APT

Cisco fixes AsyncOS vulnerability exploited in zero-day attacks (CVE-2025-20393)

APT, backdoor, China, Cisco, cyber espionage, Don't miss, email security, enterprise, Hot stuff, News /

Cisco fixes AsyncOS vulnerability exploited in zero-day attacks (CVE-2025-20393) 2026-01-16 at 17:05 By Zeljka Zorz Cisco has finally shipped security updates for its Email Security Gateway and Secure Email and Web Manager devices, which fix CVE-2025-20393, a vulnerability in the devices’ AsyncOS that has been exploited as a zero-day by suspected Chinese attackers since at […]

Cisco fixes AsyncOS vulnerability exploited in zero-day attacks (CVE-2025-20393) Read More »

Group Policy abuse reveals China-aligned espionage group targeting governments

APT, China, cybercrime, ESET, Malware, News, surveillance /

Group Policy abuse reveals China-aligned espionage group targeting governments 2025-12-18 at 13:42 By Anamarija Pogorelec ESET Research has identified a previously undocumented China-aligned advanced persistent threat group that uses Windows Group Policy to deploy malware and move through victim networks. The group, tracked as LongNosedGoblin, has targeted government institutions in Southeast Asia and Japan with

Group Policy abuse reveals China-aligned espionage group targeting governments Read More »

Cisco email security appliances rooted and backdoored via still unpatched zero-day

APT, backdoor, China, Cisco, cyber espionage, Don't miss, email security, enterprise, Hot stuff, News /

Cisco email security appliances rooted and backdoored via still unpatched zero-day 2025-12-17 at 21:47 By Zeljka Zorz A suspected Chinese-nexus threat group has been compromising Cisco email security devices and planting backdoors and log-purging tools on them since at least late November 2025, Cisco Talos researchers have shared. “Our analysis indicates that appliances with non-standard

Cisco email security appliances rooted and backdoored via still unpatched zero-day Read More »

Amazon: Russian Hackers Now Favor Misconfigurations in Critical Infrastructure Attacks

Amazon, APT, critical infrastructure, Malware & Threats, Nation-State, Russia, Sandworm /

Amazon: Russian Hackers Now Favor Misconfigurations in Critical Infrastructure Attacks 2025-12-16 at 15:25 By Eduard Kovacs After years of exploiting zero-day and n-day vulnerabilities, Russian state-sponsored threat actors are shifting to misconfigured devices. The post Amazon: Russian Hackers Now Favor Misconfigurations in Critical Infrastructure Attacks appeared first on SecurityWeek. This article is an excerpt from

Amazon: Russian Hackers Now Favor Misconfigurations in Critical Infrastructure Attacks Read More »

Reporters Without Borders Targeted by Russian Hackers

APT, Malware & Threats, Nation-State, Reporters Without Borders, RSF, Russia, Star Blizzard /

Reporters Without Borders Targeted by Russian Hackers 2025-12-04 at 17:06 By Ionut Arghire The state-sponsored hackers relied on phishing emails to deliver a malicious payload to Reporters Without Borders (RSF). The post Reporters Without Borders Targeted by Russian Hackers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Reporters Without Borders Targeted by Russian Hackers Read More »

How a noisy ransomware intrusion exposed a long-term espionage foothold

APT, cyber espionage, cybercriminals, Don't miss, Hot stuff, News, Positive Technologies, Ransomware, threat detection /

How a noisy ransomware intrusion exposed a long-term espionage foothold 2025-12-02 at 15:15 By Zeljka Zorz Getting breached by two separate and likely unconnected cyber attack groups is a nightmare scenario for any organization, but can result in an unexpected silver lining: the noisier intrusion can draw attention to a far stealthier threat that might

How a noisy ransomware intrusion exposed a long-term espionage foothold Read More »

Chinese Cyberspies Deploy ‘BadAudio’ Malware via Supply Chain Attacks

APT, BadAudio, China, China APT, Malware, Malware & Threats, Nation-State, supply chain /

