APT

Italian-made spyware Dante linked to Chrome zero-day exploitation campaign

0-day, APT, Chrome, Don't miss, exploit, Hacking Team, Hot stuff, Kaspersky, Memento Labs, News, spyware, Windows /

Italian-made spyware Dante linked to Chrome zero-day exploitation campaign 2025-10-28 at 16:28 By Zeljka Zorz CVE-2025-2783, a Chrome zero-day vulnerability that was detected being exploited in March 2025 and was subsequently fixed by Google, was used by unknown attackers to deliver LeetAgent, suspected commercial spyware. An analysis of the malware’s code and the campaign’s infrastructure […]

React to this headline:

Loading spinner

Italian-made spyware Dante linked to Chrome zero-day exploitation campaign Read More »

Russian APT Switches to New Backdoor After Malware Exposed by Researchers

APT, Callisto, Malware, Nation-State, Russia, Russian APT, Star Blizzard /

Russian APT Switches to New Backdoor After Malware Exposed by Researchers 2025-10-22 at 15:03 By Ionut Arghire Star Blizzard started using the NoRobot (BaitSwitch) and MaybeRobot (SimpleFix) malware after public reporting on the LostKeys malware. The post Russian APT Switches to New Backdoor After Malware Exposed by Researchers appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

Russian APT Switches to New Backdoor After Malware Exposed by Researchers Read More »

China-linked Salt Typhoon hackers attempt to infiltrate European telco

APT, Darktrace, Don't miss, Europe, government-backed attacks, Hot stuff, News, telecommunications /

China-linked Salt Typhoon hackers attempt to infiltrate European telco 2025-10-20 at 18:42 By Zeljka Zorz Salt Typhoon, the China-linked APT group that has a penchant for targeting telecommunications companies, has been spotted trying to sneak into yet another one. The intrusion “Darktrace observed activity in a European telecommunications organisation consistent with Salt Typhoon’s known tactics,

React to this headline:

Loading spinner

China-linked Salt Typhoon hackers attempt to infiltrate European telco Read More »

Legit tools, illicit uses: Velociraptor, Nezha turned against victims

APT, attack tools, Cisco, Don't miss, Hot stuff, Huntress, News, open source, Ransomware, Sophos /

Legit tools, illicit uses: Velociraptor, Nezha turned against victims 2025-10-09 at 19:19 By Zeljka Zorz Threat actors are using an increasing variety of commercial and open-source products to carry out their attacks: according to researchers, Velociraptor and Nezha are the latest additions to their attack toolbox. Velociraptor misuse A suspected China-based ransomware threat actor has

React to this headline:

Loading spinner

Legit tools, illicit uses: Velociraptor, Nezha turned against victims Read More »

Chinese APT ‘Phantom Taurus’ Targeting Organizations With Net-Star Malware

APT, China, China APT, espionage, Malware, Nation-State, Net-Star, Phantom Taurus /

Chinese APT ‘Phantom Taurus’ Targeting Organizations With Net-Star Malware 2025-10-01 at 16:33 By Ionut Arghire Focused on espionage, the threat actor shares infrastructure with Chinese APTs, but uses different TTPs in attacks. The post Chinese APT ‘Phantom Taurus’ Targeting Organizations With Net-Star Malware appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

Chinese APT ‘Phantom Taurus’ Targeting Organizations With Net-Star Malware Read More »

Agentic AI coding assistant helped attacker breach, extort 17 distinct organizations

Anthropic, APT, Artificial Intelligence, cybercriminals, data theft, Don't miss, ESET, extortion, Hot stuff, LLMs, News, North Korea /

Agentic AI coding assistant helped attacker breach, extort 17 distinct organizations 2025-08-28 at 15:29 By Zeljka Zorz Cybercriminals have started “vibe hacking” with AI’s help, AI startup Anthropic has shared in a report released on Wednesday. An attacker used the agentic AI coding assistant Claude Code for nearly all steps of a data extortion operation

React to this headline:

