Tag: targeted

Private firms are being targeted by nation-state groups for reasons beyond finance, argued ISACA’s Bharat Thakrar

JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware

May 28, 2026

A new campaign orchestrated by a previously undocumented threat actor has targeted cryptocurrency organizations with an aim to facilitate digital asset theft using recruitment-themed social engineering and bespoke macOS malware. “These campaigns leveraged sophisticated social engineering techniques, custom macOS malware, and deep targeting of CI/CD infrastructure,” Wiz researchers Shira Ayal,

Iranian threat group targets US aviation sector with AI-assisted ‘MiniFast’ backdoor

May 27, 2026

Career-themed phishing lures targeted employees of US domestic airlines during Operation Epic Fury.

CrowdStrike Disrupts Glassworm Supply Chain Botnet

May 26, 2026

CrowdStrike announced the coordinated takedown of the Glassworm botnet, a large-scale operation that targeted software developers through compromised open-source packages, malicious VSCode extensions, and poisoned GitHub repositories. The operation, conducted alongside Google and the Shadowserver Foundation, disrupted the botnet’s infrastructure and severed communication between the operators and infected systems. “In collaboration with Google and the…

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

May 25, 2026

A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute credential-stealing malware. The campaign, codenamed TrapDoor, spans more than 34 malicious packages across over 384 versions. The earliest activity was recorded on May 22, 2026, at 8:20 p.m. UTC, with new packages published to the ecosystems in waves…

Ghostwriter Is Back, Using a Ukrainian Learning Platform as Bait to Hit Government Targets

May 23, 2026

Ghostwriter targeted Ukrainian government agencies with phishing emails delivering malware and Cobalt Strike payloads. The Belarus-nexus APT group Ghostwriter (also tracked as UAC-0057 and UNC1151) has resurfaced with a new phishing campaign targeting Ukrainian government organizations. This time the lure is Prometheus, a legitimate Ukrainian online learning platform that many government employees actually use. Using…

Microsoft 365 users targeted by new phishing threat that bypasses MFA

May 22, 2026

Microsoft 365 access tokens are being targeted by an emerging Phishing-as-a-Service (PhaaS) platform called Kali365, the FBI is warning. First observed in April 2026, Kali365 has been distributed through Telegram, allowing cybercriminals to obtain Microsoft 365 access tokens and bypass MFA without stealing user credentials. “Kali365 lowers the barrier of entry, providing less-technical attackers access…

China-Linked Hackers Deploy New TencShell Malware Against Global Manufacturer

May 15, 2026

A suspected China-linked threat actor targeted the Indian branch of a global manufacturer leveraging an open source offensive toolkit

FamousSparrow Targeted Oil and Gas Industry via MS Exchange Server Exploit

May 14, 2026

Bitdefender Labs reveals how the China-linked FamousSparrow hacking group targeted an Azerbaijani energy firm using ProxyNotShell, Deed RAT,…

FamousSparrow targets Azerbaijani energy sector in multi-wave espionage campaign

May 14, 2026

Chinese-linked FamousSparrow repeatedly targeted an Azerbaijani oil and gas company, reusing the same entry point in three intrusions from Dec 2025 to Feb 2026. Chinese-linked threat actor FamousSparrow has conducted a sustained intrusion campaign against an Azerbaijani oil and gas company, returning to the same compromised entry point three separate times between late December 2025…

GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data

May 13, 2026

Cybersecurity researchers are calling attention to a new campaign dubbed GemStuffer that has targeted the RubyGems repository with more than 150 gems that use the registry as a data exfiltration channel rather than for malware distribution. “The packages do not appear designed for mass developer compromise,” Socket said. “Many have little or no download activity,…

DigiCert breached via malicious screensaver file

May 4, 2026

A targeted social engineering attack against DigiCert’s support channel led to the compromise of internal systems and the unauthorized issuance of EV Code Signing certificates. DigiCert is a global Certificate Authority (CA) providing digital trust services, specializing in TLS/SSL certificates, PKI management, and IoT security. According to DigiCert’s incident report, a threat actor contacted the…

Romanian leader of online swatting ring gets 4 years in prison

April 30, 2026

A Romanian national who led an online swatting ring that targeted more than 75 public officials, multiple journalists, and four religious institutions was sentenced to 4 years in federal prison. […]

Internet censorship index reveals Russia’s lead and widespread content blocking

April 29, 2026

Global study shows targeted internet censorship worldwide, with Russia leading; VPNs, news, and adult content are most frequently blocked categories. The Global Internet Censorship Index 2026 offers a clear view of how governments around the world control online access. Researchers tested 74 popular websites across 53 countries using residential proxies to simulate real users. After…