Chinese Cyberspies Deploy ‘BadAudio’ Malware via Supply Chain Attacks 2025-11-21 at 13:46 By Ionut Arghire APT24 has been relying on various techniques to drop the BadAudio downloader and then deploy additional payloads. The post Chinese Cyberspies Deploy ‘BadAudio’ Malware via Supply Chain Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Chinese Cyberspies Deploy ‘BadAudio’ Malware via Supply Chain Attacks Read More »

Russia-linked hackers intensify attacks as global APT activity shifts

APT, China, cybercrime, Don't miss, ESET, EU, Europe, News, North Korea, report, Russian Federation /

Russia-linked hackers intensify attacks as global APT activity shifts 2025-11-06 at 14:50 By Anamarija Pogorelec State-aligned hacking groups have spent the past six months ramping up espionage, sabotage, and cybercrime campaigns across multiple regions, according to ESET’s APT Activity Report covering April through September 2025. The research highlights how operations linked to Russia, China, Iran,

Russia-linked hackers intensify attacks as global APT activity shifts Read More »

Google uncovers malware using LLMs to operate and evade detection

APT, Artificial Intelligence, cybercriminals, data theft, Don't miss, Google, Hot stuff, LLMs, Malware, News, Threat Intelligence /

Google uncovers malware using LLMs to operate and evade detection 2025-11-05 at 20:53 By Zeljka Zorz PromptLock, the AI-powered proof-of-concept ransomware developed by researchers at NYU Tandon and initially mistaken for an active threat by ESET, is no longer an isolated example: Google’s latest report shows attackers are now creating and deploying other malware that

Google uncovers malware using LLMs to operate and evade detection Read More »

Italian-made spyware Dante linked to Chrome zero-day exploitation campaign

0-day, APT, Chrome, Don't miss, exploit, Hacking Team, Hot stuff, Kaspersky, Memento Labs, News, spyware, Windows /

Italian-made spyware Dante linked to Chrome zero-day exploitation campaign 2025-10-28 at 16:28 By Zeljka Zorz CVE-2025-2783, a Chrome zero-day vulnerability that was detected being exploited in March 2025 and was subsequently fixed by Google, was used by unknown attackers to deliver LeetAgent, suspected commercial spyware. An analysis of the malware’s code and the campaign’s infrastructure

Italian-made spyware Dante linked to Chrome zero-day exploitation campaign Read More »

Russian APT Switches to New Backdoor After Malware Exposed by Researchers

APT, Callisto, Malware, Nation-State, Russia, Russian APT, Star Blizzard /

Russian APT Switches to New Backdoor After Malware Exposed by Researchers 2025-10-22 at 15:03 By Ionut Arghire Star Blizzard started using the NoRobot (BaitSwitch) and MaybeRobot (SimpleFix) malware after public reporting on the LostKeys malware. The post Russian APT Switches to New Backdoor After Malware Exposed by Researchers appeared first on SecurityWeek. This article is

Russian APT Switches to New Backdoor After Malware Exposed by Researchers Read More »

China-linked Salt Typhoon hackers attempt to infiltrate European telco

APT, Darktrace, Don't miss, Europe, government-backed attacks, Hot stuff, News, telecommunications /

China-linked Salt Typhoon hackers attempt to infiltrate European telco 2025-10-20 at 18:42 By Zeljka Zorz Salt Typhoon, the China-linked APT group that has a penchant for targeting telecommunications companies, has been spotted trying to sneak into yet another one. The intrusion “Darktrace observed activity in a European telecommunications organisation consistent with Salt Typhoon’s known tactics,

China-linked Salt Typhoon hackers attempt to infiltrate European telco Read More »

Legit tools, illicit uses: Velociraptor, Nezha turned against victims

APT, attack tools, Cisco, Don't miss, Hot stuff, Huntress, News, open source, Ransomware, Sophos /

Legit tools, illicit uses: Velociraptor, Nezha turned against victims 2025-10-09 at 19:19 By Zeljka Zorz Threat actors are using an increasing variety of commercial and open-source products to carry out their attacks: according to researchers, Velociraptor and Nezha are the latest additions to their attack toolbox. Velociraptor misuse A suspected China-based ransomware threat actor has

