Oil shipments, drone makers, and a poisoned code library targeted in recent APT campaigns 2026-05-28 at 12:42 By Sinisa Markovic Geopolitical pressure drove much of the state-sponsored cyber activity recorded between October 2025 and March 2026, according to ESET’s latest APT Activity Report. Espionage groups aligned with China, North Korea, Russia, and Iran adjusted their […]
Authorities seize 800 servers used for cyberattacks and disinformation 2026-05-25 at 16:59 By Sinisa Markovic Dutch authorities arrested two men and seized 800 servers linked to a hosting provider that investigators say supported Russian activities aimed at undermining democracy and security through cyberattacks, disinformation, and disruption of public and economic systems. Servers seized by Dutch
Authorities seize 800 servers used for cyberattacks and disinformation Read More »
Google researchers uncover criminal zero-day exploit likely built with AI 2026-05-11 at 16:48 By Mirko Zorz Google’s threat intelligence researchers have linked a zero-day exploit to AI-assisted development by a criminal group. The exploit targeted a popular open-source web-based system administration tool. It allowed attackers to bypass two-factor authentication once they had valid user credentials.
Google researchers uncover criminal zero-day exploit likely built with AI Read More »
Russian hackers hijack internet traffic using vulnerable routers 2026-04-07 at 19:18 By Sinisa Markovic The Russian state cyber group APT28 has been compromising routers to hijack web traffic and spy on victims, the UK’s The National Cyber Security Centre (NCSC) has warned. Attackers are exploiting vulnerable routers to alter DHCP and DNS settings, redirecting traffic
Russian hackers hijack internet traffic using vulnerable routers Read More »
Russian hackers go after high-value targets through Signal 2026-03-23 at 11:20 By Sinisa Markovic Russian intelligence-linked hackers are targeting commercial messaging platforms, with Signal a primary focus, the FBI and CISA warn. The campaign is aimed at individuals of intelligence interest, including government personnel, journalists, and others with access to sensitive communications. It is believed
Russian hackers go after high-value targets through Signal Read More »
This spy tool has been quietly stealing data for years 2026-03-10 at 13:00 By Help Net Security ESET researchers have traced the resurgence of Sednit through a modern toolkit built around two complementary implants, BeardShell and Covenant, each relying on a separate cloud provider to ensure operational resilience. This dual-implant architecture has enabled sustained surveillance
This spy tool has been quietly stealing data for years Read More »
Russian hackers crack into officials’ Signal and WhatsApp accounts 2026-03-09 at 17:02 By Sinisa Markovic Russian state hackers are trying to break into Signal and WhatsApp accounts used by diplomats, military staff, and government officials worldwide, Dutch intelligence agencies warned. They believe journalists and other people who attract attention from Moscow may also be affected.
Russian hackers crack into officials’ Signal and WhatsApp accounts Read More »
Ex-L3Harris executive sentenced to 87 months for selling stolen cyber-exploit trade secrets 2026-02-25 at 12:15 By Sinisa Markovic Peter Williams, a former executive of Trenchant, L3Harris’ cyber division, has been sentenced to 87 months in prison by a federal judge in Washington, D.C., after pleading guilty to stealing and selling sensitive cyber-exploit trade secrets to
Poland’s energy control systems were breached through exposed VPN access 2026-02-06 at 16:27 By Sinisa Markovic On 29 December 2025, coordinated cyberattacks unfolded across Poland’s critical infrastructure, targeting energy and industrial organizations. The attackers struck numerous wind and solar farms, a private manufacturing company, and a heat and power (CHP) plant, but failed to negatively
Poland’s energy control systems were breached through exposed VPN access Read More »
Poland repels data-wiping malware attack on energy systems 2026-01-26 at 14:37 By Zeljka Zorz Suspected Russian cyber attackers tried to take down parts of Poland’s energy infrastructure with new data-wiping malware – and failed. According to information shared by the Polish government earlier this month, the attacks happened on 29 and 30 December 2025, and
Poland repels data-wiping malware attack on energy systems Read More »
