cyber espionage

China-linked Murky Panda targets and moves laterally through cloud services

China-linked Murky Panda targets and moves laterally through cloud services 2025-08-22 at 17:33 By Zeljka Zorz In its recently released 2025 Threat Hunting Report, Crowdstrike pointed out an interesting trend: a 136% surge in cloud intrusions. A good chunk of this surge is due to “China-nexus adversaries”, Murky Panda (aka Silk Typhoon) among them. Murky […]

React to this headline:

Loading spinner

China-linked Murky Panda targets and moves laterally through cloud services Read More »

Russian threat actors using old Cisco bug to target critical infrastructure orgs

Russian threat actors using old Cisco bug to target critical infrastructure orgs 2025-08-21 at 18:07 By Zeljka Zorz A threat group linked to the Russian Federal Security Service’s (FSB) Center 16 unit has been compromising unpatched and end-of-life Cisco networking devices via an old vulnerability (CVE-2018-0171), the FBI and Cisco warned on Wednesday. “Primary targets

React to this headline:

Loading spinner

Russian threat actors using old Cisco bug to target critical infrastructure orgs Read More »

WinRAR zero-day was exploited by two threat actors (CVE-2025-8088)

WinRAR zero-day was exploited by two threat actors (CVE-2025-8088) 2025-08-12 at 16:11 By Zeljka Zorz The RomCom attackers aren’t the only ones that have been leveraging the newly unveiled WinRAR vulnerability (CVE-2025-8088) in zero-day attacks: according to Russian cybersecurity company BI.ZONE, a group tracked as Paper Werewolf has been using it to target Russian organizations.

React to this headline:

Loading spinner

WinRAR zero-day was exploited by two threat actors (CVE-2025-8088) Read More »

Attackers breached ConnectWise, compromised customer ScreenConnect instances

Attackers breached ConnectWise, compromised customer ScreenConnect instances 2025-06-02 at 20:19 By Zeljka Zorz A suspected “sophisticated nation state actor” has compromised ScreenConnect cloud instances of a “very small number” of ConnectWise customers, the company has revealed on Wednesday. “We have not observed any additional suspicious activity in ScreenConnect cloud instances since the patch was released

React to this headline:

Loading spinner

Attackers breached ConnectWise, compromised customer ScreenConnect instances Read More »

Chinese cyber spies are using Ivanti EPMM flaws to breach EU, US organizations

Chinese cyber spies are using Ivanti EPMM flaws to breach EU, US organizations 2025-05-23 at 17:21 By Zeljka Zorz CVE-2025-4427 and CVE-2025-4428 – the two Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities that have been exploited in the wild as zero-days and patched by Ivanti last week – are being leveraged by a Chinese cyber espionage

React to this headline:

Loading spinner

Chinese cyber spies are using Ivanti EPMM flaws to breach EU, US organizations Read More »

Nation-state APTs ramp up attacks on Ukraine and the EU

Nation-state APTs ramp up attacks on Ukraine and the EU 2025-05-21 at 07:02 By Help Net Security Russian APT groups intensified attacks against Ukraine and the EU, exploiting zero-day vulnerabilities and deploying wipers, according to ESET. Ukraine faces rising cyber threats The Russia-aligned Sandworm group intensified destructive operations against Ukrainian energy companies, deploying a new

React to this headline:

Loading spinner

Nation-state APTs ramp up attacks on Ukraine and the EU Read More »

Russia-linked hackers target webmail servers in Ukraine-related espionage operation

Russia-linked hackers target webmail servers in Ukraine-related espionage operation 2025-05-15 at 12:01 By Help Net Security ESET researchers have uncovered RoundPress, a Russia-aligned espionage operation targeting webmail servers via XSS vulnerabilities. Behind it is most likely the Russia-aligned Sednit (also known as Fancy Bear or APT28) cyberespionage group, holding the ultimate goal of stealing confidential

React to this headline:

Loading spinner

Russia-linked hackers target webmail servers in Ukraine-related espionage operation Read More »

44% of the zero-days exploited in 2024 were in enterprise solutions

44% of the zero-days exploited in 2024 were in enterprise solutions 2025-04-29 at 21:18 By Zeljka Zorz In 2024, threat actors exploited 75 zero-days – i.e., vulnerabilities previously unknown to vendors, thus without a readily available patch – in a wide variety of attacks. Of these, 33 vulnerabilities (44%) affected enterprise solutions, which is up

React to this headline:

Loading spinner

44% of the zero-days exploited in 2024 were in enterprise solutions Read More »

Cozy Bear targets EU diplomats with wine-tasting invites (again)

