Critical Alert 1 Active Exploit Detected Today

CVE-2026-28318 — SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability →

Powered by CVE Watchtower

×

Cyber Security

North Korea’s WaterPlum APT Deploys Node.js OtterCandy RAT for Crypto Theft with Anti-Forensic Module North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korea’s WaterPlum APT Deploys Node.js OtterCandy RAT for Crypto Theft with Anti-Forensic Module

Do Son October 20, 2025

A new report from NTT Security Japan has spotlighted an evolved malware family known as OtterCandy, attributed...

North Korea’s UNC5342 APT Uses EtherHiding to Store Malware in Blockchain Smart Contracts for Stealthy C2 North Korea EtherHiding, Blockchain C2

North Korea EtherHiding, Blockchain C2

North Korea’s UNC5342 APT Uses EtherHiding to Store Malware in Blockchain Smart Contracts for Stealthy C2

Do Son October 20, 2025

Google Threat Intelligence Group (GTIG) has uncovered a new campaign by the North Korean threat actor UNC5342,...

North Korea’s Famous Chollima APT Uses Trojanized Node.js App to Deploy OtterCookie RAT for Crypto Theft jobs

jobs

North Korea’s Famous Chollima APT Uses Trojanized Node.js App to Deploy OtterCookie RAT for Crypto Theft

Do Son October 17, 2025

A new report from Cisco Talos has exposed a malware campaign linked to Famous Chollima, a North...

F5 Networks Breached by Nation-State Actor, BIG-IP Source Code and Undisclosed Vulnerabilities Stolen F5 Nation-State Breach, BIG-IP Source Code Leak

F5 Nation-State Breach, BIG-IP Source Code Leak

F5 Networks Breached by Nation-State Actor, BIG-IP Source Code and Undisclosed Vulnerabilities Stolen

Do Son October 16, 2025

F5 Networks has disclosed that a “highly sophisticated nation-state threat actor” infiltrated its internal systems, exfiltrating files...

China’s Jewelbug APT Breaches Russian IT Provider for 5 Months, Using Yandex Cloud and Graph API C2 Jewelbug Russian Intrusion, Graph API C2

Jewelbug Russian Intrusion, Graph API C2

China’s Jewelbug APT Breaches Russian IT Provider for 5 Months, Using Yandex Cloud and Graph API C2

Do Son October 16, 2025

A new investigation by The Symantec Threat Hunter Team has revealed that the Chinese APT group “Jewelbug”...

Mysterious Elephant APT Campaign Targets South Asian Diplomacy, Steals WhatsApp Data with New MemLoader Backdoor Mysterious Elephant APT, WhatsApp Data Theft

Mysterious Elephant APT, WhatsApp Data Theft

Mysterious Elephant APT Campaign Targets South Asian Diplomacy, Steals WhatsApp Data with New MemLoader Backdoor

Do Son October 16, 2025

Researchers at Kaspersky’s Global Research and Analysis Team (GReAT) have published a detailed report on a newly...

China-Backed Flax Typhoon APT Maintained Year-Long Access by Turning ArcGIS SOE into Web Shell Backdoor Flax Typhoon ArcGIS Backdoor, SOE Web Shell

Flax Typhoon ArcGIS Backdoor, SOE Web Shell

China-Backed Flax Typhoon APT Maintained Year-Long Access by Turning ArcGIS SOE into Web Shell Backdoor

Do Son October 16, 2025

A newly released report from ReliaQuest reveals how the China-backed advanced persistent threat (APT) group “Flax Typhoon”...

Pro-Russian Hacktivist Group TwoNet Exposed for Fabricating Critical Infrastructure Attacks to Boost Reputation IARPA Research Security Data Abyss Report Telecom threat, Secret Service cybersecurity news - Cyber Espionage Campaign

IARPA Research Security Data Abyss Report Telecom threat, Secret Service cybersecurity news - Cyber Espionage Campaign

Pro-Russian Hacktivist Group TwoNet Exposed for Fabricating Critical Infrastructure Attacks to Boost Reputation

Do Son October 13, 2025

Forescout Research has uncovered a disturbing new tactic among pro-Russian hacktivists — fabricating real-world critical infrastructure attacks...

North Korean APT “Contagious Interview” Floods npm Registry with 338 Malicious Packages to Steal Crypto North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean APT “Contagious Interview” Floods npm Registry with 338 Malicious Packages to Steal Crypto

Do Son October 11, 2025

The Socket Threat Research Team has sounded the alarm on an escalating wave of malicious npm activity...

APT Meets GPT: China-Aligned UTA0388 Used ChatGPT for Automated, Multilingual Spear-Phishing Harvester APT Linux Backdoor OT Cyberattack Iranian APT Operation Olalampo MuddyWater APT Prince of Persia APT, Tonnerre v50 Patchwork APT, DLL Sideloading Subtle Snail, cyber espionage ShadowSilk, cyber espionage Volt Typhoon APT Group - Chinese Cybersecurity Firm

Harvester APT Linux Backdoor OT Cyberattack Iranian APT Operation Olalampo MuddyWater APT Prince of Persia APT, Tonnerre v50 Patchwork APT, DLL Sideloading Subtle Snail, cyber espionage ShadowSilk, cyber espionage Volt Typhoon APT Group - Chinese Cybersecurity Firm

APT Meets GPT: China-Aligned UTA0388 Used ChatGPT for Automated, Multilingual Spear-Phishing

Do Son October 9, 2025

Volexity has uncovered a sophisticated cyber-espionage operation in which a China-aligned threat actor, tracked as UTA0388, weaponized...