Legit tools, illicit uses: Velociraptor, Nezha turned against victims Read More »

Chinese APT ‘Phantom Taurus’ Targeting Organizations With Net-Star Malware

APT, China, China APT, espionage, Malware, Nation-State, Net-Star, Phantom Taurus /

Chinese APT ‘Phantom Taurus’ Targeting Organizations With Net-Star Malware 2025-10-01 at 16:33 By Ionut Arghire Focused on espionage, the threat actor shares infrastructure with Chinese APTs, but uses different TTPs in attacks. The post Chinese APT ‘Phantom Taurus’ Targeting Organizations With Net-Star Malware appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Chinese APT ‘Phantom Taurus’ Targeting Organizations With Net-Star Malware Read More »

Agentic AI coding assistant helped attacker breach, extort 17 distinct organizations

Anthropic, APT, Artificial Intelligence, cybercriminals, data theft, Don't miss, ESET, extortion, Hot stuff, LLMs, News, North Korea /

Agentic AI coding assistant helped attacker breach, extort 17 distinct organizations 2025-08-28 at 15:29 By Zeljka Zorz Cybercriminals have started “vibe hacking” with AI’s help, AI startup Anthropic has shared in a report released on Wednesday. An attacker used the agentic AI coding assistant Claude Code for nearly all steps of a data extortion operation

Agentic AI coding assistant helped attacker breach, extort 17 distinct organizations Read More »

Pakistani Hackers Back at Targeting Indian Government Entities

APT, APT36, India, Nation-State, Pakistan, Transparent Tribe /

Pakistani Hackers Back at Targeting Indian Government Entities 2025-08-25 at 16:38 By Ionut Arghire Pakistani state-sponsored hacking group APT36 is targeting Linux systems in a fresh campaign aimed at Indian government entities. The post Pakistani Hackers Back at Targeting Indian Government Entities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Pakistani Hackers Back at Targeting Indian Government Entities Read More »

China-linked Murky Panda targets and moves laterally through cloud services

APT, China, Cloud, CrowdStrike, cyber espionage, Don't miss, Hot stuff, News /

China-linked Murky Panda targets and moves laterally through cloud services 2025-08-22 at 17:33 By Zeljka Zorz In its recently released 2025 Threat Hunting Report, Crowdstrike pointed out an interesting trend: a 136% surge in cloud intrusions. A good chunk of this surge is due to “China-nexus adversaries”, Murky Panda (aka Silk Typhoon) among them. Murky

China-linked Murky Panda targets and moves laterally through cloud services Read More »

Russian APT Exploiting 7-Year-Old Cisco Vulnerability: FBI

APT, Cisco, Dragonfly, exploited, Nation-State, Russia, Static Tundra /

Russian APT Exploiting 7-Year-Old Cisco Vulnerability: FBI 2025-08-21 at 14:16 By Ionut Arghire Russian state-sponsored hackers tracked as Static Tundra continue to target Cisco devices affected by CVE-2018-0171. The post Russian APT Exploiting 7-Year-Old Cisco Vulnerability: FBI appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Russian APT Exploiting 7-Year-Old Cisco Vulnerability: FBI Read More »

WinRAR zero-day was exploited by two threat actors (CVE-2025-8088)

0-day, APT, backdoor, BI.ZONE, Canada, cyber espionage, Don't miss, ESET, Europe, exploit, Hot stuff, News, Russian Federation, spear-phishing, WinRAR /

WinRAR zero-day was exploited by two threat actors (CVE-2025-8088) 2025-08-12 at 16:11 By Zeljka Zorz The RomCom attackers aren’t the only ones that have been leveraging the newly unveiled WinRAR vulnerability (CVE-2025-8088) in zero-day attacks: according to Russian cybersecurity company BI.ZONE, a group tracked as Paper Werewolf has been using it to target Russian organizations.

WinRAR zero-day was exploited by two threat actors (CVE-2025-8088) Read More »

Scroll to Top