspiracy to…

Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

July 25, 2025

Operation CargoTalon targets Russia’s aerospace and defense sectors with EAGLET malware, using TTN documents to exfiltrate data. SEQRITE Labs researchers uncovered a cyber-espionage campaign, dubbed Operation CargoTalon, targeting Russia’s aerospace and defense sectors, specifically Voronezh Aircraft Production Association (VASO), via malicious TTN documents. “Товарно-транспортная накладная” (TTN) is a “goods and transport invoice” or “consignment note” used…

Microsoft linked attacks on SharePoint flaws to China-nexus actors

July 23, 2025

Microsoft linked SharePoint exploits to China-nexus groups Linen Typhoon, Violet Typhoon, and Storm-2603, active since July 7, 2025. Microsoft confirmed that China-linked groups Linen Typhoon, Violet Typhoon, and Storm-2603 exploited SharePoint flaws for initial access as early as July 7, 2025. “As of this writing, Microsoft has observed two named Chinese nation-state actors, Linen Typhoon…

SharePoint under fire: new ToolShell attacks target enterprises

July 22, 2025

While SentinelOne did not attribute the attack to a specific threat actor, The Washington Post linked it to China-nexus acors. On July 19, Microsoft confirmed active exploitation of a zero-day vulnerability, tracked as CVE-2025-53770 in on-prem SharePoint Servers. The IT giant issued emergency patches for SharePoint Subscription Edition and 2019, with 2016 updates pending. Microsoft…

MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict

July 21, 2025

Iran-linked APT MuddyWater is deploying new DCHSpy spyware variants to target Android users amid the ongoing conflict with Israel. Lookout researchers observed Iran-linked APT MuddyWater (aka SeedWorm, TEMP.Zagros, and Static Kitten) is deploying a new version of the DCHSpy Android spyware in the context of the Israel-Iran conflict. The first MuddyWater campaign was observed in late 2017, when the APT group targeted entities in…

Salt Typhoon breach: Chinese APT compromises U.S. Army National Guard network

July 16, 2025

China-linked APT Salt Typhoon breached a U.S. Army National Guard unit’s network, accessed configs, and intercepted communications with other units. A DoD report warns that China-nexus hacking group Salt Typhoon breached a U.S. state’s Army National Guard network from March to December 2024. The APT stole network configs, admin credentials, and data exchanged with units…

Spain awarded €12.3 million in contracts to Huawei

July 14, 2025

Spain gives Huawei wiretap contracts, sparking concerns over potential Chinese government access due to Huawei’s links to Beijing. The Spanish Ministry of the Interior has awarded €12.3 million ($14.3 million) contracts to manage and store judicially authorized wiretaps used by law enforcement and intelligence agencies, raising concerns about potential Chinese government access due to the…

DoNot APT is expanding scope targeting European foreign ministries

July 9, 2025

DoNot APT, likely an India-linked cyberespionage group, targets European foreign ministries with LoptikMod malware. The DoNot APT group, likely linked to India, has expanded its operations and is targeting European foreign ministries with a new malware, called LoptikMod. The Donot Team (also known as APT-C-35 and Origami Elephant) has been active since 2016, focusing on government entities, foreign…

Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates

July 9, 2025

An Iranian ransomware group, Pay2Key.I2P, has intensified attacks on U.S. and Israeli targets, offering affiliates higher profits. The Iranian ransomware group Pay2Key.I2P is stepping up attacks on U.S. and Israeli targets, luring affiliates with higher profit shares. The ransomware gang is the successor to the original Pay2Key group and experts linked it to the Iran-nexus…

Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

July 8, 2025

Italian police arrested a Chinese national linked to Silk Typhoon APT group at Milan’s Malpensa Airport on a U.S. warrant. Italian police arrested a Chinese national, Zewei Xu (33), at Milan’s Malpensa Airport on a U.S. warrant. Xu was arrested at Malpensa Airport on July 3rd after arriving on a flight from China. Authorities accused…

