cyber espionage

How a noisy ransomware intrusion exposed a long-term espionage foothold

How a noisy ransomware intrusion exposed a long-term espionage foothold 2025-12-02 at 15:15 By Zeljka Zorz Getting breached by two separate and likely unconnected cyber attack groups is a nightmare scenario for any organization, but can result in an unexpected silver lining: the noisier intrusion can draw attention to a far stealthier threat that might […]

How a noisy ransomware intrusion exposed a long-term espionage foothold Read More »

Chinese cyber spies used Claude AI to automate 90% of their attack campaign, Anthropic claims

Chinese cyber spies used Claude AI to automate 90% of their attack campaign, Anthropic claims 2025-11-14 at 17:03 By Zeljka Zorz Anthropic threat researchers believe that they’ve uncovered and disrupted the first documented case of a cyberattack executed with the help of its agentic AI and minimal human intervention. “The threat actor manipulated [Anthropic’s large

Chinese cyber spies used Claude AI to automate 90% of their attack campaign, Anthropic claims Read More »

Cyber-espionage campaign mirroring Sandworm TTPs hit Russian and Belarusian military

Cyber-espionage campaign mirroring Sandworm TTPs hit Russian and Belarusian military 2025-11-03 at 15:57 By Zeljka Zorz A spear-phishing campaign aimed to compromise Russian and Belarusian military personnel by using military-themed documents as a lure has been flagged by Cyble and Seqrite security researchers. The goal of the campaign is to get targets to download and

Cyber-espionage campaign mirroring Sandworm TTPs hit Russian and Belarusian military Read More »

Unpatched Windows vulnerability continues to be exploited by APTs (CVE-2025-9491)

Unpatched Windows vulnerability continues to be exploited by APTs (CVE-2025-9491) 2025-10-31 at 17:09 By Zeljka Zorz A Windows vulnerability (CVE-2025-9491, aka ZDI-CAN-25373) that state-sponsored threat actors and cybercrime groups have been quietly leveraging since at least 2017 continues to be exploited for attacks. “Arctic Wolf Labs assesses with high confidence that [the campaign they detected]

Unpatched Windows vulnerability continues to be exploited by APTs (CVE-2025-9491) Read More »

Humanoid robot found vulnerable to Bluetooth hack, data leaks to China

Humanoid robot found vulnerable to Bluetooth hack, data leaks to China 2025-10-16 at 07:33 By Sinisa Markovic Alias Robotics has published an analysis of the Unitree G1 humanoid robot, concluding that the device can be exploited as a tool for espionage and cyber attacks. A robot that can be hacked through Bluetooth Their tests show

Humanoid robot found vulnerable to Bluetooth hack, data leaks to China Read More »

China-linked Murky Panda targets and moves laterally through cloud services

China-linked Murky Panda targets and moves laterally through cloud services 2025-08-22 at 17:33 By Zeljka Zorz In its recently released 2025 Threat Hunting Report, Crowdstrike pointed out an interesting trend: a 136% surge in cloud intrusions. A good chunk of this surge is due to “China-nexus adversaries”, Murky Panda (aka Silk Typhoon) among them. Murky

China-linked Murky Panda targets and moves laterally through cloud services Read More »

Russian threat actors using old Cisco bug to target critical infrastructure orgs

Russian threat actors using old Cisco bug to target critical infrastructure orgs 2025-08-21 at 18:07 By Zeljka Zorz A threat group linked to the Russian Federal Security Service’s (FSB) Center 16 unit has been compromising unpatched and end-of-life Cisco networking devices via an old vulnerability (CVE-2018-0171), the FBI and Cisco warned on Wednesday. “Primary targets

Russian threat actors using old Cisco bug to target critical infrastructure orgs Read More »

WinRAR zero-day was exploited by two threat actors (CVE-2025-8088)

WinRAR zero-day was exploited by two threat actors (CVE-2025-8088) 2025-08-12 at 16:11 By Zeljka Zorz The RomCom attackers aren’t the only ones that have been leveraging the newly unveiled WinRAR vulnerability (CVE-2025-8088) in zero-day attacks: according to Russian cybersecurity company BI.ZONE, a group tracked as Paper Werewolf has been using it to target Russian organizations.

