Cloud Atlas activity in the first half of 2025: what changed
Kaspersky expert describes new malicious tools employed by the Cloud Atlas APT, including implants of their signature backdoors VBShower, VBCloud, PowerShower, and CloudAtlas.
apt
China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager
Cisco disclosed a critical zero-day (CVE-2025-20393) in Secure Email Gateway and Secure Email and Web Manager, actively exploited by a China-linked group. Cisco disclosed a critical zero-day, tracked as CVE-2025-20393, in Secure Email Gateway and Secure Email/Web Manager, which is actively exploited by a China-linked threat group. Cisco reported a December 10 campaign targeting certain […]
Iranian APT ‘Prince of Persia’ Resurfaces With New Tools and Targets
SafeBreach reports the resurgence of the Iranian APT group Prince of Persia (Infy). Discover how these state-sponsored hackers are now using Telegram bots and Thunder and Lightning malware to target victims globally across Europe, India, and Canada.
Group Policy abuse reveals China-aligned espionage group targeting governments
ESET Research has identified a previously undocumented China-aligned advanced persistent threat group that uses Windows Group Policy to deploy malware and move through victim networks. The group, tracked as LongNosedGoblin, has targeted government inst…
Cisco email security appliances rooted and backdoored via still unpatched zero-day
A suspected Chinese-nexus threat group has been compromising Cisco email security devices and planting backdoors and log-purging tools on them since at least late November 2025, Cisco Talos researchers have shared. “Our analysis indicates that ap…
Russian state hackers targeted Western critical infrastructure for years, Amazon says
Amazon disclosed a years-long Russian state-backed cyber campaign targeting Western critical infrastructure from 2021 to 2025. Amazon Threat Intelligence reports a long-running Russian state-backed campaign (2021–2025) targeting Western critical infrastructure. Threat actors shifted from exploiting vulnerabilities to abusing misconfigured network edge devices, enabling credential theft and lateral movement with lower risk. The researchers linked the […]
Operation ForumTroll continues: Russian political scientists targeted using plagiarism reports
Kaspersky’s GReAT experts have uncovered a new wave of cyberattacks by the ForumTroll APT group, targeting Russian political scientists and delivering the Tuoni framework to their devices.
Amazon: Russian Hackers Now Favor Misconfigurations in Critical Infrastructure Attacks
After years of exploiting zero-day and n-day vulnerabilities, Russian state-sponsored threat actors are shifting to misconfigured devices.
The post Amazon: Russian Hackers Now Favor Misconfigurations in Critical Infrastructure Attacks appeared first on…
Germany calls in Russian Ambassador over air traffic control hack claims
Germany summoned Russia’s ambassador over alleged cyberattacks on air traffic control and a disinformation campaign ahead of national elections. Germany summoned Russia’s ambassador after accusing Moscow of cyber attacks against its air traffic control authority and running a disinformation campaign ahead of February’s election. The German government announced it has clear evidence linking an August […]
New EtherRAT backdoor surfaces in React2Shell attacks tied to North Korea
NK-linked hackers are likely exploiting the React2Shell flaw to deploy a newly discovered remote access trojan, dubbed EtherRAT. North Korea–linked threat actors are likely exploiting the new critical React2Shell flaw (CVE-2025-55182) to deploy a previously unknown remote access trojan called EtherRAT, Sysdig researchers warn. The vulnerability CVE-2025-55182, is a pre-authentication remote code execution issue in React […]