cyber-espionage

APT37 Expands Arsenal with Rustonotto Backdoor, PowerShell Chinotto, and FadeStealer North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

APT37 Expands Arsenal with Rustonotto Backdoor, PowerShell Chinotto, and FadeStealer

Do Son September 10, 2025

Zscaler ThreatLabz has uncovered new details about North Korean-aligned threat actor APT37 (also known as ScarCruft, Ruby...

Unmasking Salt Typhoon: A Report Exposes 45 New Domains from a Chinese APT Group TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

Unmasking Salt Typhoon: A Report Exposes 45 New Domains from a Chinese APT Group

Do Son September 9, 2025

Threat analysts at Silent Push have identified dozens of previously unreported domains tied to Salt Typhoon, a...

Noisy Bear: A New APT Group Is Spying on Kazakhstan’s Energy Sector Noisy Bear, cyber espionage

Noisy Bear, cyber espionage

Noisy Bear: A New APT Group Is Spying on Kazakhstan’s Energy Sector

Do Son September 8, 2025

The Seqrite Labs APT-Team has released an in-depth analysis of a newly discovered threat actor dubbed Noisy...

Kimsuky APT Is Using Social Engineering and AppleSeed Malware to Spy on South Korea Exploited VMware

Exploited VMware

Kimsuky APT Is Using Social Engineering and AppleSeed Malware to Spy on South Korea

Do Son September 5, 2025

The Genians Security Center (GSC) has published a detailed analysis of a new Advanced Persistent Threat (APT)...

Operation HanKook Phantom: APT-37 Targets South Korean Institutions with LNK-Based Espionage Campaign North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

Operation HanKook Phantom: APT-37 Targets South Korean Institutions with LNK-Based Espionage Campaign

Do Son September 2, 2025

Researchers at Seqrite Lab have uncovered a new spear-phishing operation attributed to APT-37 (ScarCruft / InkySquid /...

Beyond Phishing: Iranian-Aligned Group Abuses Omani Mailbox to Spy on Diplomats Iranian-aligned, spear-phishing

Iranian-aligned, spear-phishing

Beyond Phishing: Iranian-Aligned Group Abuses Omani Mailbox to Spy on Diplomats

Do Son September 2, 2025

Recently, researchers at Dream’s Threat Intelligence Team uncovered a sophisticated spear-phishing campaign that leveraged a compromised mailbox...

TAOTH Campaign: Hijacked Software Updates Are Spreading Malware Across Asia Iranian Cyber Reconnaissance IP Camera Security NCSC Warning Russian Hacktivists Taiwan Cyberattacks China State-Sponsored Hacking state-sponsored threat actor Ransomware RAT Abuse, AnyDesk

Iranian Cyber Reconnaissance IP Camera Security NCSC Warning Russian Hacktivists Taiwan Cyberattacks China State-Sponsored Hacking state-sponsored threat actor Ransomware RAT Abuse, AnyDesk

TAOTH Campaign: Hijacked Software Updates Are Spreading Malware Across Asia

Do Son September 1, 2025

Trend Micro researchers have detailed a sophisticated cyber-espionage operation, dubbed TAOTH, which leverages hijacked software updates and...

A Digital Watering Hole: How Russia’s APT29 Is Abusing Microsoft Auth Flow APT29, watering hole campaign

APT29, watering hole campaign

A Digital Watering Hole: How Russia’s APT29 Is Abusing Microsoft Auth Flow

Do Son August 31, 2025

Amazon’s threat intelligence team has identified and disrupted a watering hole campaign conducted by APT29 (also known...

ShadowSilk Unmasked: The Hybrid Espionage Group Targeting Central Asian Governments Harvester APT Linux Backdoor OT Cyberattack Iranian APT Operation Olalampo MuddyWater APT Prince of Persia APT, Tonnerre v50 Patchwork APT, DLL Sideloading Subtle Snail, cyber espionage ShadowSilk, cyber espionage Volt Typhoon APT Group - Chinese Cybersecurity Firm

Harvester APT Linux Backdoor OT Cyberattack Iranian APT Operation Olalampo MuddyWater APT Prince of Persia APT, Tonnerre v50 Patchwork APT, DLL Sideloading Subtle Snail, cyber espionage ShadowSilk, cyber espionage Volt Typhoon APT Group - Chinese Cybersecurity Firm

ShadowSilk Unmasked: The Hybrid Espionage Group Targeting Central Asian Governments

Do Son August 29, 2025

Group-IB analysts, in cooperation with CERT-KG, have published new research exposing the activities of a threat cluster...

An Espionage System: NSA, CISA, & Partners Expose Chinese APT Groups Chinese APT, cyber espionage

Chinese APT, cyber espionage

An Espionage System: NSA, CISA, & Partners Expose Chinese APT Groups

Do Son August 28, 2025

In a multinational alert, the U.S. National Security Agency (NSA), CISA, FBI, and partners from more than...

A Persistent Threat: Blind Eagle Hacking Group Continues to Target Colombia Blind Eagle, cyber espionage

Blind Eagle, cyber espionage

A Persistent Threat: Blind Eagle Hacking Group Continues to Target Colombia

Do Son August 28, 2025

Insikt Group has released new findings on TAG-144, also known as Blind Eagle, AguilaCiega, APT-C-36, or APT-Q-98,...

Google Threat Intelligence Exposes UNC6384’s Stealthy Espionage Campaign UNC6384, cyber-espionage

UNC6384, cyber-espionage

Google Threat Intelligence Exposes UNC6384’s Stealthy Espionage Campaign

Do Son August 27, 2025

Google Threat Intelligence Group (GTIG) uncovered a complex, multi-stage cyber-espionage campaign attributed to the PRC-linked threat actor...

