government-backed attacks - Security Ticks

State-sponsored hackers likely behind zero-day attacks on Palo Alto firewalls

0-day, APT, Don't miss, firewall, government-backed attacks, Hot stuff, News, Palo Alto Networks / SecurityTicks

State-sponsored hackers likely behind zero-day attacks on Palo Alto firewalls 2026-05-08 at 01:14 By Zeljka Zorz Palo Alto Networks believes the in-the-wild exploitation of a zero-day vulnerability (CVE-2026-0300) in its firewalls is likely the work of state-sponsored threat actors. A flaw with no patch (yet) CVE-2026-0300 is a buffer overflow vulnerability in the User-ID Authentication […]

State-sponsored hackers likely behind zero-day attacks on Palo Alto firewalls Read More »

New Cisco firewall malware can only be killed by pulling the plug

backdoor, CISA, Cisco, Don't miss, firewall, government-backed attacks, Hot stuff, NCSC, News / SecurityTicks

New Cisco firewall malware can only be killed by pulling the plug 2026-04-24 at 13:17 By Zeljka Zorz Suspected state-sponsored attackers are using a custom backdoor to persistently compromise Cisco security devices (firewalls), the US CISA and the UK National Cyber Security Centre warned on Thusday. “The [Firestarter] malware (…) is relevant for both Cisco

New Cisco firewall malware can only be killed by pulling the plug Read More »

With AI’s help, North Korean hackers stumbled into a near-undetectable attack

AI, Crypto, Don't miss, Expel, government-backed attacks, Hot stuff, malware detection, News, North Korea, social engineering, theft, web development / SecurityTicks

With AI’s help, North Korean hackers stumbled into a near-undetectable attack 2026-04-24 at 08:22 By Zeljka Zorz For many years, state-sponsored hacking was defined by human expertise in finding security holes, writing malware and exploits, pulling off social engineering and phishing attacks, and much more. Since the advent of LLM-powered AI assistants and tools, less

With AI’s help, North Korean hackers stumbled into a near-undetectable attack Read More »

Russian hackers crack into officials’ Signal and WhatsApp accounts

cyberattack, EU, government-backed attacks, News, phishing, Russian Federation, Signal, WhatsApp / SecurityTicks

Russian hackers crack into officials’ Signal and WhatsApp accounts 2026-03-09 at 17:02 By Sinisa Markovic Russian state hackers are trying to break into Signal and WhatsApp accounts used by diplomats, military staff, and government officials worldwide, Dutch intelligence agencies warned. They believe journalists and other people who attract attention from Moscow may also be affected.

Russian hackers crack into officials’ Signal and WhatsApp accounts Read More »

State-backed phishing attacks targeting military officials and journalists on Signal

cyber espionage, Don't miss, Europe, Germany, government-backed attacks, Hot stuff, News, phishing, Signal / SecurityTicks

State-backed phishing attacks targeting military officials and journalists on Signal 2026-02-06 at 16:53 By Zeljka Zorz German security authorities are warning that a likely state-backed hacking group is engaged in attempts at phishing senior political figures, military officials, diplomats, and investigative journalists across Germany and Europe via Signal. The authorities also noted that while these

State-backed phishing attacks targeting military officials and journalists on Signal Read More »

Russian hackers are exploiting recently patched Microsoft Office vulnerability (CVE-2026-21509)

APT, CERT-UA, cyber espionage, Don't miss, government-backed attacks, Hot stuff, Microsoft, MS Office, News, vulnerability, Zscaler / SecurityTicks

Russian hackers are exploiting recently patched Microsoft Office vulnerability (CVE-2026-21509) 2026-02-03 at 17:21 By Zeljka Zorz Russian state-sponsored hackers Fancy Bear (aka APT 28) are exploiting CVE-2026-21509, a Microsoft Office vulnerability for which Microsoft released an emergency fix last week. The exploitation CVE-2026-21509 allows unauthorized attackers to bypass a security feature (OLE mitigations in Microsoft

Russian hackers are exploiting recently patched Microsoft Office vulnerability (CVE-2026-21509) Read More »

Notepad++ supply chain attack: Researchers reveal details, IoCs, targets

APT, Asia, China, cyber espionage, Don't miss, government-backed attacks, Hot stuff, Kaspersky, News, Rapid7 / SecurityTicks

Notepad++ supply chain attack: Researchers reveal details, IoCs, targets 2026-02-03 at 15:34 By Zeljka Zorz Rapid7 researchers have attributed the recent hijacking of the Notepad++ update mechanism to Lotus Blossom (aka Billbug), a Chinese state-sponsored group known for targeting organizations in Southeast Asia for espionage purposes. On Wednesday, Kaspersky researchers shared the insights they’ve gleaned