WinRAR zero-day was exploited by two threat actors (CVE-2025-8088) Read More »

Attackers breached ConnectWise, compromised customer ScreenConnect instances

Attackers breached ConnectWise, compromised customer ScreenConnect instances 2025-06-02 at 20:19 By Zeljka Zorz A suspected “sophisticated nation state actor” has compromised ScreenConnect cloud instances of a “very small number” of ConnectWise customers, the company has revealed on Wednesday. “We have not observed any additional suspicious activity in ScreenConnect cloud instances since the patch was released

Attackers breached ConnectWise, compromised customer ScreenConnect instances Read More »

Chinese cyber spies are using Ivanti EPMM flaws to breach EU, US organizations

Chinese cyber spies are using Ivanti EPMM flaws to breach EU, US organizations 2025-05-23 at 17:21 By Zeljka Zorz CVE-2025-4427 and CVE-2025-4428 – the two Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities that have been exploited in the wild as zero-days and patched by Ivanti last week – are being leveraged by a Chinese cyber espionage

Chinese cyber spies are using Ivanti EPMM flaws to breach EU, US organizations Read More »

Nation-state APTs ramp up attacks on Ukraine and the EU

Nation-state APTs ramp up attacks on Ukraine and the EU 2025-05-21 at 07:02 By Help Net Security Russian APT groups intensified attacks against Ukraine and the EU, exploiting zero-day vulnerabilities and deploying wipers, according to ESET. Ukraine faces rising cyber threats The Russia-aligned Sandworm group intensified destructive operations against Ukrainian energy companies, deploying a new

Nation-state APTs ramp up attacks on Ukraine and the EU Read More »

Russia-linked hackers target webmail servers in Ukraine-related espionage operation

Russia-linked hackers target webmail servers in Ukraine-related espionage operation 2025-05-15 at 12:01 By Help Net Security ESET researchers have uncovered RoundPress, a Russia-aligned espionage operation targeting webmail servers via XSS vulnerabilities. Behind it is most likely the Russia-aligned Sednit (also known as Fancy Bear or APT28) cyberespionage group, holding the ultimate goal of stealing confidential

Russia-linked hackers target webmail servers in Ukraine-related espionage operation Read More »

44% of the zero-days exploited in 2024 were in enterprise solutions

44% of the zero-days exploited in 2024 were in enterprise solutions 2025-04-29 at 21:18 By Zeljka Zorz In 2024, threat actors exploited 75 zero-days – i.e., vulnerabilities previously unknown to vendors, thus without a readily available patch – in a wide variety of attacks. Of these, 33 vulnerabilities (44%) affected enterprise solutions, which is up

44% of the zero-days exploited in 2024 were in enterprise solutions Read More »

Cozy Bear targets EU diplomats with wine-tasting invites (again)

Cozy Bear targets EU diplomats with wine-tasting invites (again) 2025-04-16 at 17:40 By Zeljka Zorz APT29 (aka Cozy Bear, aka Midnight Blizzard) is, once again, targeting European diplomats with fake invitations to wine-tasting events, Check Point researchers have shared. Cozy Bear uses wine-tastings and dinners as a lure In early 2024, Zscaler flagged a low-volume

Cozy Bear targets EU diplomats with wine-tasting invites (again) Read More »

Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457)

Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) 2025-04-03 at 21:01 By Zeljka Zorz A suspected Chinese APT group has exploited CVE-2025-22457 – a buffer overflow bug that was previously thought not to be exploitable – to compromise appliances running Ivanti Connect Secure (ICS) 22.7R2.5 or earlier or Pulse Connect Secure 9.1x. The vulnerability

Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) Read More »

CISA reveals new malware variant used on compromised Ivanti Connect Secure devices

CISA reveals new malware variant used on compromised Ivanti Connect Secure devices 2025-03-31 at 16:12 By Zeljka Zorz CISA has released indicators of compromise, detection signatures, and updated mitigation advice for rooting out a newly identified malware variant used by the attackers who breached Ivanti Connect Secure VPN appliances in December 2024 by exploiting the

CISA reveals new malware variant used on compromised Ivanti Connect Secure devices Read More »

APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373)

APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373) 2025-03-19 at 16:00 By Zeljka Zorz State-sponsored threat actors and cybercrime groups from North Korea, Iran, Russia, and China have been exploiting a zero-day Windows vulnerability with no fix in sight for the last eight years, researchers with Trend Micro’s Zero Day Initiative

APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373) Read More »

Hackers pose as employers to steal crypto, login credentials

Hackers pose as employers to steal crypto, login credentials 2025-02-20 at 12:03 By Help Net Security Since early 2024, ESET researchers have been tracking DeceptiveDevelopment, a series of malicious campaigns linked to North Korea-aligned operators. Disguising themselves as software development recruiters, these threat actors lure victims with fake job offers and deliver software projects embedded

Hackers pose as employers to steal crypto, login credentials Read More »

Scroll to Top