Beyond Windows: Pakistan’s APT36 Group Is Now Attacking Linux Systems with Stealthy Malware AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

Beyond Windows: Pakistan’s APT36 Group Is Now Attacking Linux Systems with Stealthy Malware

Do Son August 26, 2025

The Pakistan-linked threat group APT36—also known as Transparent Tribe, Mythic Leopard, Earth Karkaddan, or Operation C-Major—has re-emerged...

Spur Links North Korean APT Infrastructure to Commercial Proxy Service WgetCloud proxy

proxy

Spur Links North Korean APT Infrastructure to Commercial Proxy Service WgetCloud

Do Son August 26, 2025

Last week, the leak site DDoSecrets.com published a data dump allegedly from a workstation of a threat...

Linux Under Attack: APT36 Launches New Cyber-Espionage Campaign on Indian Govt APT36

APT36

Linux Under Attack: APT36 Launches New Cyber-Espionage Campaign on Indian Govt

Do Son August 25, 2025

The threat landscape in South Asia has taken a new turn with the resurgence of APT36 (Transparent...

UAC-0057 Targets Ukraine and Poland with Weaponized Archives and Evolving Implants BlueNoroff macOS Attack GhostCall Campaign Carding Underground Bulletproof Hosting DPRK Contagious Interview, npm Flood Stonefly group -HiatusRAT Actors

BlueNoroff macOS Attack GhostCall Campaign Carding Underground Bulletproof Hosting DPRK Contagious Interview, npm Flood Stonefly group -HiatusRAT Actors

UAC-0057 Targets Ukraine and Poland with Weaponized Archives and Evolving Implants

Do Son August 22, 2025

In a newly released report, French cybersecurity firm HarfangLab has revealed details of two interconnected cyber espionage...

A Decade of Espionage: How a Russian APT Exploited Cisco Devices (CVE-2018-0171) for Years Static Tundra CVE-2018-0171

Static Tundra CVE-2018-0171

A Decade of Espionage: How a Russian APT Exploited Cisco Devices (CVE-2018-0171) for Years

Do Son August 21, 2025

Cisco Talos has released a new analysis exposing “Static Tundra,” a Russian state-sponsored threat actor that has...

Beyond the Inbox: How a Cyber-Espionage Group Is Exploiting Two WinRAR Vulnerabilities WinRAR Zero-day

WinRAR Zero-day

Beyond the Inbox: How a Cyber-Espionage Group Is Exploiting Two WinRAR Vulnerabilities

Do Son August 21, 2025

BI.ZONE Threat Intelligence uncovered a series of targeted cyber-espionage campaigns conducted by the Paper Werewolf (GOFFEE) cluster,...

Spies in Your Skype: GodRAT Malware Uses Steganography to Target Financial Firms Cyber-espionage, GodRAT

Cyber-espionage, GodRAT

Spies in Your Skype: GodRAT Malware Uses Steganography to Target Financial Firms

Do Son August 20, 2025

Kaspersky Labs has identified a sophisticated cyber-espionage campaign targeting financial institutions, particularly trading and brokerage firms, through...

“Curly COMrades” Group Unmasked: Russian Threat Actors Deploy New Backdoor in Geopolitical Espionage Campaign Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

“Curly COMrades” Group Unmasked: Russian Threat Actors Deploy New Backdoor in Geopolitical Espionage Campaign

Do Son August 14, 2025

Bitdefender Labs has uncovered a new cyber-espionage group, dubbed “Curly COMrades”, believed to operate in support of...

🚨

Receive alerts for vulnerabilities being exploited in the wild.

⚡

Get notified instantly when a Proof of Concept (PoC) exploit is published.

🔍

Access critical info on vulnerabilities even when marked as "RESERVED".

🧠

Insights powered by decades of expertise and global intelligence sources.

🎯

Customize alerts with up to 10 keywords for your specific tech stack.

📊

Export the raw CVE database for SIEM integration and reporting.

CVE-2026-28496CVSS 9.4
FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template...
Admin intel🗓 Updated: Jun 25, 2026
CVE-2026-12569
PTC Windchill and FlexPLM contains an improper input validation vulnerability allowing an unauthenticated, remote attacker to execute arbitrary...
🗓 Added to KEV: Jun 25, 2026
CVE-2025-67038CVSS 9.8
Lantronix EDS5000 contains a code injection vulnerability that could allow attackers to inject arbitrary OS commands into the...
🗓 Added to KEV: Jun 23, 2026
CVE-2026-34910CVSS 10.0
Ubiquiti UniFi OS contains an improper input validation vulnerability which could allow a malicious actor with access to...
🗓 Added to KEV: Jun 23, 2026
CVE-2026-34909CVSS 10.0
Ubiquiti UniFi OS contains a path traversal vulnerability which could allow a malicious actor with access to the...
🗓 Added to KEV: Jun 23, 2026
CVE-2026-34908CVSS 10.0
Ubiquiti UniFi OS contains an improper access control vulnerability which could allow a malicious actor with access to...
🗓 Added to KEV: Jun 23, 2026
CVE-2026-20230CVSS 8.6
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified...
Admin intel🗓 Updated: Jun 22, 2026
CVE-2026-20253CVSS 9.8
Splunk Enterprise contains a missing authentication for critical function vulnerability which could allow an unauthenticated user to create...
🗓 Added to KEV: Jun 18, 2026