APT28 Archives • Daily CyberSecurity

PixyNetLoader Malware Analysis: How APT28 Hides Payloads Inside PNG Files

PixyNetLoader malware analysis APT28 steganography attack

PixyNetLoader Malware Analysis: How APT28 Hides Payloads Inside PNG Files

Do Son June 8, 2026

A detailed PixyNetLoader malware analysis published by threat intelligence firm Exatrack reveals how a sophisticated loader linked to APT28...

CISA Sounds the Alarm: State-Sponsored Hackers Weaponize New Windows and ScreenConnect Flaws State-Sponsored Exploitation CISA KEV Catalog F5 BIG-IP RCE CISA KEV Catalog SolarWinds WHD Exploit CVE-2025-40551 Zimbra XSS Zero-Day CVE-2025-27915 Exploited Windows Security Vulnerabilities

State-Sponsored Exploitation CISA KEV Catalog F5 BIG-IP RCE CISA KEV Catalog SolarWinds WHD Exploit CVE-2025-40551 Zimbra XSS Zero-Day CVE-2025-27915 Exploited Windows Security Vulnerabilities

CISA Sounds the Alarm: State-Sponsored Hackers Weaponize New Windows and ScreenConnect Flaws

Do Son April 29, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalog, adding two...

The Zero-Click Vulnerability: Akamai Uncovers Incomplete Patch for APT28 Exploit Zero-Click Exploitation LNK Authentication Coercion

The Zero-Click Vulnerability: Akamai Uncovers Incomplete Patch for APT28 Exploit

Do Son April 27, 2026

Researchers at Akamai have discovered that a previous fix for a high-profile exploit used by the Russian-linked...

GemStuffer RubyGems Campaign RubyGems Data Exfiltration TanStack npm Compromise Supply Chain Attack DNS Hijacking APT28 (Fancy Bear) OpenVSX Supply Chain Attack Checkmarx Plugin Breach Stryker Cyberattack CISA Alert Trans-Regional Cyber Conflict Operation Epic Fury Cyber Operation MacroMaze APT28 Cyber Espionage Notepad++ Supply Chain Attack Lotus Blossom Group Defense Industrial Base Threats GTIG Report APT28 Operation Neusploit CVE-2026-21509 Bookworm Malware

APT28 Hijacks Home Routers to Steal Corporate Credentials

Do Son April 8, 2026

In a major technical disclosure, the UK National Cyber Security Centre (NCSC) has detailed a sophisticated campaign...

Steganography & Sabotage: Inside Pawn Storm’s PRISMEX Offensive Against NATO Logistics Zyxel security - Mitel MiCollab Vulnerability

Steganography & Sabotage: Inside Pawn Storm’s PRISMEX Offensive Against NATO Logistics

Do Son April 1, 2026

The notorious Russia-aligned threat actor known as Pawn Storm (also recognized as APT28, Fancy Bear, and Forest...

ClickFix: The High-ROI “Living-off-the-Land” Trap Sweeping Windows and macOS ClickFix Social Engineering Living-off-the-Land (LotL) Attacks

ClickFix: The High-ROI “Living-off-the-Land” Trap Sweeping Windows and macOS

Do Son March 30, 2026

A sophisticated social engineering technique known as ClickFix has transitioned from a niche tactic into a standardized,...

Roundcube Webmail Hits Critical Update: New Security Fixes Target Hidden Vulnerabilities Roundcube Webmail security updates Roundcube Webmail Security Roundcube 1.6.14 Update

Roundcube Webmail security updates Roundcube Webmail Security Roundcube 1.6.14 Update

Roundcube Webmail Hits Critical Update: New Security Fixes Target Hidden Vulnerabilities

Do Son March 23, 2026

Roundcube Webmail has released a high-priority security update, version 1.6.14, aimed at patching several significant vulnerabilities that...

The Invisible Breach: ‘Operation GhostMail’ Uses Zero-Click XSS to Hijack Ukrainian Webmail Operation GhostMail Zero-Click XSS

The Invisible Breach: ‘Operation GhostMail’ Uses Zero-Click XSS to Hijack Ukrainian Webmail

Do Son March 20, 2026

A sophisticated cyberespionage campaign, dubbed Operation GhostMail, has been detected targeting critical government infrastructure in Ukraine. Security...

Inside the Arsenal: Exposed Server Reveals APT28’s ‘Roundish’ Toolkit and Advanced Cyber Espionage Tactics APT28 Toolkit Roundish Malware

Inside the Arsenal: Exposed Server Reveals APT28’s ‘Roundish’ Toolkit and Advanced Cyber Espionage Tactics

Do Son March 16, 2026

Cybersecurity investigators at Hunt Intelligence discovers an exposed open directory that unmasks the inner workings of one...

