APT

Cisco SD-WAN 0-day exploited, no patch available (CVE-2026-20245)

0-day, APT, Cisco, Don't miss, exploit, Hot stuff, Mandiant, News, SD-WAN /

Cisco SD-WAN 0-day exploited, no patch available (CVE-2026-20245) 2026-06-05 at 15:49 By Zeljka Zorz A 0-day privilege escalation vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager that has yet to be patched by Cisco is being leveraged by attackers. “To exploit this vulnerability, an attacker must have netadmin privileges on an affected system. This would require […]

Cisco SD-WAN 0-day exploited, no patch available (CVE-2026-20245) Read More »

Oil shipments, drone makers, and a poisoned code library targeted in recent APT campaigns

APT, China, cybercrime, ESET, Iran, News, North Korea, report, Russian Federation, Ukraine /

Oil shipments, drone makers, and a poisoned code library targeted in recent APT campaigns 2026-05-28 at 12:42 By Sinisa Markovic Geopolitical pressure drove much of the state-sponsored cyber activity recorded between October 2025 and March 2026, according to ESET’s latest APT Activity Report. Espionage groups aligned with China, North Korea, Russia, and Iran adjusted their

Oil shipments, drone makers, and a poisoned code library targeted in recent APT campaigns Read More »

Coinflow CISO on crypto payments security under AI pressure

APT, boardroom, CISO, communication, conferences, Crypto, cyber risk, cybercrime, cybersecurity, Don't miss, enterprise, Features, fraud, Hot stuff, News, opinion, Risk Management, Span, strategy, tips /

Coinflow CISO on crypto payments security under AI pressure 2026-05-27 at 09:24 By Mirko Zorz Crypto payment firms sit near the top of the target list for advanced persistent threat groups, and the workload on their security leaders keeps growing. Malcolm Portelli, CISO at Coinflow, runs the company’s security program from Malta. Coinflow is headquartered

Coinflow CISO on crypto payments security under AI pressure Read More »

Iranian APT Targets Aviation, Software Companies With Updated Tools

APT, APT35, Charming Kitten, Iran, Malware & Threats, Nimbus Manticore /

Iranian APT Targets Aviation, Software Companies With Updated Tools 2026-05-26 at 17:32 By Ionut Arghire Nimbus Manticore has continued its operations during and after the US military campaign against Iran. The post Iranian APT Targets Aviation, Software Companies With Updated Tools appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Iranian APT Targets Aviation, Software Companies With Updated Tools Read More »

Webworm APT targets European government organizations with new backdoors

APT, backdoor, ESET, Europe, Government, Hot stuff, News /

Webworm APT targets European government organizations with new backdoors 2026-05-20 at 17:48 By Anamarija Pogorelec ESET has released an analysis of the 2025 activity of Webworm, a China-aligned APT group tracked as Space Pirates and UAT-8302. Active since at least 2022, the group initially focused on targets in Asia, but has recently expanded its operations

Webworm APT targets European government organizations with new backdoors Read More »

Cisco patches another actively exploited SD-WAN zero-day (CVE-2026-20182)

0-day, APT, Cisco, Don't miss, Hot stuff, News, Rapid7, SD-WAN /

Cisco patches another actively exploited SD-WAN zero-day (CVE-2026-20182) 2026-05-15 at 16:07 By Zeljka Zorz Cisco has patched yet another Catalyst SD-WAN Controller authentication bypass vulnerability (CVE-2026-20182) that has been exploited as a zero-day by “a highly sophisticated cyber threat actor”. About CVE-2026-20182 CVE-2026-20182 – affecting both Cisco Catalyst SD-WAN Controller (the “brain” of the Cisco

Cisco patches another actively exploited SD-WAN zero-day (CVE-2026-20182) Read More »

Google researchers uncover criminal zero-day exploit likely built with AI

0-day, AI, APT, attack, cybercrime, cybersecurity, Don't miss, exploit, Google, Google Cloud, Hot stuff, Mandiant, News, report, Russian Federation, threats /

Google researchers uncover criminal zero-day exploit likely built with AI 2026-05-11 at 16:48 By Mirko Zorz Google’s threat intelligence researchers have linked a zero-day exploit to AI-assisted development by a criminal group. The exploit targeted a popular open-source web-based system administration tool. It allowed attackers to bypass two-factor authentication once they had valid user credentials.