Police arrest 10 suspected members of Black Axe cybercrime gang

April 28, 2026

A coordinated police operation in Switzerland has targeted suspected members of the Black Axe criminal network. On 28 April 2026, authorities carried out house searches across several Swiss cantons, leading to 10 arrests, including the Black Axe ‘Regional Head’ for Southern Europe. Most of those arrested are reported to be of Nigerian origin. The suspects…

Signal Phishing Campaign Targets German Officials in Suspected Russian Operation

April 28, 2026

Suspected Russian phishing via Signal targeted German officials, exploiting trust to access accounts and sensitive political communications. A new wave of cyber operations targeting European political leadership is once again highlighting how modern espionage increasingly relies on deception rather than technical exploits. Recent investigations by German authorities point to a large-scale phishing campaign conducted via…

Best Zero Trust Security Solutions in 2026

April 27, 2026

This guide is targeted toward IT and security teams looking to get more granular access control and reduce implicit trust across applications and systems in 2026. It introduces zero trust and top zero trust solutions. A presidential executive order mandating a zero trust strategy for federal agencies has raised the profile of the cybersecurity technology…

Helping Romance Scam Victims Require a Proactive, Empathic Approach

April 24, 2026

People targeted by confidence schemes find getting help is a lonely road. Experts want law enforcement, financial and government institutions to work together and protect them.

ShinyHunters Claims Udemy Data Breach of 1.4M Users

April 24, 2026

A notorious threat actor group has targeted Udemy, one of the world’s largest online learning platforms. ShinyHunters claims it has stolen more than 1.4 million user records and is threatening to leak the data within days. “Over 1.4M records containing PII and other internal corporate data have been compromised. Pay or Leak,” the threat actors…

Signal phishing campaign targets Germany’s Bundestag President Julia Klöckner

April 24, 2026

Germany’s Bundestag President Klöckner was targeted in a Signal phishing attack via a fake CDU group chat. Germany’s Bundestag President Julia Klöckner has reportedly become the latest European political figure targeted through a Signal-based phishing attack, reported Der Spiegel. The incident is another reminder that even trusted messaging apps can become entry points when attackers…

New Lotus data wiper used against Venezuelan energy, utility firms

April 21, 2026

A previously undocumented data-wiping malware dubbed Lotus was used last year in targeted attacks against energy and utilities organizations in Venezuela. […]

CVE-2023-33538 under attack for a year, but exploitation still unsuccessful

April 20, 2026

Hackers have targeted CVE-2023-33538 flaw in old TP-Link routers for a year, but no successful exploitation has been seen so far. Hackers have been trying for over a year to exploit a serious flaw, tracked as CVE-2023-33538 (CVSS score of 8.8), in outdated TP-Link routers, but so far without success. The vulnerability is a command…

Operation PowerOFF identifies 75k DDoS users, takes down 53 domains

April 16, 2026

The latest wave of “Operation PowerOFF,” on April 13, 2026, targeted the distributed denial-of-service (DDoS) ecosystem and its users across 21 countries. […]

Black Basta’s playbook lives on as former affiliates launch fast-scale intrusion campaign

April 14, 2026

A small group of former Black Basta affiliates have targeted more than 100 employees across dozens of organizations to intrude network systems for potential data theft, ransomware deployment and extortion, according to ReliaQuest. The social engineering campaign, which involves mass email bombing and Microsoft Teams help desk impersonation, surged last month and dates back to…

Nearly 4,000 US industrial devices exposed to Iranian cyberattacks

April 10, 2026

The attack surface targeted by Iranian-linked hackers in cyberattacks against U.S. critical infrastructure networks includes thousands of Internet-exposed programmable logic controllers (PLCs) manufactured by Rockwell Automation. […]

Industrial Controllers Still Vulnerable As Conflicts Move to Cyber

April 10, 2026

The US government warns programmable logic controllers are being targeted, and research turns up 179 vulnerable operational technology (OT) devices.

New Darktrace Research Shows Evolution of Chinese-Nexus Cyber Operations into Long-Term Strategic Statecraft, Centered on Critical Infrastructure

April 6, 2026

88% of observed incidents targeted organizations in critical infrastructure sectors, including transportation, telecommunications, healthcare, and manufacturing. Nearly 63% of compromises began with exploitation of internet-facing systems, reinforcing the risk of exposed digital infrastructure. Over half of observed activity impacted Western economies, with the U.S. alone accounting for 22.5% of cases.