Chinese APT Launches Spearphishing Campaign, Using Fake Cloudflare Lure to Deliver PlugX Malware TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

Chinese APT Launches Spearphishing Campaign, Using Fake Cloudflare Lure to Deliver PlugX Malware

Do Son October 7, 2025

A new report from StrikeReady Labs has revealed a sophisticated spear-phishing campaign targeting European governmental and aviation...

SideWinder APT Launches Operation SouthNet, Weaponizing Netlify and Pages.dev for Espionage NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

SideWinder APT Launches Operation SouthNet, Weaponizing Netlify and Pages.dev for Espionage

Do Son October 7, 2025

A new report from Hunt Intelligence reveals that APT SideWinder — one of South Asia’s most active...

Confucius APT Evolves: Espionage Group Shifts from WooperStealer to Advanced Python Backdoor AnonDoor Salt Typhoon Teleco Hack, Cisco Academy Link CVE-2025-0282 PoC exploit

Salt Typhoon Teleco Hack, Cisco Academy Link CVE-2025-0282 PoC exploit

Confucius APT Evolves: Espionage Group Shifts from WooperStealer to Advanced Python Backdoor AnonDoor

Do Son October 3, 2025

The Confucius group, a long-running cyber-espionage actor first identified in 2013, has resurfaced with a new wave...

Phantom Taurus: New Chinese APT Emerges with Fileless NET-STAR Backdoor Targeting Global Governments and Telecoms

Chinese APT

Phantom Taurus: New Chinese APT Emerges with Fileless NET-STAR Backdoor Targeting Global Governments and Telecoms

Do Son October 1, 2025

Researchers from Unit 42 have uncovered a previously undocumented Chinese state-aligned threat actor, dubbed Phantom Taurus, whose...

Patchwork APT Resurfaces: Stealthy Espionage Campaign Exploits DLL Sideloading and Layered Obfuscation Harvester APT Linux Backdoor OT Cyberattack Iranian APT Operation Olalampo MuddyWater APT Prince of Persia APT, Tonnerre v50 Patchwork APT, DLL Sideloading Subtle Snail, cyber espionage ShadowSilk, cyber espionage Volt Typhoon APT Group - Chinese Cybersecurity Firm

Harvester APT Linux Backdoor OT Cyberattack Iranian APT Operation Olalampo MuddyWater APT Prince of Persia APT, Tonnerre v50 Patchwork APT, DLL Sideloading Subtle Snail, cyber espionage ShadowSilk, cyber espionage Volt Typhoon APT Group - Chinese Cybersecurity Firm

Patchwork APT Resurfaces: Stealthy Espionage Campaign Exploits DLL Sideloading and Layered Obfuscation

Do Son October 1, 2025

The Patchwork APT group—also known as Dropping Elephant, Monsoon, and Hangover Group—has resurfaced with a new campaign...

Ongoing APT35 Phishing Campaign Uncovered: Iranian Group Impersonates Video Conferencing Services Chinese espionage groups APT35 Phishing, Stormshield CTI

Chinese espionage groups APT35 Phishing, Stormshield CTI

Ongoing APT35 Phishing Campaign Uncovered: Iranian Group Impersonates Video Conferencing Services

Do Son September 30, 2025

The Stormshield Cyber Threat Intelligence (CTI) team has uncovered new phishing infrastructure tied to APT35, also known...

RedNovember: Chinese APT Expands Global Espionage to U.S. Defense, Aerospace, and Tech Firms axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

RedNovember: Chinese APT Expands Global Espionage to U.S. Defense, Aerospace, and Tech Firms

Do Son September 29, 2025

A new report from Recorded Future’s Insikt Group reveals that the Chinese state-sponsored threat group RedNovember has...

Russia-Linked COLDRIVER Group Expands Toolset, Using New Malware in ClickFix Espionage Campaign ThinkPHP Vulnerabilities

ThinkPHP Vulnerabilities

Russia-Linked COLDRIVER Group Expands Toolset, Using New Malware in ClickFix Espionage Campaign

Do Son September 29, 2025

Zscaler ThreatLabz has uncovered a new multi-stage ClickFix campaign attributed with moderate confidence to the Russia-linked advanced...

Salt Typhoon: China’s State-Sponsored Espionage Group Infiltrates Global Telecoms for Long-Term Cyber Warfare AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

Salt Typhoon: China’s State-Sponsored Espionage Group Infiltrates Global Telecoms for Long-Term Cyber Warfare

Do Son September 27, 2025

A new report from DomainTools exposes the operations of Salt Typhoon, a Chinese state-sponsored cyber threat group...

BRICKSTORM Malware: China-Linked Hackers Stealthily Target US Tech and Legal Firms for 393 Days Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

BRICKSTORM Malware: China-Linked Hackers Stealthily Target US Tech and Legal Firms for 393 Days

Do Son September 26, 2025

Google Threat Intelligence Group (GTIG) and Mandiant Consulting have released new findings on BRICKSTORM, a backdoor malware...