More results...
Russia-linked APT28 reportedly exploited MSHTML zero-day CVE-2026-21513 before Microsoft patched it, a high-severity bypass flaw. Akamai reports that Russia-linked APT28 may have exploited CVE-2026-21513 CVSS score of 8.8), a high-severity MSHTML vulnerability (CVSS 8.8), before Microsoft patched it in February 2026. The vulnerability is an Internet Explorer security control bypass that can lead to code […]
North Korea-linked APT 37 used Zoho WorkDrive and USB malware to breach air-gapped networks in the Ruby Jumper campaign. North Korean group ScarCruft (aka APT37, Reaper, and Group123) deployed new tools in a campaign dubbed Ruby Jumper, using a backdoor that leverages Zoho WorkDrive for C2 and a USB-based implant to breach air-gapped systems. Zscaler ThreatLabz […]
UAT-10027 campaign is targeting U.S. education and healthcare sectors to deploy a new Dohdoor backdoor. Cisco Talos has identified a new threat cluster, tracked as UAT-10027, targeting U.S. education and healthcare organizations since at least December 2025 to deploy a previously unseen backdoor named Dohdoor. Initial access likely occurs through phishing, triggering a PowerShell script […]
Google and partners disrupted UNC2814, a suspected China-linked group that hacked 53 organizations across 42 countries. Google, with industry partners, disrupted the infrastructure of UNC2814, a suspected China-linked cyber espionage group that breached at least 53 organizations in 42 countries. The group has been active since at least 2017, and was spotted targeting governments and […]
North Korea’s Lazarus Group used Medusa ransomware in an attack on an unnamed Middle East organization, researchers report. The North Korea-linked Lazarus APT Group, also known as Diamond Sleet and Pompilus, has been spotted deploying Medusa ransomware against an unnamed organization in the Middle East, according a new report from the Symantec and Carbon Black […]
Russia-linked APT28 targeted European entities with a webhook-based macro malware campaign called Operation MacroMaze. Russia-linked APT28 (aka UAC-0001, aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) launched Operation MacroMaze, targeting select entities in Western and Central Europe from September 2025 to January 2026. The campaign used webhook-based macro malware, leveraging simple tools and legitimate services for infrastructure and data […]
Notepad++ patched a vulnerability that attackers used to hijack its update system and deliver malware to targeted users. Notepad++ fixed a vulnerability that allowed a China-linked APT group to hijack its update mechanism and selectively push malware to chosen targets. In early February, the Notepad++ maintainer revealed that nation-state hackers compromised the hosting provider’s infrastructure, […]
A suspected Chinese state-linked group exploited a critical Dell RecoverPoint flaw (CVE-2026-22769) in zero-day attacks starting mid-2024. Mandiant and Google’s Threat Intelligence Group (GTIG) reported that a suspected China-linked APT group quietly exploited a critical zero-day flaw in Dell RecoverPoint for Virtual Machines starting in mid-2024. “Mandiant and Google Threat Intelligence Group (GTIG) have identified […]
Researchers found malicious npm and PyPI packages tied to a fake recruitment campaign linked to North Korea’s Lazarus Group. ReversingLabs researcher uncovered new malicious packages on npm and PyPI connected to a fake job recruitment campaign attributed to the North Korea-linked Lazarus Group. The campaign uses deceptive hiring themes to trick developers into downloading infected […]
A new alleged Russia-linked APT group targeted Ukrainian defense, government, and energy groups, with CANFAIL malware. Google Threat Intelligence Group identified a previously undocumented threat actor behind attacks on Ukrainian organizations using CANFAIL malware. The group is possibly linked to Russian intelligence services and has targeted defense, military, government, and energy entities at both regional […]