Italian spyware vendor creates Fake WhatsApp app, targeting 200 users

April 2, 2026

WhatsApp blocked a fake app by Italian firm SIO/Asigint that targeted 200 users with spyware, urging them to reinstall the official app. WhatsApp has recently uncovered a malicious fake version of its app that targeted roughly 200 users, most of whom are in Italy. The platform confirmed that the unofficial client contained spyware and was…

Hackers exploit TrueConf zero-day to push malicious software updates

April 1, 2026

Hackers have targeted TrueConf conference servers in attacks that exploit a zero-day vulnerability, allowing them to execute arbitrary files on all connected endpoints. […]

Russia-linked APT TA446 uses DarkSword exploit to target iPhone users in phishing wave

March 30, 2026

Russia-linked TA446 is using the DarkSword iOS exploit kit in targeted phishing campaigns to compromise iPhone users. Russia-linked APT group TA446 (aka SEABORGIUM, ColdRiver, Callisto, and Star Blizzard) is using the DarkSword exploit kit in targeted spear-phishing campaigns against iOS devices. The attacks rely on malicious emails to compromise iPhones, highlighting a growing threat from…

Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign

March 30, 2026

Three threat activity clusters aligned with China have targeted a government organization in Southeast Asia as part of what has been described as a “complex and well-resourced operation.” The campaigns have led to the deployment of various malware families, including HIUPAN (aka USBFect, MISTCLOAK, or U2DiskWatch), PUBLOAD, EggStremeFuel (aka RawCookie), EggStremeLoader (aka Gorem RAT), MASOL

TA446 Deploys Leaked DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign

March 28, 2026

Proofpoint has disclosed details of a targeted email campaign in which threat actors with ties to Russia are leveraging the recently disclosed DarkSword exploit kit to target iOS devices. The activity has been attributed with high confidence to the Russian state-sponsored threat group known as TA446, which is also tracked by the broader cybersecurity community…

High-Tech Sector Overtakes Finance as Top Target for Cyber-Attacks, Mandiant Reports

March 23, 2026

High tech was the most frequently targeted industry in Mandiant investigations in 2025, overtaking financial services which led in 2023 and 2024

CISA orders feds to patch DarkSword iOS flaws exploited attacks

March 23, 2026

CISA ordered U.S. government agencies to patch three iOS vulnerabilities targeted in cryptocurrency theft and cyberespionage attacks using the DarkSword exploit kit. […]

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

March 17, 2026

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. […]

CL-STA-1087 targets military capabilities since 2020

March 17, 2026

China-linked APT group CL-STA-1087 has targeted Southeast Asian militaries since 2020 using AppleChris and MemFun. A suspected China-linked espionage campaign, tracked as CL-STA-1087, has targeted Southeast Asian military organizations since at least 2020, using AppleChris and MemFun malware. “The activity demonstrated strategic operational patience and a focus on highly targeted intelligence collection, rather than bulk…

Former Germany’s foreign intelligence VP hit in Signal account takeover campaign

March 16, 2026

Former BND VP Arndt Freytag von Loringhoven was targeted in a Signal cyberattack, part of a wave hitting officials and politicians in Germany. A cyberattack targeting Signal and WhatsApp users has hit high-ranking German officials, including former BND Vice President Arndt Freytag von Loringhoven. The official reported being contacted by someone posing as Signal support…

Hackers targeted Poland’s National Centre for Nuclear Research

March 13, 2026

Hackers targeted Poland’s National Centre for Nuclear Research, but security systems detected and blocked the attack before any damage. The National Centre for Nuclear Research in Poland reported a cyberattack on its IT infrastructure. The intrusion attempt was quickly detected by security systems, allowing staff to secure the targeted systems and prevent any operational impact.…

Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware

March 13, 2026

A suspected China-based cyber espionage operation has targeted Southeast Asian military organizations as part of a state-sponsored campaign that dates back to at least 2020. Palo Alto Networks Unit 42 is tracking the threat activity under the moniker CL-STA-1087, where CL refers to cluster, and STA stands for state-backed motivation. “The activity demonstrated strategic operational…

Poland’s nuclear research centre targeted by cyberattack

March 13, 2026

Poland’s National Centre for Nuclear Research (NCBJ) says hackers targeted its IT infrastructure, but the attack was detected and blocked before causing any impact. […]

ShinyHunters claims new campaign targeting Salesforce Experience Cloud sites

March 11, 2026

Salesforce customers have, once again, been targeted by the ShinyHunters group – or, at least, it’s what the group claims. Attackers modified and abused benign tool On Saturday, Saleforce confirmed that its security team has identified an attack campaign by unnamed malicious actors looking to access customers’ data. The attackers are not leveraging a vulnerability…

France: National Cybersecurity Agency Reports Ransomware Attack Drop in 2025

March 11, 2026

French small and medium businesses remained the organizations most targeted by ransomware in 2025

China-Linked Hackers Hit Qatar with Backdoor Disguised as War News

March 10, 2026

China-linked hackers targeted Qatar using fake war news lures to spread PlugX backdoor malware and spy on military and energy sectors.

