APT

Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054)

0patch, APT, Check Point, Don't miss, enterprise, exploit, Government, HarfangLab, Hot stuff, News, phishing, vulnerability, Windows /

Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) 2025-04-17 at 16:52 By Zeljka Zorz CVE-2025-24054, a Windows NTLM hash disclosure vulnerability that Microsoft has issued patches for last month, has been leveraged by threat actors in campaigns targeting government and private institutions in Poland and Romania. “Active exploitation in the wild has been observed […]

React to this headline:

Loading spinner

Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) Read More »

Chinese APT Mustang Panda Updates, Expands Arsenal

APT, China, Malware, Mustang Panda, Nation-State /

Chinese APT Mustang Panda Updates, Expands Arsenal 2025-04-17 at 14:05 By Ionut Arghire The Chinese state-sponsored group Mustang Panda has used new and updated malicious tools in a recent attack. The post Chinese APT Mustang Panda Updates, Expands Arsenal appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to

React to this headline:

Loading spinner

Chinese APT Mustang Panda Updates, Expands Arsenal Read More »

Apple plugs zero-days holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201)

0-day, apple, APT, Don't miss, Google, Hot stuff, iOS, iPad, macOS, News, security update /

Apple plugs zero-days holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) 2025-04-17 at 12:02 By Zeljka Zorz Apple has released emergency security updates for iOS/iPadOS, macOS, tvOS and visionOS that fix two zero-day vulnerabilities (CVE-2025-31200, CVE-2025-31201) that have been exploited “in an extremely sophisticated attack against specific targeted individuals on iOS.” CVE-2025-31200 and CVE-2025-31201 CVE-2025-31200

React to this headline:

Loading spinner

Apple plugs zero-days holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) Read More »

China-linked FamousSparrow APT group resurfaces with enhanced capabilities

APT, China, cybercrime, cybersecurity, Don't miss, ESET, News, research, USA /

China-linked FamousSparrow APT group resurfaces with enhanced capabilities 2025-03-26 at 17:02 By Help Net Security ESET investigated suspicious activity on the network of a trade group in the United States that operates in the financial sector. While helping the affected entity remediate the compromise, they made an unexpected discovery in the victim’s system: malicious tools

React to this headline:

Loading spinner

China-linked FamousSparrow APT group resurfaces with enhanced capabilities Read More »

Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783)

0-day, APT, Chrome, Don't miss, exploit, Hot stuff, Kaspersky, News, Windows /

Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) 2025-03-26 at 13:08 By Zeljka Zorz Google is in the process of rolling out Chrome v134.0.6998.178 to Windows users to fix CVE-2025-2783, a zero-day vulnerability that allowed attackers to to bypass Chrome sandbox protections. The vulnerability was flagged by Kaspersky researchers, who discovered it being exploited by

React to this headline:

Loading spinner

Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) Read More »

Chinese APT Weaver Ant Targeting Telecom Providers in Asia

APT, China APT, Malware & Threats, telecoms, Weaver Ant /

Chinese APT Weaver Ant Targeting Telecom Providers in Asia 2025-03-25 at 13:54 By Ionut Arghire Weaver Ant, a cyberespionage-focused APT operating out of China, is targeting telecom providers for persistent access. The post Chinese APT Weaver Ant Targeting Telecom Providers in Asia appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

Chinese APT Weaver Ant Targeting Telecom Providers in Asia Read More »

Chinese I-Soon Hackers Hit 7 Organizations in Operation FishMedley

APT, China, espionage, FishMedley, i-Soon, Nation-State /

Chinese I-Soon Hackers Hit 7 Organizations in Operation FishMedley 2025-03-21 at 14:16 By Ionut Arghire The FishMonger APT group, a subdivision of Chinese cybersecurity firm I-Soon, compromised seven organizations in a 2022 campaign. The post Chinese I-Soon Hackers Hit 7 Organizations in Operation FishMedley appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Chinese I-Soon Hackers Hit 7 Organizations in Operation FishMedley Read More »

APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373)

APT, cyber espionage, cybercrime, Don't miss, exploit, Hot stuff, News, Windows /

APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373) 2025-03-19 at 16:00 By Zeljka Zorz State-sponsored threat actors and cybercrime groups from North Korea, Iran, Russia, and China have been exploiting a zero-day Windows vulnerability with no fix in sight for the last eight years, researchers with Trend Micro’s Zero Day Initiative

React to this headline:

Loading spinner

APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373) Read More »

11 State-Sponsored APTs Exploiting LNK Files for Espionage, Data Theft

APT, LNK, Malware, Malware & Threats, ZDI /

11 State-Sponsored APTs Exploiting LNK Files for Espionage, Data Theft 2025-03-18 at 16:02 By Eduard Kovacs ZDI has uncovered 1,000 malicious .lnk files used by state-sponsored and cybercrime threat actors to execute malicious commands. The post 11 State-Sponsored APTs Exploiting LNK Files for Espionage, Data Theft appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

11 State-Sponsored APTs Exploiting LNK Files for Espionage, Data Theft Read More »

North Korean Hackers Distributed Android Spyware via Google Play

APT, KoSpy, North Korea, ScarCruft, spyware, Uncategorized /

North Korean Hackers Distributed Android Spyware via Google Play 2025-03-13 at 15:01 By Eduard Kovacs The North Korea-linked APT37 has been observed targeting Android users with spyware distributed via Google Play. The post North Korean Hackers Distributed Android Spyware via Google Play appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

North Korean Hackers Distributed Android Spyware via Google Play Read More »