Notepad++ supply chain attack: Researchers reveal details, IoCs, targets Read More »

How state-sponsored attackers hijacked Notepad++ updates

Asia, Don't miss, financial industry, government-backed attacks, Hot stuff, News, supply chain compromise, telecommunications / SecurityTicks

How state-sponsored attackers hijacked Notepad++ updates 2026-02-02 at 15:38 By Zeljka Zorz Suspected Chinese state-sponsored attackers hijacked the Notepad++ update mechanism by compromising the software project’s shared hosting server and intercepting and redirecting update traffic destined for notepad-plus-plus.org, the software’s maintainer Don Ho confirmed on Monday. The attack timeline In early December 2025, security researcher

How state-sponsored attackers hijacked Notepad++ updates Read More »

Unpatched Windows vulnerability continues to be exploited by APTs (CVE-2025-9491)

Arctic Wolf Networks, China, cyber espionage, Don't miss, government-backed attacks, Hot stuff, News, Trend Micro, vulnerability, Windows / SecurityTicks

Unpatched Windows vulnerability continues to be exploited by APTs (CVE-2025-9491) 2025-10-31 at 17:09 By Zeljka Zorz A Windows vulnerability (CVE-2025-9491, aka ZDI-CAN-25373) that state-sponsored threat actors and cybercrime groups have been quietly leveraging since at least 2017 continues to be exploited for attacks. “Arctic Wolf Labs assesses with high confidence that [the campaign they detected]

Unpatched Windows vulnerability continues to be exploited by APTs (CVE-2025-9491) Read More »

Sanctions won’t stop cyberattacks, but they can still “bite”

China, Don't miss, EU, government-backed attacks, Hot stuff, News, North Korea, RUSI, Russian Federation, Sanctions, tips, UK, USA / SecurityTicks

Sanctions won’t stop cyberattacks, but they can still “bite” 2025-10-29 at 16:58 By Zeljka Zorz Sanctions are one of the tools Western governments use when they want to hit back at state-sponsored cyber threat actors. But do they actually work? That’s the question a group of current and former cybersecurity officials, analysts, and researchers tackled

Sanctions won’t stop cyberattacks, but they can still “bite” Read More »

China-linked Salt Typhoon hackers attempt to infiltrate European telco

APT, Darktrace, Don't miss, Europe, government-backed attacks, Hot stuff, News, telecommunications / SecurityTicks

China-linked Salt Typhoon hackers attempt to infiltrate European telco 2025-10-20 at 18:42 By Zeljka Zorz Salt Typhoon, the China-linked APT group that has a penchant for targeting telecommunications companies, has been spotted trying to sneak into yet another one. The intrusion “Darktrace observed activity in a European telecommunications organisation consistent with Salt Typhoon’s known tactics,

China-linked Salt Typhoon hackers attempt to infiltrate European telco Read More »

Too many Cisco ASA firewalls still unsecure despite zero-day attack alerts

0-day, Cisco, Don't miss, firewall, Government, government-backed attacks, GreyNoise, Hot stuff, News, Shadowserver / SecurityTicks

Too many Cisco ASA firewalls still unsecure despite zero-day attack alerts 2025-10-01 at 13:36 By Zeljka Zorz Despite Cisco and various cybersecurity agencies warning about attackers actively exploting zero-day vulnerabilities (CVE-2025-20333 and CVE-2025-20362) in Cisco Adaptive Security Appliances (ASA) for months, there are still around 48,000 vulnerable appliances out there. The number is provided by

Too many Cisco ASA firewalls still unsecure despite zero-day attack alerts Read More »

Cisco ASA zero-day vulnerabilities exploited in sophisticated attacks

0-day, backdoor, CISA, Cisco, Don't miss, firewall, Government, government-backed attacks, Hot stuff, malware analysis, NCSC, News / SecurityTicks

Cisco ASA zero-day vulnerabilities exploited in sophisticated attacks 2025-09-26 at 14:19 By Zeljka Zorz A widespread campaign aimed at breaching organizations via zero-day vulnerabilities in Cisco Adaptive Security Appliances (ASA) has been revealed by the US, UK, Canadian and Australian cybersecurity agencies. The suspected state-sponsored threat actor behind it is believed to be the one

Cisco ASA zero-day vulnerabilities exploited in sophisticated attacks Read More »

Libraesva ESG zero-day vulnerability exploited by attackers (CVE-2025-59689)

0-day, Don't miss, email security, government-backed attacks, Hot stuff, Libraesva, News, security update / SecurityTicks

