APT 122
- PeckBirdy - A Versatile Script Framework for LOLBins Exploitation Used by China-aligned Threat Groups
- GOGITTER, GITSHELLPAD, and GOSHELL Analysis
- LOTUSLITE - Targeted espionage leveraging geopolitical themes
- CERT-UA reports PLUGGYAPE cyberattacks on defense forces
- China's guardian of secrets 保密管理系统
- Kim's crypto thieving reached a record $2B in 2025
- UAT-9686 actively targets Cisco Secure Email Gateway and Secure Email and Web Manager
- BlueDelta’s Persistent Campaign Against UKR.NET
- Russian APT actor phishes the Baltics and the Balkans
- Russia Hits Critical Orgs Via Misconfigured Edge Devices
- China's Ink Dragon Hides Out in European Government Networks
- Unveiling WARP PANDA A New Sophisticated China-Nexus Adversary
- Smile, You’re on Camera A Live Stream from Inside Lazarus Group’s IT Workers Scheme
- LummaC2 Infects North Korean Hacker Device Linked to Bybit Heist
- Researchers Capture Lazarus APT's Remote-Worker Scheme Live on Camera
- How a Russian Threat Actor Uses a Recent WinRAR Vulnerability in Their Ukraine Operations
- North Korea-linked actors behind Contagious Interview uploaded 197 new malicious npm packages to distribute a new OtterCookie malware version.
- Russian RomCom Utilizing SocGholish to Deliver Mythic Agent to U.S. Companies Supporting Ukraine
- Department 40 Exposed Inside the IRGC Unit Connecting Cyber Ops to Assassinations
- Google exposes BadAudio malware used in APT24 espionage campaigns
- SpearSpecter - Unmasking Iran’s IRGC Cyber Operations Targeting High-Profile Individuals
- Frontline Intelligence Analysis of UNC1549 TTPs, Custom Tools, and Malware Targeting the Aerospace and Defense Ecosystem
- North Korean hackers exploit Google’s safety tools for remote wipe
- Russian hackers sneak a full Linux virtual machine inside Windows to run undetected
- Operation Peek-a-Baku Silent Lynx APT makes sluggish shift to Dushanbe
- New Dante Spyware Linked to Rebranded Hacking Team, Now Memento Labs
- Russian hackers, likely linked to Sandworm, exploit legitimate tools against Ukrainian targets
- Logins.zip Leverages Chromium Zero-Day Stealthy Infostealer Builder Promises 99% Credential Theft in Under 12 Seconds
- Researchers Expose GhostCall and GhostHire BlueNoroff's New Malware Chains
- Iran's school for cyberspies could've used a few more lessons in preventing breaches
- Chinese Threat Actors Exploit ToolShell SharePoint Flaw Weeks After Microsoft's July Patch
- Russian Coldriver Hackers Deploy New 'NoRobot' Malware
- China-Linked Salt Typhoon breaches European Telecom via Citrix exploit
- North Korean Hackers Use EtherHiding to Hide Malware Inside Blockchain Smart Contracts
- Chinese Threat Group 'Jewelbug' Quietly Infiltrated Russian IT Network for Months
- North Korean Hackers Have Stolen $2 Billion in Cryptocurrency in 2025
- OpenAI bans suspected Chinese accounts using ChatGPT to plan surveillance
- New Report Links Research Firms BIETA and CIII to China's MSS Cyber Operations
- Booz Allen warns China’s AI-driven, supply chain cyber strategy fuels PRC dominance
- Hackers exploited Zimbra flaw as zero-day using iCalendar files
- Exposing CharmingKitten's malicious activity for IRGC-IO division Counterintelligence division
- DPRK IT Workers Inside North Korea’s Crypto Laundering Network
- Phantom Taurus A New Chinese Nexus APT and the Discovery of the NET-STAR Malware Suite
- Chinese Cyberspies Hacked US Defense Contractors
- Who is Salt Typhoon Really? Unraveling the Attribution Challenge
- COLDRIVER Updates Arsenal with BAITSWITCH and SIMPLEFIX
- Nimbus Manticore Deploys New Malware Targeting Europe
- Tech Note - BeaverTail variant distributed via malicious repositories and ClickFix lure
- China-linked APT41 targets government, think tanks, and academics tied to US-China trade and policy
- AI-Forged Military IDs Used in North Korean Phishing Attack
- FANCY BEAR GONEPOSTAL – Espionage Tool Provides Backdoor Access to Microsoft Outlook
- 45 Previously Unreported Domains Expose Longstanding Salt Typhoon Cyber Espionage
- Seqrite Labs details Noisy Bear APT group using malicious campaign against Kazakhstan energy sector
- Salt Typhoon and UNC4841 Silent Push Discovers New Domains; Urges Defenders to Check Telemetry and Log Data
- Lazarus Group Deploys Malware With ClickFix Scam in Fake Job Interviews
- Czech cyber agency NUKIB flags Chinese espionage risks to critical infrastructure
- APT37 Targets Windows with Rust Backdoor and Python Loader
- Russian APT28 Expands Arsenal with 'NotDoor' Outlook Backdoor
- Silver Fox Exploits Signed Drivers to Deploy ValleyRAT Backdoor