Google researchers uncover criminal zero-day exploit likely built with AI Read More »

State-sponsored hackers likely behind zero-day attacks on Palo Alto firewalls

0-day, APT, Don't miss, firewall, government-backed attacks, Hot stuff, News, Palo Alto Networks /

State-sponsored hackers likely behind zero-day attacks on Palo Alto firewalls 2026-05-08 at 01:14 By Zeljka Zorz Palo Alto Networks believes the in-the-wild exploitation of a zero-day vulnerability (CVE-2026-0300) in its firewalls is likely the work of state-sponsored threat actors. A flaw with no patch (yet) CVE-2026-0300 is a buffer overflow vulnerability in the User-ID Authentication

State-sponsored hackers likely behind zero-day attacks on Palo Alto firewalls Read More »

GopherWhisper APT group hides command and control traffic in Slack and Discord

APT, backdoor, cybercrime, cybersecurity, Don't miss, ESET, News /

GopherWhisper APT group hides command and control traffic in Slack and Discord 2026-04-23 at 12:17 By Anamarija Pogorelec Attackers continue to lean on everyday collaboration platforms to hide command and control traffic inside normal enterprise noise. A newly identified China-aligned APT group pushes that trend further, running its operations through Slack workspaces, Discord servers, Outlook

GopherWhisper APT group hides command and control traffic in Slack and Discord Read More »

US Disrupts Russian Espionage Operation Involving Hacked Routers and DNS Hijacking

APT, APT28, disrupted, Featured, Forest Blizzard, Government, Malware & Threats, Nation-State, Russia, takedown /

US Disrupts Russian Espionage Operation Involving Hacked Routers and DNS Hijacking 2026-04-08 at 15:06 By Eduard Kovacs The APT28 threat group exploited vulnerable TP-Link and MikroTik routers to conduct adversary-in-the-middle (AitM) attacks. The post US Disrupts Russian Espionage Operation Involving Hacked Routers and DNS Hijacking appeared first on SecurityWeek. This article is an excerpt from

US Disrupts Russian Espionage Operation Involving Hacked Routers and DNS Hijacking Read More »

Russian APT Star Blizzard Adopts DarkSword iOS Exploit Kit

APT, DarkSword, iOS, Mobile & Wireless, Nation-State, Russia, Star Blizzard /

Russian APT Star Blizzard Adopts DarkSword iOS Exploit Kit 2026-03-30 at 15:16 By Ionut Arghire The state-sponsored group’s campaign has targeted government, higher education, financial, and legal entities, as well as think tanks. The post Russian APT Star Blizzard Adopts DarkSword iOS Exploit Kit appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Russian APT Star Blizzard Adopts DarkSword iOS Exploit Kit Read More »

Iran Readied Cyberattack Capabilities for Response Prior to Epic Fury

APT, cyberattack, Cyberwarfare, Epic Fury, Featured, hackers, Iran, Threat Intelligence /

Iran Readied Cyberattack Capabilities for Response Prior to Epic Fury 2026-03-19 at 18:19 By Kevin Townsend Analysis reveals a six-month buildup of Iran-linked cyber infrastructure, including US-based shell companies, designed to weather kinetic strikes and ensure the resilience of its global hacking operations. The post Iran Readied Cyberattack Capabilities for Response Prior to Epic Fury

Iran Readied Cyberattack Capabilities for Response Prior to Epic Fury Read More »

Iran-linked APT targets US critical sectors with new backdoors

APT, backdoor, Carbon Black, Ctrl-Alt-Intel, cyber espionage, Don't miss, Hot stuff, Iran, Israel, News, Symantec, USA /

Iran-linked APT targets US critical sectors with new backdoors 2026-03-06 at 15:56 By Zeljka Zorz An Iran-linked hacking group has been active inside the networks of several US organizations since early February, raising concerns that the activity could precede broader cyber operations connected to escalating geopolitical tensions in the Middle East. New backdoors used by

Iran-linked APT targets US critical sectors with new backdoors Read More »

Iranian APT Hacked US Airport, Bank, Software Company

APT, cyberespionage, espionage, Featured, Iran, MuddyWater, Nation-State, US /

Iranian APT Hacked US Airport, Bank, Software Company 2026-03-06 at 13:37 By Ionut Arghire The attacks, observed since February, show that Iranian hackers already have a presence in the networks of US organizations. The post Iranian APT Hacked US Airport, Bank, Software Company appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Iranian APT Hacked US Airport, Bank, Software Company Read More »