Pro-Russian hacktivist campaigns continue against UK organizations 2026-01-21 at 12:00 By Sinisa Markovic The UK’s National Cyber Security Centre reports ongoing cyber operations by Russian-aligned hacktivist groups targeting organizations in the UK and abroad. NoName057(16) remains active In December 2025, the NCSC co signed an advisory warning that pro-Russian hacktivist groups were conducting cyber operations
Pro-Russian hacktivist campaigns continue against UK organizations Read More »
Offensive cyber power is spreading fast and changing global security 2025-12-01 at 08:36 By Sinisa Markovic Offensive cyber activity has moved far beyond a handful of major powers. More governments now rely on digital operations to project influence during geopolitical tension, which raises new risks for organizations caught in the middle. A new policy brief
Offensive cyber power is spreading fast and changing global security Read More »
Russia-linked hackers intensify attacks as global APT activity shifts 2025-11-06 at 14:50 By Anamarija Pogorelec State-aligned hacking groups have spent the past six months ramping up espionage, sabotage, and cybercrime campaigns across multiple regions, according to ESET’s APT Activity Report covering April through September 2025. The research highlights how operations linked to Russia, China, Iran,
Russia-linked hackers intensify attacks as global APT activity shifts Read More »
Cyber-espionage campaign mirroring Sandworm TTPs hit Russian and Belarusian military 2025-11-03 at 15:57 By Zeljka Zorz A spear-phishing campaign aimed to compromise Russian and Belarusian military personnel by using military-themed documents as a lure has been flagged by Cyble and Seqrite security researchers. The goal of the campaign is to get targets to download and
Cyber-espionage campaign mirroring Sandworm TTPs hit Russian and Belarusian military Read More »
Sanctions won’t stop cyberattacks, but they can still “bite” 2025-10-29 at 16:58 By Zeljka Zorz Sanctions are one of the tools Western governments use when they want to hit back at state-sponsored cyber threat actors. But do they actually work? That’s the question a group of current and former cybersecurity officials, analysts, and researchers tackled
Sanctions won’t stop cyberattacks, but they can still “bite” Read More »
Researchers believe Gamaredon and Turla threat groups are collaborating 2025-09-19 at 08:31 By Help Net Security ESET Research has discovered evidence of collaboration between the Gamaredon and Turla threat groups. Both groups are linked to Russia’s primary intelligence agency, the FSB, and were found working in tandem to target high-profile organizations in Ukraine. In these
Researchers believe Gamaredon and Turla threat groups are collaborating Read More »
Russian threat actors using old Cisco bug to target critical infrastructure orgs 2025-08-21 at 18:07 By Zeljka Zorz A threat group linked to the Russian Federal Security Service’s (FSB) Center 16 unit has been compromising unpatched and end-of-life Cisco networking devices via an old vulnerability (CVE-2018-0171), the FBI and Cisco warned on Wednesday. “Primary targets
Russian threat actors using old Cisco bug to target critical infrastructure orgs Read More »
WinRAR zero-day was exploited by two threat actors (CVE-2025-8088) 2025-08-12 at 16:11 By Zeljka Zorz The RomCom attackers aren’t the only ones that have been leveraging the newly unveiled WinRAR vulnerability (CVE-2025-8088) in zero-day attacks: according to Russian cybersecurity company BI.ZONE, a group tracked as Paper Werewolf has been using it to target Russian organizations.
WinRAR zero-day was exploited by two threat actors (CVE-2025-8088) Read More »
Mastermind behind Russian-speaking cybercrime hub arrested in Ukraine 2025-07-23 at 17:34 By Sinisa Markovic The suspected administrator of xss.is, one of the world’s most influential Russian-speaking cybercrime forums, was arrested in Kyiv, Ukraine, on 22 July. The takedown followed a long-running investigation led by the French Police and Paris Prosecutor, in close cooperation with Ukrainian
Mastermind behind Russian-speaking cybercrime hub arrested in Ukraine Read More »
Ports are getting smarter and more hackable 2025-07-23 at 08:31 By Sinisa Markovic A new policy brief from NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE) warns that critical port infrastructure, responsible for 80 percent of global trade, is increasingly under attack by threat actors tied to Russia, Iran, and China. These ports are essential
Ports are getting smarter and more hackable Read More »