- International coalition calls out three Chinese companies over hacking campaign
- Transparent Tribe Targets Indian Govt With Weaponized Desktop Shortcuts via Phishing
- From Campus to C2 Tracking a Persistent Chinese Operation Against Vietnamese Universities
- Microsoft Windows Vulnerability Exploited to Deploy PipeMagic RansomExx Malware
- APT Group UAT-7237 Targets Taiwan's Web Infrastructure with Custom Tools
- Blue Locker' Analysis Ransomware Targeting Oil & Gas Sector In Pakistan
- New 'Curly COMrades' APT Using NGEN COM Hijacking in Georgia, Moldova Attacks
- Unmasking SocGholish Silent Push Untangles the Malware Web Behind the “Pioneer of Fake Updates” and Its Operator, TA569
- Ukraine claims to have hacked secrets from Russia's newest nuclear submarine
- From the Depths of the Shadows IRGC and Hacker Collectives Of The 12-Day War
- Ghost in the Zip | New PXA Stealer and Its Telegram-Powered Ecosystem
- From Laptops to Laundromats How DPRK IT Workers Infiltrated the Global Remote Economy
- Before ToolShell Exploring Storm-2603’s Previous Ransomware Operations
- APT36 Expands Beyond Military New Attacks Hit Indian Railways, Oil & Government Systems
- China’s Covert Capabilities | Silk Spun From Hafnium
- Anubis and the Death of Data A New Era of Ransomware Operations
- GOLD BLADE remote DLL sideloading attack deploys RedLoader
- Revisiting UNC3886 Tactics to Defend Against Present Risk
- China-linked group Fire Ant exploits VMware and F5 flaws since early 2025
- Scattered Spider is running a VMware ESXi hacking spree
- Hunting Laundry Bear Infrastructure Analysis Guide and Findings
- Unmasking the new Chaos RaaS group attacks
- Illusory Wishes China-nexus APT Targets the Tibetan Community
- Gunra Ransomware Emerges with New DLS
- Dropping Elephant APT Group Targets Turkish Defense Industry With New Campaign and Capabilities LOLBAS, VLC Player, and Encrypted Shellcode
- The SOC files Rumble in the jungle or APT41’s new target in Africa
- Lookout Discovers Iranian APT MuddyWater Leveraging DCHSpy During Israel-Iran Conflict
- UK calls out Russian military intelligence for use of espionage tool
- UNG0002, Regional Threat Operations Tracked Across Multiple Asian Jurisdictions
- Phish and Chips China-Aligned Espionage Actors Ramp Up Taiwan Semiconductor Industry Targeting
- Ongoing SonicWall Secure Mobile Access (SMA) Exploitation Campaign using the OVERSTEP Backdoor
- Pay2Key’s Resurgence Iranian Cyber Warfare Targets the West
- GoldMelody’s Hidden Chords Initial Access Broker In-Memory IIS Modules Revealed
- From Click to Compromise Unveiling the Sophisticated Attack of DoNot APT Group on Southern European Government Entities
- Phishing Attack Deploying Malware on Indian Defense BOSS Linux
- NightEagle APT Exploits Microsoft Exchange Flaw to Target China's Military and Tech Sectors
- Gamaredon in 2024 Cranking out spearphishing campaigns against Ukraine with an evolved toolset
- Iran
- Jasper Sleet North Korean remote IT workers’ evolving tactics to infiltrate organizations
- 10 Things I Hate About Attribution RomCom vs. TransferLoader
- Tracing Blind Eagle to Proton66
- The People’s Liberation Army Cyberspace Force
- GIFTEDCROOK’s Strategic Pivot From Browser Stealer to Data Exfiltration Platform During Critical Ukraine Negotiations
- DeepSeek Deception Sainbox RAT & Hidden Rootkit Delivery
- Patch and Persist Darktrace’s Detection of Blind Eagle (APT-C-36)
- Russia-linked APT28 use Signal chats to target Ukraine official with malware
- China-linked Salt Typhoon Exploits Critical Cisco Vulnerability to Target Canadian Telecom
- Hive0154 aka Mustang Panda shifts focus on Tibetan community to deploy Pubload backdoor
- APT36 Phishing Campaign Targets Indian Defense Using Credential-Stealing Malware
- Zoom & doom BlueNoroff call opens the door
- Same Sea, New Phish, Russian Government-Linked Social Engineering Targets App-Specific Passwords
- APT PROFILE – MISSION2025
- Follow the Smoke | China-nexus Threat Actors Hammer At the Doors of Top Tier Targets
- Eggs in a Cloudy Basket Skeleton Spider’s Trusted Cloud Malware Delivery
- Analysis of the Triple Combo Threat of the Kimsuky Group
- BladedFeline Whispering in the dark
- The Cost of a Call From Voice Phishing to Data Extortion
- Emulating the Unyielding Scattered Spider
- Pakistan Telecommunication Company (PTCL) Targeted by Bitter APT During Heightened Regional Conflict
- Mark Your Calendar APT41 Innovative Tactics
- New Russia-affiliated actor Void Blizzard targets critical sectors for espionage
- Earth Lamia Develops Custom Arsenal to Target Multiple Industries
- Operation Sindoor – Anatomy of a Digital Siege