Critical Alert

CVE-2026-50751 - Critical Check Point VPN Exploit Discovered Active in the Wild. View Threat Details →

Powered by CVE WATCHTOWER

×

cyber-espionage

Arcane Door Reopened: The Cisco Firepower Backdoor That Only a Hard Reboot Can Kill FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

Arcane Door Reopened: The Cisco Firepower Backdoor That Only a Hard Reboot Can Kill

Do Son April 24, 2026

Cisco Talos has released a critical update on the threat actor known as UAT-4356 (also associated with...

Harvester APT Goes Cross-Platform: New Linux Backdoor Abuses Microsoft Graph API Harvester APT Linux Backdoor OT Cyberattack Iranian APT Operation Olalampo MuddyWater APT Prince of Persia APT, Tonnerre v50 Patchwork APT, DLL Sideloading Subtle Snail, cyber espionage ShadowSilk, cyber espionage Volt Typhoon APT Group - Chinese Cybersecurity Firm

Harvester APT Linux Backdoor OT Cyberattack Iranian APT Operation Olalampo MuddyWater APT Prince of Persia APT, Tonnerre v50 Patchwork APT, DLL Sideloading Subtle Snail, cyber espionage ShadowSilk, cyber espionage Volt Typhoon APT Group - Chinese Cybersecurity Firm

Harvester APT Goes Cross-Platform: New Linux Backdoor Abuses Microsoft Graph API

Do Son April 24, 2026

The sophisticated threat actor known as Harvester is expanding its horizons. Traditionally known for targeting Windows environments,...

The Lotus Evolves: Mustang Panda Targets Indian Banks in a New Espionage Pivot Mustang Panda LOTUSLITE Financial Cyber-Espionage

Mustang Panda LOTUSLITE Financial Cyber-Espionage

The Lotus Evolves: Mustang Panda Targets Indian Banks in a New Espionage Pivot

Do Son April 23, 2026

The Acronis Threat Research Unit (TRU) has identified a significant shift in the operations of Mustang Panda,...

SEO Poisoning & NativeAOT: Unmasking the “Kong RAT” Campaign Targeting IT Professionals Kong RAT SEO Poisoning

Kong RAT SEO Poisoning

SEO Poisoning & NativeAOT: Unmasking the “Kong RAT” Campaign Targeting IT Professionals

Do Son April 21, 2026

Cybersecurity researchers have uncovered a sophisticated, multi-stage malware operation that turned legitimate search engine results into a...

New “PowMix” Botnet Preys on Czech Workforce with Lure of Compliance PowMix Botnet AMSI Bypass

PowMix Botnet AMSI Bypass

New “PowMix” Botnet Preys on Czech Workforce with Lure of Compliance

Do Son April 20, 2026

Cybersecurity researchers have exposured the curtain on a sophisticated, previously undocumented botnet that has been silently compromising...

JUMPSEC Unmasks Iranian ‘Muddy Water’ Using Russian ‘CastleRAT’ Malware Muddy Water CastleRAT HVNC Browser Hijacking

Muddy Water CastleRAT HVNC Browser Hijacking

JUMPSEC Unmasks Iranian ‘Muddy Water’ Using Russian ‘CastleRAT’ Malware

Do Son April 15, 2026

A significant shift in the digital arms race has been uncovered, as researchers reveal a new alliance...

Inside Canis C2: The ‘Wide Open’ Surveillance Engine Targeting Every Major OS Canis C2 Surveillance System

Canis C2 Surveillance System

Inside Canis C2: The ‘Wide Open’ Surveillance Engine Targeting Every Major OS

Do Son April 14, 2026

In the world of cyber espionage, discovering a new Command and Control (C2) framework is often a...

The Billion-Dollar Invite: How UNC1069’s Fake Meetings Hijack Crypto Fortunes UNC1069 Phishing BlueNoroff Crypto Theft

UNC1069 Phishing BlueNoroff Crypto Theft

The Billion-Dollar Invite: How UNC1069’s Fake Meetings Hijack Crypto Fortunes

Do Son April 14, 2026

The line between a routine business meeting and a financial breach has never been thinner. Between February...

The Invisible Hijack: How FrostArmada Turned 18,000 Routers Into a Global Spy Network FrostArmada Campaign DNS Redirection

FrostArmada Campaign DNS Redirection

The Invisible Hijack: How FrostArmada Turned 18,000 Routers Into a Global Spy Network

Do Son April 13, 2026

In a sophisticated campaign codenamed FrostArmada, the threat research team at Black Lotus Labs (Lumen Technologies) has...