Loading spinner

Agentic AI coding assistant helped attacker breach, extort 17 distinct organizations Read More »

Pakistani Hackers Back at Targeting Indian Government Entities

APT, APT36, India, Nation-State, Pakistan, Transparent Tribe /

Pakistani Hackers Back at Targeting Indian Government Entities 2025-08-25 at 16:38 By Ionut Arghire Pakistani state-sponsored hacking group APT36 is targeting Linux systems in a fresh campaign aimed at Indian government entities. The post Pakistani Hackers Back at Targeting Indian Government Entities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

Pakistani Hackers Back at Targeting Indian Government Entities Read More »

China-linked Murky Panda targets and moves laterally through cloud services

APT, China, Cloud, CrowdStrike, cyber espionage, Don't miss, Hot stuff, News /

China-linked Murky Panda targets and moves laterally through cloud services 2025-08-22 at 17:33 By Zeljka Zorz In its recently released 2025 Threat Hunting Report, Crowdstrike pointed out an interesting trend: a 136% surge in cloud intrusions. A good chunk of this surge is due to “China-nexus adversaries”, Murky Panda (aka Silk Typhoon) among them. Murky

React to this headline:

Loading spinner

China-linked Murky Panda targets and moves laterally through cloud services Read More »

Russian APT Exploiting 7-Year-Old Cisco Vulnerability: FBI

APT, Cisco, Dragonfly, exploited, Nation-State, Russia, Static Tundra /

Russian APT Exploiting 7-Year-Old Cisco Vulnerability: FBI 2025-08-21 at 14:16 By Ionut Arghire Russian state-sponsored hackers tracked as Static Tundra continue to target Cisco devices affected by CVE-2018-0171. The post Russian APT Exploiting 7-Year-Old Cisco Vulnerability: FBI appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

Russian APT Exploiting 7-Year-Old Cisco Vulnerability: FBI Read More »

WinRAR zero-day was exploited by two threat actors (CVE-2025-8088)

0-day, APT, backdoor, BI.ZONE, Canada, cyber espionage, Don't miss, ESET, Europe, exploit, Hot stuff, News, Russian Federation, spear-phishing, WinRAR /

WinRAR zero-day was exploited by two threat actors (CVE-2025-8088) 2025-08-12 at 16:11 By Zeljka Zorz The RomCom attackers aren’t the only ones that have been leveraging the newly unveiled WinRAR vulnerability (CVE-2025-8088) in zero-day attacks: according to Russian cybersecurity company BI.ZONE, a group tracked as Paper Werewolf has been using it to target Russian organizations.

React to this headline:

Loading spinner

WinRAR zero-day was exploited by two threat actors (CVE-2025-8088) Read More »

APT groups are getting personal, and CISOs should be concerned

APT, attacks, CISO, cybersecurity, Data Protection, Don't miss, Doppel, Features, Hot stuff, how-to, News, Privacy, strategy, threats, tips /

APT groups are getting personal, and CISOs should be concerned 2025-08-12 at 14:42 By Mirko Zorz Instead of focusing only on corporate systems, some APT groups are now going after executives in their personal lives. Home networks, private devices, and even family members have become targets. This approach works because executives often work remotely, store

React to this headline:

Loading spinner

APT groups are getting personal, and CISOs should be concerned Read More »

Russian Cyberspies Target Foreign Embassies in Moscow via AitM Attacks: Microsoft

APT, embassy, Featured, Nation-State, Secret Blizzard /

Russian Cyberspies Target Foreign Embassies in Moscow via AitM Attacks: Microsoft 2025-08-01 at 15:31 By Ionut Arghire Russian state-sponsored APT Secret Blizzard has used ISP-level AitM attacks to infect diplomatic devices with malware. The post Russian Cyberspies Target Foreign Embassies in Moscow via AitM Attacks: Microsoft appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Russian Cyberspies Target Foreign Embassies in Moscow via AitM Attacks: Microsoft Read More »