1,600 Victims Hit by South American APT’s Malware

APT, Blind Eagle, Colombia, cyberespionage, Nation-State, South America /

1,600 Victims Hit by South American APT’s Malware 2025-03-11 at 14:08 By Ionut Arghire South American cyberespionage group Blind Eagle has infected over 1,600 organizations in Colombia in a recent campaign. The post 1,600 Victims Hit by South American APT’s Malware appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

React to this headline:

Loading spinner

1,600 Victims Hit by South American APT’s Malware Read More »

China-based Silver Fox spoofs healthcare app to deliver malware

APT, backdoor, China, Don't miss, Forescout, healthcare, Hot stuff, News, programming, software development /

China-based Silver Fox spoofs healthcare app to deliver malware 2025-02-25 at 18:33 By Zeljka Zorz Silver Fox, a China-based threat actor that may or may not be backed by the Chinese government, has been delivering the ValleyRAT backdoor to unsuspecting users by disguising the malware as legitimate healthcare app (the Philips DICOM viewer), a Windows

React to this headline:

Loading spinner

China-based Silver Fox spoofs healthcare app to deliver malware Read More »

A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094)

0-day, APT, BeyondTrust, Don't miss, Hot stuff, News, PostgreSQL, Rapid7 /

A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094) 2025-02-17 at 15:49 By Zeljka Zorz The suspected Chinese state-sponsored hackers who breached workstations of several US Treasury employees in December 2024 did so by leveraging not one, but two zero-days, according to Rapid7 researchers. It was initially reported that the attackers compromised the

React to this headline:

Loading spinner

A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094) Read More »

Sandworm APT’s initial access subgroup hits organizations accross the globe

APT, Don't miss, energy sector, Hot stuff, Microsoft, News, Russian Federation, telecommunications /

Sandworm APT’s initial access subgroup hits organizations accross the globe 2025-02-13 at 15:34 By Zeljka Zorz A subgroup of Russia’s Sandworm APT has been working to achieve initial and persistent access to the IT networks of organizations working in economic sectors Russia is interested in. “In 2022, its primary focus was Ukraine, specifically targeting the

React to this headline:

Loading spinner

Sandworm APT’s initial access subgroup hits organizations accross the globe Read More »

Can AI Early Warning Systems Reboot the Threat Intel Industry?

APT, Artificial Intelligence, China, Google, Iran, Malware & Threats, Microsoft, North Korea, OpenAI, Threat Intelligence /

Can AI Early Warning Systems Reboot the Threat Intel Industry? 2025-02-10 at 13:02 By Ryan Naraine News analysis: The big AI platforms are emerging as frontline early warning systems, detecting nation-state hackers at the outset of their campaigns. Can this help save the threat intel industry? The post Can AI Early Warning Systems Reboot the

React to this headline:

Loading spinner

Can AI Early Warning Systems Reboot the Threat Intel Industry? Read More »

China-aligned PlushDaemon APT compromises supply chain of Korean VPN

APT, backdoor, China, cyber espionage, cybercrime, ESET, Malware, News, report, VPN /

China-aligned PlushDaemon APT compromises supply chain of Korean VPN 2025-01-22 at 08:04 By Help Net Security ESET researchers have uncovered a supply chain attack targeting a South Korean VPN provider, carried out by PlushDaemon, a newly identified China-aligned APT group. In this cyberespionage campaign, the attackers compromised the legitimate installer, replacing it with a malicious

React to this headline:

Loading spinner

China-aligned PlushDaemon APT compromises supply chain of Korean VPN Read More »

RomCom hackers chained Firefox and Windows zero-days to deliver backdoor

0-day, APT, backdoor, Don't miss, ESET, exploit, Firefox, Hot stuff, News, Russian Federation, Windows /

RomCom hackers chained Firefox and Windows zero-days to deliver backdoor 2024-11-26 at 12:18 By Zeljka Zorz Russia-aligned APT group RomCom was behind attacks that leveraged CVE-2024-9680, a remote code execution flaw in Firefox, and CVE-2024-49039, an elevation of privilege vulnerability in Windows Task Scheduler, as zero-days earlier this year. “Chaining together two zero-day vulnerabilities armed

React to this headline:

Loading spinner

RomCom hackers chained Firefox and Windows zero-days to deliver backdoor Read More »

Faraway Russian hackers breached US organization via Wi-Fi

APT, brute-force, credentials, Don't miss, enterprise, government-backed attacks, Hot stuff, MFA, News, Russian Federation, wireless /

Faraway Russian hackers breached US organization via Wi-Fi 2024-11-25 at 19:03 By Zeljka Zorz Forest Blizzard, a threat group associated with Russia’s GRU military intelligence service, repeatedly breached a US-based organization via compromised computer systems of nearby firms, which they leveraged to authenticate to the target’s enterprise Wi-Fi network. The repeated attacks Volexity, a company

React to this headline:

Loading spinner

Faraway Russian hackers breached US organization via Wi-Fi Read More »

Researchers unearth two previously unknown Linux backdoors

APT, backdoor, cybersecurity, Don't miss, ESET, Hot stuff, Linux, Malware, News, threat, VirusTotal /

Researchers unearth two previously unknown Linux backdoors 2024-11-21 at 12:12 By Help Net Security ESET researchers have identified multiple samples of two previously unknown Linux backdoors: WolfsBane and FireWood. The goal of the backdoors and tools discovered is cyberespionage that targets sensitive data such as system information, user credentials, and specific files and directories. These

React to this headline:

Loading spinner

Researchers unearth two previously unknown Linux backdoors Read More »

Scroll to Top