BadPaw and MeowMeow: Russian Cyber Offensive Targets Ukraine with Novel Malware Duo BadPaw Malware MeowMeow Backdoor

BadPaw and MeowMeow: Russian Cyber Offensive Targets Ukraine with Novel Malware Duo

Do Son March 5, 2026

Cybersecurity investigators at ClearSky Team have uncovered a targeted Russian cyber campaign against Ukraine utilizing two novel...

Hiding in Plain Sight: APT28’s “Operation MacroMaze” Hits European Govs

Do Son February 17, 2026

A new cyberespionage campaign attributed to the notorious Russian state-sponsored group APT28 (also known as Fancy Bear...

APT28 Weaponizes Office Flaw to Spy on NATO & Military NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

APT28 Weaponizes Office Flaw to Spy on NATO & Military

Do Son February 9, 2026

The notorious Russian state-sponsored group APT28 (also known as Fancy Bear) has launched a sophisticated new espionage...

Fancy Bear Returns: APT28 Exploits Office Flaw in “Operation Neusploit”

Do Son February 3, 2026

The notorious Russia-linked threat group APT28 (also known as Fancy Bear) has resurfaced with a sophisticated new...

The GRU’s Silent Shift: How BlueDelta Hijacks Ukrainian Webmail Using ngrok and Mocky BlueDelta Espionage, UKR.NET Phishing

The GRU’s Silent Shift: How BlueDelta Hijacks Ukrainian Webmail Using ngrok and Mocky

Do Son December 22, 2025

A persistent cyber-espionage campaign targeting Ukrainian webmail users has evolved its tactics to evade detection, leveraging a...

Next-Gen Threat: Google Exposes AI-Enabled Malware That Rewrites Its Own Code with Gemini LLM BlueNoroff macOS Attack GhostCall Campaign Carding Underground Bulletproof Hosting DPRK Contagious Interview, npm Flood Stonefly group -HiatusRAT Actors

BlueNoroff macOS Attack GhostCall Campaign Carding Underground Bulletproof Hosting DPRK Contagious Interview, npm Flood Stonefly group -HiatusRAT Actors

Next-Gen Threat: Google Exposes AI-Enabled Malware That Rewrites Its Own Code with Gemini LLM

Do Son November 6, 2025

The Google Threat Intelligence Group (GTIG) has released a report revealing that threat actors have moved beyond...

APT28’s BeardShell Campaign: Steganography, Cloud Abuse, and Persistent Espionage Labkotec LID-3300IP CVE-2026-1775 ASUSTOR ADM Vulnerability CVE-2026-3179 Russian Cyberattacks - Security Operations Center

Labkotec LID-3300IP CVE-2026-1775 ASUSTOR ADM Vulnerability CVE-2026-3179 Russian Cyberattacks - Security Operations Center

APT28’s BeardShell Campaign: Steganography, Cloud Abuse, and Persistent Espionage

Do Son September 17, 2025

The Russian-linked threat actor APT28, also known as Sofacy, Fancy Bear, Forest Blizzard, and TAG-110, has unveiled...

GONEPOSTAL: New Outlook Backdoor by Russia’s APT28 Uses Email for C2 APT28, GONEPOSTAL

GONEPOSTAL: New Outlook Backdoor by Russia’s APT28 Uses Email for C2

Do Son September 10, 2025

Kroll has identified a new espionage campaign attributed to Russia’s APT28 (Fancy Bear), involving a custom Outlook...

NotDoor: A New Backdoor by Russia’s APT28 Is Hiding in Microsoft Outlook Macros APT28, NotDoor

NotDoor: A New Backdoor by Russia’s APT28 Is Hiding in Microsoft Outlook Macros

Do Son September 5, 2025

The intelligence team at LAB52 (S2 Grupo) has uncovered a sophisticated new backdoor campaign attributed to APT28,...

Russian-Aligned TAG-110 Targets Tajikistan Governments with Stealthy Cyber-Espionage TAG-110 cyber-espionage, Tajikistan phishing

Russian-Aligned TAG-110 Targets Tajikistan Governments with Stealthy Cyber-Espionage

Do Son May 26, 2025

Recorded Future’s Insikt Group has uncovered a new cyber-espionage campaign by Russia-aligned threat actor TAG-110 targeting public...

Russian GRU’s APT28 Targets Global Logistics Supporting Ukraine Defense APT28 cyber-espionage, GRU cyberattack

Russian GRU’s APT28 Targets Global Logistics Supporting Ukraine Defense

Do Son May 21, 2025

A new Joint Cybersecurity Advisory issued in May 2025 by a coalition of cybersecurity and intelligence agencies...

Critical Alert 1 Active Exploit Detected Today