UK Sanctions Russian Hackers Tied to Assassination Attempts

APT, Government, Russia, Sanctions, UK /

UK Sanctions Russian Hackers Tied to Assassination Attempts 2025-07-22 at 13:34 By Ionut Arghire The UK government has sanctioned three Russian APTs and 18 individuals for their involvement in cyber operations against Ukraine, NATO allies, and EU. The post UK Sanctions Russian Hackers Tied to Assassination Attempts appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

UK Sanctions Russian Hackers Tied to Assassination Attempts Read More »

Chinese Hackers Target Chinese Users With RAT, Rootkit

APT, China, China APT, Malware, Malware & Threats, Silver Fox /

Chinese Hackers Target Chinese Users With RAT, Rootkit 2025-06-27 at 13:02 By Ionut Arghire China-linked Silver Fox hacking group is targeting Chinese users with fake installers carrying a RAT and a rootkit. The post Chinese Hackers Target Chinese Users With RAT, Rootkit appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

Chinese Hackers Target Chinese Users With RAT, Rootkit Read More »

Chinese APT Hacking Routers to Build Espionage Infrastructure

APT, China APT, cyberespionage, espionage, LapDogs, Malware, Nation-State, ShortLeash /

Chinese APT Hacking Routers to Build Espionage Infrastructure 2025-06-24 at 13:15 By Ionut Arghire A Chinese APT has been infecting SOHO routers with the ShortLeash backdoor to build stealthy espionage infrastructure. The post Chinese APT Hacking Routers to Build Espionage Infrastructure appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

React to this headline:

Loading spinner

Chinese APT Hacking Routers to Build Espionage Infrastructure Read More »

Fog Ransomware Attack Employs Unusual Tools

APT, China, China APT, Fog, Ransomware /

Fog Ransomware Attack Employs Unusual Tools 2025-06-13 at 13:20 By Ionut Arghire Multiple legitimate, unusual tools were used in a Fog ransomware attack, including one employed by Chinese hacking group APT41. The post Fog Ransomware Attack Employs Unusual Tools appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to

React to this headline:

Loading spinner

Fog Ransomware Attack Employs Unusual Tools Read More »

Microsoft, CrowdStrike Lead Effort to Map Threat Actor Names

APT, CrowdStrike, Featured, Malware & Threats, Management & Strategy, Microsoft, naming /

Microsoft, CrowdStrike Lead Effort to Map Threat Actor Names 2025-06-03 at 11:33 By Eduard Kovacs Microsoft and CrowdStrike are running a project that aims to align threat actor names, and Google and Palo Alto Networks will also contribute. The post Microsoft, CrowdStrike Lead Effort to Map Threat Actor Names appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

Microsoft, CrowdStrike Lead Effort to Map Threat Actor Names Read More »

Russia-linked hackers target webmail servers in Ukraine-related espionage operation

APT, cyber espionage, email security, ESET, News, Russian Federation, XSS /

Russia-linked hackers target webmail servers in Ukraine-related espionage operation 2025-05-15 at 12:01 By Help Net Security ESET researchers have uncovered RoundPress, a Russia-aligned espionage operation targeting webmail servers via XSS vulnerabilities. Behind it is most likely the Russia-aligned Sednit (also known as Fancy Bear or APT28) cyberespionage group, holding the ultimate goal of stealing confidential

React to this headline:

Loading spinner

Russia-linked hackers target webmail servers in Ukraine-related espionage operation Read More »

Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054)

0patch, APT, Check Point, Don't miss, enterprise, exploit, Government, HarfangLab, Hot stuff, News, phishing, vulnerability, Windows /

Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) 2025-04-17 at 16:52 By Zeljka Zorz CVE-2025-24054, a Windows NTLM hash disclosure vulnerability that Microsoft has issued patches for last month, has been leveraged by threat actors in campaigns targeting government and private institutions in Poland and Romania. “Active exploitation in the wild has been observed

React to this headline:

Loading spinner

Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) Read More »

Scroll to Top