Cozy Bear targets EU diplomats with wine-tasting invites (again) 2025-04-16 at 17:40 By Zeljka Zorz APT29 (aka Cozy Bear, aka Midnight Blizzard) is, once again, targeting European diplomats with fake invitations to wine-tasting events, Check Point researchers have shared. Cozy Bear uses wine-tastings and dinners as a lure In early 2024, Zscaler flagged a low-volume

React to this headline:

Loading spinner

Cozy Bear targets EU diplomats with wine-tasting invites (again) Read More »

Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457)

Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) 2025-04-03 at 21:01 By Zeljka Zorz A suspected Chinese APT group has exploited CVE-2025-22457 – a buffer overflow bug that was previously thought not to be exploitable – to compromise appliances running Ivanti Connect Secure (ICS) 22.7R2.5 or earlier or Pulse Connect Secure 9.1x. The vulnerability

React to this headline:

Loading spinner

Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) Read More »

CISA reveals new malware variant used on compromised Ivanti Connect Secure devices

CISA reveals new malware variant used on compromised Ivanti Connect Secure devices 2025-03-31 at 16:12 By Zeljka Zorz CISA has released indicators of compromise, detection signatures, and updated mitigation advice for rooting out a newly identified malware variant used by the attackers who breached Ivanti Connect Secure VPN appliances in December 2024 by exploiting the

React to this headline:

Loading spinner

CISA reveals new malware variant used on compromised Ivanti Connect Secure devices Read More »

APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373)

APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373) 2025-03-19 at 16:00 By Zeljka Zorz State-sponsored threat actors and cybercrime groups from North Korea, Iran, Russia, and China have been exploiting a zero-day Windows vulnerability with no fix in sight for the last eight years, researchers with Trend Micro’s Zero Day Initiative

React to this headline:

Loading spinner

APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373) Read More »

Hackers pose as employers to steal crypto, login credentials

Hackers pose as employers to steal crypto, login credentials 2025-02-20 at 12:03 By Help Net Security Since early 2024, ESET researchers have been tracking DeceptiveDevelopment, a series of malicious campaigns linked to North Korea-aligned operators. Disguising themselves as software development recruiters, these threat actors lure victims with fake job offers and deliver software projects embedded

React to this headline:

Loading spinner

Hackers pose as employers to steal crypto, login credentials Read More »

China-aligned PlushDaemon APT compromises supply chain of Korean VPN

China-aligned PlushDaemon APT compromises supply chain of Korean VPN 2025-01-22 at 08:04 By Help Net Security ESET researchers have uncovered a supply chain attack targeting a South Korean VPN provider, carried out by PlushDaemon, a newly identified China-aligned APT group. In this cyberespionage campaign, the attackers compromised the legitimate installer, replacing it with a malicious

React to this headline:

Loading spinner

China-aligned PlushDaemon APT compromises supply chain of Korean VPN Read More »

FBI confirms China-linked cyber espionage involving breached telecom providers

FBI confirms China-linked cyber espionage involving breached telecom providers 2024-11-14 at 14:16 By Zeljka Zorz After months of news reports that Chinese threat actors have breached the networks of US telecommunications and internet service providers, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have confirmed the success of the attacks, which were part

React to this headline:

Loading spinner

FBI confirms China-linked cyber espionage involving breached telecom providers Read More »

Sophos mounted counter-offensive operation to foil Chinese attackers

Sophos mounted counter-offensive operation to foil Chinese attackers 2024-10-31 at 16:04 By Help Net Security Sophos conducted defensive and counter-offensive operation over the last five years with multiple interlinked nation-state adversaries based in China targeting perimeter devices, including Sophos Firewalls. Espionage campaigns tied to Chinese hacking groups The attackers used a series of campaigns with

React to this headline:

Loading spinner

Sophos mounted counter-offensive operation to foil Chinese attackers Read More »

Russian hackers deliver malicious RDP configuration files to thousands

Russian hackers deliver malicious RDP configuration files to thousands 2024-10-30 at 12:49 By Zeljka Zorz Midnight Blizzard – a cyber espionage group that has been linked to the Russian Foreign Intelligence Service (SVR) – is targeting government, academia, defense, and NGO workers with phishing emails containing a signed Remote Desktop Protocol (RDP) configuration file. “Based

React to this headline:

Loading spinner

Russian hackers deliver malicious RDP configuration files to thousands Read More »

GoldenJackal APT group breaches air-gapped systems in Europe

GoldenJackal APT group breaches air-gapped systems in Europe 2024-10-09 at 07:01 By Help Net Security ESET researchers have discovered a series of attacks that took place in Europe from May 2022 to March 2024, where the attackers used a toolset capable of targeting air-gapped systems, in a governmental organization of a European Union country. Cyberespionage

React to this headline:

Loading spinner

GoldenJackal APT group breaches air-gapped systems in Europe Read More »

Scroll to Top