Apt

Unit 42 uncovers phishing campaign distributing trojanized Israeli civil defense app. Malicious APK harvests location data, contacts, and messages from Android devices amid regional tensions.

North Korean threat group Konni weaponizes KakaoTalk messaging app after compromising victims via spear-phishing. EndRAT, RftRAT deployed in multi-stage campaign.

Contagious Interview campaign weaponizes fake job interviews to deploy OtterCookie and FlexibleFerret malware. Targets crypto and AI developers for credentials.

China-linked UAT-9244 deploys TernDoor backdoor and peer-to-peer implants against telecom infrastructure across South America, North America, and Europe.

Iranian APT group breaches US critical infrastructure using novel Dindoor malware built on Deno runtime. Symantec links campaign to MOIS.

India-linked APT deploys BurrowShell backdoor and Rust-based RAT against Pakistan nuclear agencies, Bangladesh banks, and Sri Lankan government. 112 C2 domains identified.

Zscaler uncovers Dust Specter campaign targeting Iraqi government officials with novel SPLITDROP and GHOSTFORM malware. Evidence suggests AI-assisted development.

China-linked UNC2814 breached 53 organizations across 42 countries using GRIDTIDE malware that abuses Google Sheets for C2. Google terminates attacker infrastructure.

Updated CISA analysis reveals RESURGE implant uses advanced evasion techniques and can persist undetected on Ivanti Connect Secure devices until remote activation.

China-aligned threat group deploys LuciDoor and MarsSnake backdoors against telecom providers in Kyrgyzstan and Tajikistan, expanding from prior Saudi operations.

Iranian APT MuddyWater launches Operation Olalampo against MENA organizations, deploying four new malware families including GhostFetch and CHAR, a Rust backdoor controlled via Telegram.

Chinese threat group UNC6201 exploited a critical hardcoded credential flaw (CVE-2026-22769) in Dell RecoverPoint for 18 months before disclosure. Patch now.

Cisco Talos links previously unknown threat actor UAT-9921 to VoidLink malware campaigns targeting technology and financial services since September 2025.

Singapore confirms China-linked APT compromised M1, Singtel, StarHub, and SIMBA using zero-day exploits and rootkits. 11-month Operation Cyber Guardian response disclosed.

SafeBreach tracks Infy APT deploying Tornado v51 malware with blockchain-based C2 after Iran's internet blackout, confirming state sponsorship ties.

Asia-based APT TGR-STA-1030 compromised 70+ government and critical infrastructure targets across 37 countries using eBPF rootkits and Cobalt Strike.

Iranian APT group shifts tactics with RustyWater implant targeting diplomatic, financial, and telecom sectors across the Middle East via spear-phishing.

French researchers uncover SloppyMIO, an AI-assisted malware campaign using fabricated victim lists to target individuals documenting human rights abuses during Iranian protests.

Google Threat Intelligence Group disrupts one of the world's largest residential proxy networks, cutting off infrastructure used by nation-state actors from China, Russia, Iran, and North Korea.

Analysis reveals CyberAv3ngers and other 'hacktivist' groups targeting US infrastructure are actually IRGC-controlled operations masquerading as ideological actors.

Check Point uncovers Konni campaign using AI-generated PowerShell backdoors to target blockchain developers across Asia-Pacific. Marks shift from diplomatic espionage.

Cisco Talos exposes China-nexus APT targeting critical infrastructure with CVE-2025-53690 exploitation, credential harvesting, and potential supply chain compromise.

Void Blizzard deploys PLUGGYAPE backdoor through Signal and WhatsApp, impersonating charitable organizations to compromise Ukrainian defense forces.

North Korean APT embeds malicious QR codes in spear-phishing emails to bypass corporate email security and compromise mobile devices.

Chinese state hackers accessed email accounts of House staffers working on China, foreign affairs, and defense. The intrusion was discovered in December.

Newly disclosed threat actor compromises telecom providers in South Asia and Southeastern Europe, establishing relay infrastructure for other Chinese APT groups.

North Korean APT-Q-1 now combines fraudulent cryptocurrency job postings with ClickFix social engineering to deploy GolangGhost backdoor and BeaverTail stealer.

Microsoft and CrowdStrike warn of intensified Silk Typhoon operations targeting US government agencies and IT supply chains, with 150% increase in China-linked intrusions.

CloudSEK identifies Chinese threat group Silver Fox targeting Indian organizations with phishing emails disguised as income tax department communications.

CISA adds WinRAR path traversal vulnerability to KEV catalog as Gamaredon, Bitter, and GOFFEE deploy it for espionage and wiper attacks across multiple continents.

SafeBreach uncovers new Prince of Persia campaign using updated Foudre and Tonnerre malware, now leveraging Telegram for command and control.

Joint advisory from CISA, NSA, and Canadian Cyber Centre details new Rust-based variants of Chinese government malware targeting IT and government sectors.

ESET researchers discover sophisticated threat actor targeting Southeast Asian and Japanese governments using Windows Group Policy for lateral movement.

Critical CVE-2025-20393 in Cisco Secure Email Gateway actively exploited by UAT-9686 threat actors deploying AquaShell backdoor since November.

Sophisticated threat group escalates operations against European government entities using relay networks that route attacks through multiple victim organizations.