Poland’s energy control systems were breached through exposed VPN access

APT, attacks, CERT-PL, disruption, Don't miss, energy sector, EU, Europe, Malware, News, poland, Russian Federation /

Poland’s energy control systems were breached through exposed VPN access 2026-02-06 at 16:27 By Sinisa Markovic On 29 December 2025, coordinated cyberattacks unfolded across Poland’s critical infrastructure, targeting energy and industrial organizations. The attackers struck numerous wind and solar farms, a private manufacturing company, and a heat and power (CHP) plant, but failed to negatively

Poland’s energy control systems were breached through exposed VPN access Read More »

Russian hackers are exploiting recently patched Microsoft Office vulnerability (CVE-2026-21509)

APT, CERT-UA, cyber espionage, Don't miss, government-backed attacks, Hot stuff, Microsoft, MS Office, News, vulnerability, Zscaler /

Russian hackers are exploiting recently patched Microsoft Office vulnerability (CVE-2026-21509) 2026-02-03 at 17:21 By Zeljka Zorz Russian state-sponsored hackers Fancy Bear (aka APT 28) are exploiting CVE-2026-21509, a Microsoft Office vulnerability for which Microsoft released an emergency fix last week. The exploitation CVE-2026-21509 allows unauthorized attackers to bypass a security feature (OLE mitigations in Microsoft

Russian hackers are exploiting recently patched Microsoft Office vulnerability (CVE-2026-21509) Read More »

Notepad++ supply chain attack: Researchers reveal details, IoCs, targets

APT, Asia, China, cyber espionage, Don't miss, government-backed attacks, Hot stuff, Kaspersky, News, Rapid7 /

Notepad++ supply chain attack: Researchers reveal details, IoCs, targets 2026-02-03 at 15:34 By Zeljka Zorz Rapid7 researchers have attributed the recent hijacking of the Notepad++ update mechanism to Lotus Blossom (aka Billbug), a Chinese state-sponsored group known for targeting organizations in Southeast Asia for espionage purposes. On Wednesday, Kaspersky researchers shared the insights they’ve gleaned

Notepad++ supply chain attack: Researchers reveal details, IoCs, targets Read More »

Russia’s APT28 Rapidly Weaponizes Newly Patched Office Vulnerability 

APT, APT28, exploited, Featured, Malware & Threats, Nation-State, Office, Russia, Vulnerabilities /

Russia’s APT28 Rapidly Weaponizes Newly Patched Office Vulnerability  2026-02-03 at 15:15 By Eduard Kovacs The attacks targeting Europe were analyzed by Ukraine’s CERT-UA and the cybersecurity company Zscaler. The post Russia’s APT28 Rapidly Weaponizes Newly Patched Office Vulnerability  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Russia’s APT28 Rapidly Weaponizes Newly Patched Office Vulnerability  Read More »

WinRAR vulnerability still a go-to tool for hackers, Mandiant warns

APT, BI.ZONE, cybercrime, Don't miss, exploit, Hot stuff, Malware, Mandiant, News, WinRAR /

WinRAR vulnerability still a go-to tool for hackers, Mandiant warns 2026-01-28 at 17:02 By Zeljka Zorz State-sponsored hackers and financially motivated attackers continue leveraging a critical WinRAR vulnerability (CVE-2025-8088) that’s been fixed over half a year ago. CVE-2025-8088 is a path traversal vulnerability that can be exploited via maliciously crafted RAR archives. “The exploit chain

WinRAR vulnerability still a go-to tool for hackers, Mandiant warns Read More »

Poland repels data-wiping malware attack on energy systems

APT, cyber resilience, disruption, Don't miss, energy sector, ESET, EU, govern, Hot stuff, Malware, News, poland, Russian Federation /

Poland repels data-wiping malware attack on energy systems 2026-01-26 at 14:37 By Zeljka Zorz Suspected Russian cyber attackers tried to take down parts of Poland’s energy infrastructure with new data-wiping malware – and failed. According to information shared by the Polish government earlier this month, the attacks happened on 29 and 30 December 2025, and

Poland repels data-wiping malware attack on energy systems Read More »

Scroll to Top