Taiwan flags security risks in popular Chinese apps after official probe

July 7, 2025

Taiwan warns Chinese apps like TikTok and WeChat pose security risks due to excessive data collection and data transfers to China. Taiwan National Security Bureau (NSB) warns that Chinese apps like TikTok, WeChat, Weibo, and Baidu Cloud pose security risks due to excessive data collection and data transfer to China, following an official inspection with…

North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates

July 5, 2025

North Korea-linked hackers use fake Zoom updates to spread macOS NimDoor malware, targeting crypto firms with stealthy backdoors. North Korea-linked threat actors are targeting Web3 and crypto firms with NimDoor, a rare macOS backdoor disguised as a fake Zoom update. Victims are tricked into installing the malware through phishing links sent via Calendly or Telegram.…

CISA and U.S. Agencies warn of ongoing Iranian cyber threats to critical infrastructure

July 1, 2025

U.S. warns of rising Iranian cyber threats exploiting outdated software and weak passwords, with attacks likely to escalate due to recent events. U.S. cybersecurity and intelligence agencies warn of rising cyber threats from Iranian state-linked hackers, expected to escalate. These actors typically exploit outdated software, known vulnerabilities, and weak or default passwords on internet-connected systems.…

Canada bans Hikvision over national security concerns

June 30, 2025

Canada bans Hikvision over national security concerns, ordering the company to stop operations and barring its tech from government use. Canada ordered Chinese surveillance firm Hikvision to cease all operations in the country, citing national security concerns. Minister Mélanie Joly announced the decision after a security review found vendor’s activities could pose a threat. Canada…

LapDogs: China-nexus hackers Hijack 1,000+ SOHO devices for espionage

June 28, 2025

Over 1,000 SOHO devices were hacked in a China-linked spying campaign called LapDogs, forming a covert network to support cyber espionage. Security researchers at SecurityScorecard’s STRIKE team have uncovered a cyber espionage campaign, dubbed LapDogs, involving over 1,000 hacked SOHO (small office/home office) devices. These compromised devices formed a hidden network, called an Operational Relay…

LapDogs: China-nexus hackers Hijack 1,000+ SOHO devices for espionage

June 28, 2025

LapDogs: China-nexus hackers Hijack 1,000+ SOHO devices for espionage

June 28, 2025

OneClik APT campaign targets energy sector with stealthy backdoors

June 27, 2025

A OneClik campaign, likely carried out by China-linked actor, targets energy sectors using stealthy ClickOnce and Golang backdoors. Trellix cybersecurity researchers uncovered a new APT malware campaign, OneClik, targeting the energy, oil, and gas sectors. It abuses Microsoft’s ClickOnce deployment tech and custom Golang backdoors. While links to China-affiliated actors are suspected, attribution remains cautious.…

Ukraine’s military intelligence agency stole 4.4GB of highly classified internal data from Tupolev

June 4, 2025

Ukraine’s GUR hacked the Russian aerospace and defense company Tupolev, stealing 4.4GB of highly classified internal data. Ukraine’s military intelligence agency GUR (aka HUR) claims the hack of the Russian aerospace and defense company Tupolev. According to Kyiv Post, Ukraine’s Military Intelligence compromised the United Aircraft Company (UAC) Tupolev division, which is a key developer…

AI, Breaking News, Cybersecurity, Data Breaches, Endpoint, Europe, Exploits, Global Security News, Government & Policy, hacking, hacking news, intelligence, Security

AI, APT, Breaking News, china, Data Breaches, Exploits, Global Security News, Government & Policy, hacking, intelligence, Network Security, Security

AI, APT, china, Cyber warfare, Exploits, Global Security News, Government & Policy, hacking, intelligence, malware

APT, Exploits, Global Security News, hacking, intelligence, malware, Security

APT, Breaking News, Cyber warfare, Exploits, Global Security News, intelligence, Security