Iran’s MuddyWater Hackers Target US Firms with New Dindoor Backdoor

March 9, 2026

Researchers say Iran’s MuddyWater hackers targeted US companies and an Israeli software firm’s department in a cyber campaign using the Dindoor malware – All this amid the ongoing conflict.

Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure

March 9, 2026

High-value organizations located in South, Southeast, and East Asia have been targeted by a Chinese threat actor as part of a years-long campaign. The activity, which has targeted aviation, energy, government, law enforcement, pharmaceutical, technology, and telecommunications sectors, has been attributed by Palo Alto Networks Unit 42 to a previously undocumented threat activity group dubbed

Iran-linked MuddyWater deploys Dindoor malware against U.S. organizations

March 6, 2026

Iran-linked APT MuddyWater targeted U.S. organizations, deploying the new Dindoor backdoor across sectors including banks, airports, and nonprofits. Broadcom’s Symantec Threat Hunter Team uncovered a campaign by the Iran-linked MuddyWater (aka SeedWorm, TEMP.Zagros, Mango Sandstorm, TA450, and Static Kitten) APT group targeting several U.S. organizations. “Activity associated with Iranian APT group Seedworm has been spotted on the networks of multiple…

CISA warns of Apple flaws exploited in spyware, crypto-theft attacks

March 6, 2026

CISA ordered U.S. federal agencies to patch three iOS security flaws targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit. […]

Zero‑Day Attacks on Enterprise Software Reach Record High, Google Warns

March 6, 2026

Almost a quarter of the zero days detected by Google in 2025 targeted security and networking appliances

FBI targeted with ‘suspicious’ activity on its networks

March 5, 2026

The FBI found evidence that its networks had been targeted in a suspected cybersecurity incident, the bureau confirmed on Thursday, without sharing any further details. “The FBI identified and addressed suspicious activities on FBI networks, and we have leveraged all technical capabilities to respond,” the agency said in a statement. “We have nothing additional to…

APT28-Linked Campaign Deploys BadPaw Loader and MeowMeow Backdoor in Ukraine

March 5, 2026

Cybersecurity researchers have disclosed details of a new Russian cyber campaign that has targeted Ukrainian entities with two previously undocumented malware families named BadPaw and MeowMeow. “The attack chain initiates with a phishing email containing a link to a ZIP archive. Once extracted, an initial HTA file displays a lure document written in Ukrainian concerning…

Malicious NuGet Package Targets Stripe Developers

February 25, 2026

Malicious NuGet package mimicking Stripe’s library targeted developers

Operation MacroMaze: APT28 exploits webhooks for covert data exfiltration

February 24, 2026

Russia-linked APT28 targeted European entities with a webhook-based macro malware campaign called Operation MacroMaze. Russia-linked APT28 (aka UAC-0001, aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) launched Operation MacroMaze, targeting select entities in Western and Central Europe from September 2025 to January 2026. The campaign used webhook-based macro malware, leveraging simple tools and legitimate services for infrastructure and data…

Japanese tech giant Advantest hit by ransomware attack

February 20, 2026

Advantest Corporation disclosed that its corporate network has been targeted in a ransomware attack that may have affected customer or employee data. […]

Spam Campaign Abuses Atlassian Jira, Targets Government and Corporate Entities

February 16, 2026

We uncover how a campaign used Atlassian Jira Cloud to launch automated and targeted spam campaigns, exploiting trusted SaaS workflows to bypass security controls.

