Fancy Bear Archives • Daily CyberSecurity

CISA Sounds the Alarm: State-Sponsored Hackers Weaponize New Windows and ScreenConnect Flaws State-Sponsored Exploitation CISA KEV Catalog F5 BIG-IP RCE CISA KEV Catalog SolarWinds WHD Exploit CVE-2025-40551 Zimbra XSS Zero-Day CVE-2025-27915 Exploited Windows Security Vulnerabilities

State-Sponsored Exploitation CISA KEV Catalog F5 BIG-IP RCE CISA KEV Catalog SolarWinds WHD Exploit CVE-2025-40551 Zimbra XSS Zero-Day CVE-2025-27915 Exploited Windows Security Vulnerabilities

CISA Sounds the Alarm: State-Sponsored Hackers Weaponize New Windows and ScreenConnect Flaws

Do Son April 29, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalog, adding two...

The Zero-Click Vulnerability: Akamai Uncovers Incomplete Patch for APT28 Exploit Zero-Click Exploitation LNK Authentication Coercion

The Zero-Click Vulnerability: Akamai Uncovers Incomplete Patch for APT28 Exploit

Do Son April 27, 2026

Researchers at Akamai have discovered that a previous fix for a high-profile exploit used by the Russian-linked...

GemStuffer RubyGems Campaign RubyGems Data Exfiltration TanStack npm Compromise Supply Chain Attack DNS Hijacking APT28 (Fancy Bear) OpenVSX Supply Chain Attack Checkmarx Plugin Breach Stryker Cyberattack CISA Alert Trans-Regional Cyber Conflict Operation Epic Fury Cyber Operation MacroMaze APT28 Cyber Espionage Notepad++ Supply Chain Attack Lotus Blossom Group Defense Industrial Base Threats GTIG Report APT28 Operation Neusploit CVE-2026-21509 Bookworm Malware

APT28 Hijacks Home Routers to Steal Corporate Credentials

Do Son April 8, 2026

In a major technical disclosure, the UK National Cyber Security Centre (NCSC) has detailed a sophisticated campaign...

Steganography & Sabotage: Inside Pawn Storm’s PRISMEX Offensive Against NATO Logistics Zyxel security - Mitel MiCollab Vulnerability

Steganography & Sabotage: Inside Pawn Storm’s PRISMEX Offensive Against NATO Logistics

Do Son April 1, 2026

The notorious Russia-aligned threat actor known as Pawn Storm (also recognized as APT28, Fancy Bear, and Forest...

Inside the Arsenal: Exposed Server Reveals APT28’s ‘Roundish’ Toolkit and Advanced Cyber Espionage Tactics APT28 Toolkit Roundish Malware

Inside the Arsenal: Exposed Server Reveals APT28’s ‘Roundish’ Toolkit and Advanced Cyber Espionage Tactics

Do Son March 16, 2026

Cybersecurity investigators at Hunt Intelligence discovers an exposed open directory that unmasks the inner workings of one...

BadPaw and MeowMeow: Russian Cyber Offensive Targets Ukraine with Novel Malware Duo BadPaw Malware MeowMeow Backdoor

BadPaw and MeowMeow: Russian Cyber Offensive Targets Ukraine with Novel Malware Duo

Do Son March 5, 2026

Cybersecurity investigators at ClearSky Team have uncovered a targeted Russian cyber campaign against Ukraine utilizing two novel...

Hiding in Plain Sight: APT28’s “Operation MacroMaze” Hits European Govs

Do Son February 17, 2026

A new cyberespionage campaign attributed to the notorious Russian state-sponsored group APT28 (also known as Fancy Bear...

APT28 Weaponizes Office Flaw to Spy on NATO & Military NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

APT28 Weaponizes Office Flaw to Spy on NATO & Military

Do Son February 9, 2026

The notorious Russian state-sponsored group APT28 (also known as Fancy Bear) has launched a sophisticated new espionage...

Fancy Bear Returns: APT28 Exploits Office Flaw in “Operation Neusploit”

Do Son February 3, 2026

The notorious Russia-linked threat group APT28 (also known as Fancy Bear) has resurfaced with a sophisticated new...

The GRU’s Silent Shift: How BlueDelta Hijacks Ukrainian Webmail Using ngrok and Mocky BlueDelta Espionage, UKR.NET Phishing

The GRU’s Silent Shift: How BlueDelta Hijacks Ukrainian Webmail Using ngrok and Mocky

Do Son December 22, 2025

A persistent cyber-espionage campaign targeting Ukrainian webmail users has evolved its tactics to evade detection, leveraging a...

GONEPOSTAL: New Outlook Backdoor by Russia’s APT28 Uses Email for C2 APT28, GONEPOSTAL

GONEPOSTAL: New Outlook Backdoor by Russia’s APT28 Uses Email for C2

Do Son September 10, 2025

Kroll has identified a new espionage campaign attributed to Russia’s APT28 (Fancy Bear), involving a custom Outlook...

NotDoor: A New Backdoor by Russia’s APT28 Is Hiding in Microsoft Outlook Macros APT28, NotDoor

NotDoor: A New Backdoor by Russia’s APT28 Is Hiding in Microsoft Outlook Macros

Do Son September 5, 2025

The intelligence team at LAB52 (S2 Grupo) has uncovered a sophisticated new backdoor campaign attributed to APT28,...

Operation RoundPress: Sednit Weaponizes XSS to Breach Global Webmail Servers Sednit Cyberespionage, APT28

Operation RoundPress: Sednit Weaponizes XSS to Breach Global Webmail Servers

Do Son May 16, 2025

ESET researchers have exposed a covert cyberespionage campaign, dubbed Operation RoundPress, believed to be orchestrated by the...

APT28 Cyber Espionage Campaign Targets French Institutions Since 2021 APT28, Cyber Espionage

APT28 Cyber Espionage Campaign Targets French Institutions Since 2021

Do Son May 1, 2025

The French National Cybersecurity Agency (ANSSI) has released a detailed report exposing a sustained and strategic cyber-espionage...

Unveiling the “Nearest Neighbor Attack”: A Russian APT’s Covert Tactic to Weaponize Wi-Fi GruesomeLarch - Nearest Neighbor Attack

Unveiling the “Nearest Neighbor Attack”: A Russian APT’s Covert Tactic to Weaponize Wi-Fi

Do Son November 25, 2024

Volexity, a leading cybersecurity firm, has revealed a novel attack technique employed by the Russian APT group...

Russian Hackers Target Mobile Devices in New Espionage Wave

Do Son September 24, 2024

Cybersecurity researcher BushidoToken’s latest report reveals a disturbing trend: Russian state-backed hackers are increasingly focusing on mobile...

US Denounces Russian Cyberattacks Targeting Germany, EU Nations Labkotec LID-3300IP CVE-2026-1775 ASUSTOR ADM Vulnerability CVE-2026-3179 Russian Cyberattacks - Security Operations Center