Libraesva ESG zero-day vulnerability exploited by attackers (CVE-2025-59689) 2025-09-24 at 15:17 By Zeljka Zorz Suspected state-sponsored attackers have exploited a zero-day vulnerability (CVE-2025-59689) in the Libraesva Email Security Gateway (ESG), the Italian email security company has confirmed. About CVE-2025-59689 CVE-2025-59689 is a command injection vulnerability caused by improper sanitization when removing active code from files

Libraesva ESG zero-day vulnerability exploited by attackers (CVE-2025-59689) Read More »

iOS zero-click attacks used to deliver Graphite spyware (CVE-2025-43200)

Amnesty International, Citizen Lab, Don't miss, Europe, exploit, government-backed attacks, Hot stuff, iOS, News, Privacy, Recorded Future, spyware, vulnerability / SecurityTicks

iOS zero-click attacks used to deliver Graphite spyware (CVE-2025-43200) 2025-06-13 at 15:22 By Zeljka Zorz A zero-click attack leveraging a freshly disclosed Messages vulnerability (CVE-2025-43200) has infected the iPhones of two European journalists with Paragon’s Graphite mercenary spyware, Citizen Lab researchers have revealed on Thursday. The attacks happened in January and early February 2025. “We

iOS zero-click attacks used to deliver Graphite spyware (CVE-2025-43200) Read More »

Attackers breached ConnectWise, compromised customer ScreenConnect instances

ConnectWise, cyber espionage, Don't miss, government-backed attacks, Hot stuff, MSP, News, remote access, tech support / SecurityTicks

Attackers breached ConnectWise, compromised customer ScreenConnect instances 2025-06-02 at 20:19 By Zeljka Zorz A suspected “sophisticated nation state actor” has compromised ScreenConnect cloud instances of a “very small number” of ConnectWise customers, the company has revealed on Wednesday. “We have not observed any additional suspicious activity in ScreenConnect cloud instances since the patch was released

Attackers breached ConnectWise, compromised customer ScreenConnect instances Read More »

Microsoft, Dutch security agencies lift veil on Laundry Bear cyber espionage group

account hijacking, cyber espionage, Don't miss, EU, Government, government-backed attacks, Hot stuff, Microsoft, NATO, News, phishing / SecurityTicks

Microsoft, Dutch security agencies lift veil on Laundry Bear cyber espionage group 2025-05-27 at 17:02 By Zeljka Zorz The Dutch intelligence and security services have identified a new Russia-affiliated threat group that has been breaching government organizations and commercial entities in Europe and North America, and they dubbed it Laundry Bear. “Compared to some other

Microsoft, Dutch security agencies lift veil on Laundry Bear cyber espionage group Read More »

Chinese cyber spies are using Ivanti EPMM flaws to breach EU, US organizations

aerospace, cyber espionage, Don't miss, EclecticIQ, EU, financial industry, Government, government-backed attacks, healthcare, Hot stuff, Ivanti, manufacturing sector, News, telecommunications, USA, Wiz / SecurityTicks

Chinese cyber spies are using Ivanti EPMM flaws to breach EU, US organizations 2025-05-23 at 17:21 By Zeljka Zorz CVE-2025-4427 and CVE-2025-4428 – the two Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities that have been exploited in the wild as zero-days and patched by Ivanti last week – are being leveraged by a Chinese cyber espionage

Chinese cyber spies are using Ivanti EPMM flaws to breach EU, US organizations Read More »

44% of the zero-days exploited in 2024 were in enterprise solutions

0-day, cyber espionage, Don't miss, enterprise, exploit, Google, government-backed attacks, Hot stuff, News, report, spyware, tips, trends / SecurityTicks

44% of the zero-days exploited in 2024 were in enterprise solutions 2025-04-29 at 21:18 By Zeljka Zorz In 2024, threat actors exploited 75 zero-days – i.e., vulnerabilities previously unknown to vendors, thus without a readily available patch – in a wide variety of attacks. Of these, 33 vulnerabilities (44%) affected enterprise solutions, which is up

44% of the zero-days exploited in 2024 were in enterprise solutions Read More »

Attackers phish OAuth codes, take over Microsoft 365 accounts

account hijacking, APT, Don't miss, government-backed attacks, Hot stuff, Microsoft 365, News, OAuth, phishing, Volexity / SecurityTicks

Attackers phish OAuth codes, take over Microsoft 365 accounts 2025-04-23 at 13:36 By Zeljka Zorz Suspected Russian threat actors are using OAuth-based phishing attacks to get targets to grant them access to their Microsoft 365 (M365) accounts. “The primary tactics observed involve the attacker requesting victim’s supply Microsoft Authorization codes, which grant the attacker with

Attackers phish OAuth codes, take over Microsoft 365 accounts Read More »