Asia Pacific, Breaking News, china, Global Security News, intelligence, Security

Breaking News, Cyber warfare, Global Security News, intelligence, malware, Security

APT, Breaking News, Europe, Global Security News, hacking, intelligence, Security

APT, Breaking News, Exploits, fbi, Global Security News, intelligence, Security

Breaking News, Global Security News, hacking, hacking news, intelligence, Security

APT, Asia Pacific, Breaking News, Global Security News, hacking, intelligence, malware

APT, Asia Pacific, Breaking News, Global Security News, hacking, intelligence, malware

APT, Asia Pacific, Breaking News, Global Security News, hacking, intelligence, malware

APT, Asia Pacific, Breaking News, Global Security News, hacking, intelligence, malware

APT, Asia Pacific, Breaking News, Global Security News, hacking, intelligence, malware

APT, Asia Pacific, Breaking News, Global Security News, hacking, intelligence, malware

APT, Asia Pacific, Breaking News, Global Security News, hacking, intelligence, malware

APT, Asia Pacific, Breaking News, Global Security News, hacking, intelligence, malware

APT, Asia Pacific, Breaking News, Global Security News, hacking, intelligence, malware

APT, Asia Pacific, Breaking News, Global Security News, hacking, intelligence, malware

APT, Asia Pacific, Breaking News, Global Security News, hacking, intelligence, malware

APT, Asia Pacific, Breaking News, Global Security News, hacking, intelligence, malware

Asia Pacific, Breaking News, china, Cyber warfare, Global Security News, intelligence, Security

APT, Exploits, Global Security News, hacking, hacking news, intelligence, malware

Breaking News, Cyber warfare, Global Security News, intelligence, Security

Breaking News, Emcore, Global Security News, intelligence, Laws and regulations, North America, Security

APT, Asia Pacific, Breaking News, Global Security News, intelligence, malware, Security

APT, Asia Pacific, china, Global Security News, intelligence, malware, Security

APT, Breaking News, Cyber warfare, Europe, Global Security News, hacking, intelligence

Breaking News, Cyber warfare, Europe, Global Security News, hacking, intelligence

Breaking News, Europe, ferry Fantastic, Global Security News, hacking, intelligence, Security

APT, Breaking News, Cyber warfare, Exploits, Global Security News, hacking, intelligence

Breaking News, Europe, France, Global Security News, hacking, intelligence, Security

APT, Breaking News, Cyber warfare, Europe, Global Security News, intelligence, Security

APT, Breaking News, Exploits, Global Security News, hacking, intelligence, Security

Asia Pacific, Breaking News, Cyber warfare, Global Security News, hacking, intelligence, Mobile

APT, Breaking News, Exploits, Global Security News, intelligence, malware, Security

Breaking News, Exploits, Global Security News, intelligence, malware, Reports, Security

APT, Asia Pacific, Breaking News, Global Security News, intelligence, malware, Security

Breaking News, Cyber warfare, Global Security News, hacking, intelligence, malware

Breaking News, cyber crime, Cyber warfare, Global Security News, hacking, intelligence

APT, Asia Pacific, Breaking News, Cyber warfare, Global Security News, hacking, intelligence

APT, Asia Pacific, Breaking News, Cyber warfare, Global Security News, hacking, intelligence

Breaking News, Cyber warfare, Exploits, Global Security News, intelligence, malware, Security

APT, Asia Pacific, Cyber warfare, Global Security News, hacking, intelligence, malware

Breaking News, Exploits, Global Security News, Graphite Spyware, hacking, intelligence, Security

Breaking News, Cyber warfare, Exploits, Global Security News, hacking, intelligence, malware

APT, Asia Pacific, Breaking News, Cyber warfare, Global Security News, intelligence, malware

Asia Pacific, Breaking News, china, Global Security News, hacking, intelligence, Security

Breaking News, Exploits, Global Security News, hacking, intelligence, Security