Russian Military Hackers Hijack Thousands of Home Routers for Global Espionage Forest Blizzard DNS Hijacking

Forest Blizzard DNS Hijacking

Russian Military Hackers Hijack Thousands of Home Routers for Global Espionage

Do Son April 8, 2026

In a sophisticated campaign uncovered by Microsoft Threat Intelligence, a notorious Russian military-linked threat actor known as...

The Python Pivot: Kimsuky’s New Multi-Stage LNK Maze for Stealthy Backdoors Kimsuky Multi-stage LNK

Kimsuky Multi-stage LNK

The Python Pivot: Kimsuky’s New Multi-Stage LNK Maze for Stealthy Backdoors

Do Son April 8, 2026

The notorious Kimsuky threat group is refining its arsenal, shifting toward more complex, multi-stage execution chains to...

From Taiwan to Tehran: How TA416 Pivots its PlugX Backdoor to Global Flashpoints TA416 PlugX Backdoor

TA416 PlugX Backdoor

From Taiwan to Tehran: How TA416 Pivots its PlugX Backdoor to Global Flashpoints

Do Son April 8, 2026

A new intelligence report from Proofpoint reveals that TA416, a sophisticated threat actor aligned with Chinese state...

Iran-Linked “Password Spraying” Targets Municipal Response to Missile Strikes Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Iran-Linked “Password Spraying” Targets Municipal Response to Missile Strikes

Do Son April 6, 2026

Check Point Research (CPR) has been tracking an extensive password-spraying operation targeting Microsoft 365 environments, conducted by...

TikTok for Business Under Siege: New Phishing Campaign Exploits “Login with Google” TikTok for Business Phishing AiTM Phishing Kit

TikTok for Business Phishing AiTM Phishing Kit

TikTok for Business Under Siege: New Phishing Campaign Exploits “Login with Google”

Do Son April 3, 2026

Researchers at Push Security have identified and blocked a novel campaign targeting TikTok for Business accounts—the very...

Red Menshen’s Sleeper Cells Hijack the Global Telecom “Nervous System” Red Menshen BPFdoor Stealth

Red Menshen BPFdoor Stealth

Red Menshen’s Sleeper Cells Hijack the Global Telecom “Nervous System”

Do Son April 2, 2026

A months-long investigation by Rapid7 Labs has detailed the curtain on a quiet invasion. An advanced China-nexus...

Steganography & Sabotage: Inside Pawn Storm’s PRISMEX Offensive Against NATO Logistics Zyxel security - Mitel MiCollab Vulnerability

Zyxel security - Mitel MiCollab Vulnerability

Steganography & Sabotage: Inside Pawn Storm’s PRISMEX Offensive Against NATO Logistics

Do Son April 1, 2026

The notorious Russia-aligned threat actor known as Pawn Storm (also recognized as APT28, Fancy Bear, and Forest...

Infiltrating the Infiltrators: Inside the Florida “Laptop Farm” and the DPRK’s Failed Strike on a Cyber Firm Conceptual network diagram of DPRK scam

Conceptual network diagram of DPRK scam

Infiltrating the Infiltrators: Inside the Florida “Laptop Farm” and the DPRK’s Failed Strike on a Cyber Firm

Do Son March 30, 2026

In an attempt to infiltrate the cybersecurity industry itself, a suspected North Korean (DPRK) IT worker recently...

Nasir Security’s Hybrid Warfare Against Middle East Energy Infrastructure Nasir Security Supply Chain Attack

Nasir Security Supply Chain Attack

Nasir Security’s Hybrid Warfare Against Middle East Energy Infrastructure

Do Son March 27, 2026

A new and enigmatic threat actor is casting a long shadow over the Middle East’s energy sector....

Google Forms Weaponized: New “PureHVNC” Campaign Targets Professionals via LinkedIn PureHVNC RAT Google Forms Phishing

PureHVNC RAT Google Forms Phishing

Google Forms Weaponized: New “PureHVNC” Campaign Targets Professionals via LinkedIn

Do Son March 27, 2026

A sophisticated new malware campaign is turning a trusted business tool into a launchpad for cyber espionage....

Beyond the Hook: Unmasking SnappyClient, the HijackLoader-Linked Stealth Stealer Targeting Crypto SnappyClient HijackLoader

SnappyClient HijackLoader

Beyond the Hook: Unmasking SnappyClient, the HijackLoader-Linked Stealth Stealer Targeting Crypto

Do Son March 25, 2026

Security researchers at Zscaler ThreatLabz have unmasked a sophisticated new command-and-control (C2) framework implant they’ve dubbed SnappyClient....