More results...
Threat actors are using an increasing variety of commercial and open-source products to carry out their attacks: according to researchers, Velociraptor and Nezha are the latest additions to their attack toolbox. Velociraptor misuse A suspected China-ba…
China-linked APT Phantom Taurus targets government and telecom orgs with Net-Star malware for espionage, using unique tactics over two years. China-nexus APT Phantom Taurus has targeted government and telecom organizations for espionage, using Net-Star malware and distinct TTPs. Phantom Taurus is a previously undocumented Chinese APT, it has targeted entities in Africa, the Middle East, […]
Focused on espionage, the threat actor shares infrastructure with Chinese APTs, but uses different TTPs in attacks.
The post Chinese APT ‘Phantom Taurus’ Targeting Organizations With Net-Star Malware appeared first on SecurityWeek.
UK NCSC warns that threat actors exploited Cisco firewall zero-days to deploy new malware strains RayInitiator and LINE VIPER. The U.K. NCSC reported that threat actors exploited recently disclosed Cisco firewall flaws (CVE-2025-20362, CVE-2025-20333) in zero-day attacks to deploy novel malware families, RayInitiator and LINE VIPER. These malware mark a major evolution from earlier campaigns, […]
China-linked actors used Brickstorm malware to spy on U.S. tech and legal firms, stealing data undetected for over a year, Google warns. Google Threat Intelligence Group (GTIG) observed the use of the Go-based backdoor BRICKSTORM to maintain persistence in U.S. organizations since March 2025. Targets include legal, Software as a Service (SaaS) providers, Business Process Outsourcers […]
State-sponsored hackers exploited a vulnerability, tracked as CVE-2025-59689, in Libraesva Email Gateway via malicious attachments. Nation-state actors exploited a command injection flaw, tracked as CVE-2025-59689, in Libraesva Email Security Gateway. Libraesva Email Security Gateway is an advanced secure email gateway (SEG) solution developed by the Italian cybersecurity company Libraesva. It’s designed to protect organizations against […]
ESET found evidence that Russia-linked groups Gamaredon and Turla collaborated in cyberattacks on Ukraine between February and April 2025. ESET reported Russia-linked groups Gamaredon and Turla collaborated in cyberattacks against entities in Ukraine. The Russia-linked APT group Gamaredon (a.k.a. Shuckworm, Armageddon, Primitive Bear, ACTINIUM, Callisto) is known for targeting government, law enforcement, and defense organizations in Ukraine since 2013. The Turla APT group (aka Snake, Uroburos, Waterbug, Venomous […]
China-linked group APT41 impersonated a U.S. lawmaker in phishing attacks on government, think tanks, and academics tied to US-China trade and policy. Proofpoint observed China-linked cyber espionage group APT41 impersonating a U.S. lawmaker in a phishing campaign targeting government, think tanks, and academics tied to U.S.-China trade and policy. APT41, known also as Amoeba, BARIUM, […]
China-linked APT group Mustang Panda has been spotted using a new USB worm called SnakeDisk along with a new version of known malware China-linked APT group Mustang Panda (aka Hive0154, Camaro Dragon, RedDelta or Bronze President) has been spotted using an updated version of the TONESHELL backdoor and a previously undocumented USB worm called SnakeDisk. Mustang Panda has been active since […]
North Korea’s Kimsuky hackers use AI-generated fake military IDs in a new phishing campaign, GSC warns, marking a…