Operation DoppelBrand Weaponizes Trusted Brands For Credential Theft

February 16, 2026

New phishing campaign dubbed Operation DoppelBrand targeted major financial firms like Wells Fargo

Suspected Russian hackers deploy CANFAIL malware against Ukraine

February 14, 2026

A new alleged Russia-linked APT group targeted Ukrainian defense, government, and energy groups, with CANFAIL malware. Google Threat Intelligence Group identified a previously undocumented threat actor behind attacks on Ukrainian organizations using CANFAIL malware. The group is possibly linked to Russian intelligence services and has targeted defense, military, government, and energy entities at both regional…

Attackers exploit BeyondTrust CVE-2026-1731 within hours of PoC release

February 13, 2026

Attackers quickly targeted BeyondTrust flaw CVE-2026-1731 after a PoC was released, enabling unauthenticated remote code execution. Threat actors rapidly began exploiting a newly patched BeyondTrust vulnerability, tracked as CVE-2026-1731 (CVSS score of 9.9), soon after a proof-of-concept exploit became public. This week BeyondTrust released security updates to address the critical flaw in its Remote Support…

Urgent warnings from UK and US cyber agencies after Polish energy grid attack

February 12, 2026

A coordinated cyberattack that targeted Poland’s energy infrastructure in late December 2025 has prompted cybersecurity agencies to issue urgent warnings to critical national infrastructure operators on both sides of the Atlantic. Read more in my article on the Fortra blog.

Apple fixes zero-day flaw exploited in targeted attacks (CVE-2026-20700)

February 12, 2026

Apple has released fixes for a zero-day vulnerability (CVE-2026-20700) exploited in targeted attacks last year. CVE-2026-20700 is a memory corruption issue in dyld, the Dynamic Link Editor component of Apple’s operating systems, and may allow attackers with memory write capability to execute arbitrary code. “Apple is aware of a report that this issue may have…

APT36 and SideCopy Launch Cross-Platform RAT Campaigns Against Indian Entities

February 11, 2026

Indian defense sector and government-aligned organizations have been targeted by multiple campaigns that are designed to compromise Windows and Linux environments with remote access trojans capable of stealing sensitive data and ensuring continued access to infected machines.
The campaigns are characterized by the use of malware families like Geta RAT, Ares RAT, and DeskRAT, which are often

China-linked APT UNC3886 targets Singapore telcos

February 10, 2026

China-linked group UNC3886 targeted Singapore ’s telecom sector in a cyber espionage campaign, Singapore’s Cyber Security Agency revealed. Cyber Security Agency of Singapore (CSA) and the Infocomm Media Development Authority (IMDA) ran Operation CYBER GUARDIAN to protect the telecom sector. Since July 2025, investigations showed China-linked UNC3886 launched a targeted campaign against all four major…

Password guessing without AI: How attackers build targeted wordlists

February 9, 2026

Attackers don’t need AI to crack passwords, they build targeted wordlists from an organization’s own public language. This article explains how tools like CeWL turn websites into high-success password guesses and why complexity rules alone fall short. […]

Password guessing without AI: How attackers build targeted wordlists

February 9, 2026

ACCC: Australians living with disability at risk of exploitation by NDIS providers breaching consumer laws

February 9, 2026

The ACCC says participants in the National Disability Insurance Scheme (NDIS) are being targeted by NDIS providers’ deceptive advertising practices and other behaviours banned by consumer law, a new report has found. Whilst these practices are not universal, the scale and types of complaints the ACCC is hearing about is concerning.

TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure

February 9, 2026

Cybersecurity researchers have called attention to a “massive campaign” that has systematically targeted cloud native environments to set up malicious infrastructure for follow-on exploitation. The activity, observed around December 25, 2025, and described as “worm-driven,” leveraged exposed Docker APIs, Kubernetes clusters, Ray dashboards, and Redis servers, along with the recently disclosed

Italian university La Sapienza goes offline after cyberattack

February 5, 2026

Rome’s “La Sapienza” university has been targeted by a cyberattack that impacted its IT systems and caused widespread operational disruptions at the educational institute. […]

China-linked Amaranth-Dragon hackers target Southeast Asian governments in 2025

February 5, 2026

China-linked hackers tracked as Amaranth-Dragon targeted government and law enforcement agencies across Southeast Asia in 2025. CheckPoint says China-linked threat actors, tracked as Amaranth-Dragon, carried out cyber-espionage campaigns in 2025 targeting government and law enforcement agencies across Southeast Asia. The activity is linked to the APT41 ecosystem and affected countries including Thailand, Indonesia, Singapore, and…

Fake Dating App Delivers Android Spyware in Targeted Campaign

February 2, 2026

ESET researchers have uncovered a targeted Android spyware campaign using a fake dating app to lure victims into installing mobile surveillance malware. The campaign, focused on users in Pakistan, disguises spyware as a chat platform that promises access to exclusive profiles but instead quietly exfiltrates sensitive data from infected devices. “Once installed, the app silently…