In a newly identified cyber espionage operation, the Iranian aligned group MuddyWater has been found using a previously unknown backdoor named UDPGangster. The malware relies on the User Datagram Protocol (UDP) to manage command and control traffic, a choice that helps attackers avoid traditional network monitoring defenses. Security analysts at Fortinet FortiGuard Labs report that […]
Two China linked hacking groups have started weaponizing the newly revealed React Server Components vulnerability within hours of its public disclosure. The security flaw, tracked as CVE-2025-55182 with a maximum CVSS score of 10.0, allows unauthenticated remote code execution and has been patched in React versions 19.0.1, 19.1.2, and 19.2.1. AWS Detects Rapid Exploitation Attempts
Chinese Hackers Begin Exploiting the Newly Revealed React2Shell Vulnerability Read More »
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed the use of a sophisticated backdoor, BRICKSTORM, by state-sponsored Chinese threat actors to maintain long-term access to compromised systems across the United States. CISA described BRICKSTORM as a highly advanced implant designed for VMware vSphere and Windows environments. It allows attackers to gain stealthy access,
CISA Reports Chinese Hackers Leveraging BRICKSTORM for Persistent U.S. System Access Read More »
A collaborative investigation led by Mauro Eldritch, founder of BCA LTD, alongside NorthScan and ANY.RUN, has unveiled one of North Korea’s most persistent infiltration tactics: a network of remote IT workers linked to the Lazarus Group’s Famous Chollima division. For the first time, researchers observed the operators live, capturing their activity on what they believed
Lazarus APT’s Remote-Worker Operations Caught Live on Camera Read More »
A long running cyber espionage operation linked to the China based advanced persistent threat group APT31 has quietly infiltrated multiple Russian information technology companies between 2024 and 2025. According to researchers Daniil Grigoryan and Varvara Koloskova from Positive Technologies, the attackers focused on contractors and integrators that provide services to Russian government agencies, remaining unnoticed
China Linked APT31 Conducts Stealthy Cyberattacks on Russian IT via Cloud Services Read More »
A suspected China-linked cyber threat group known as APT24 has been actively deploying a previously undocumented malware called BADAUDIO as part of a prolonged espionage campaign. The operation, ongoing for nearly three years, has targeted organizations in Taiwan and compromised over 1,000 domains. Google Threat Intelligence Group (GTIG) researchers Harsh Parashar, Tierra Duncan, and Dan
APT24 Deploys BADAUDIO in Long Running Espionage Targeting Taiwan and Over 1,000 Domains Read More »
Recent findings indicate that Iranian-linked threat actors are increasingly combining cyber operations with real-world military objectives, a practice Amazon calls cyber-enabled kinetic targeting. By using digital reconnaissance to support physical attacks, these groups are demonstrating a significant evolution in modern warfare where cyber and kinetic domains are no longer separate. Blurring the Lines Between Cyber
A sophisticated Iran associated threat group has been observed conducting extensive espionage activity against organizations in the aerospace, aviation, and defense sectors across the Middle East. The attackers have used custom backdoors, including TWOSTROKE and DEEPROOT, to maintain long term access and gather sensitive information. Mandiant has linked this campaign to a cluster known as
A threat actor known as Dragon Breath has launched a sophisticated operation using a multi layered tool called RONINGLOADER. This loader is designed to disable major endpoint security products, evade modern defenses, and ultimately deploy a modified version of Gh0st RAT. The campaign mainly targets Chinese speaking victims and relies on trojanized installers that appear
Dragon Breath Deploys RONINGLOADER to Disable Security Tools and Install Gh0st RAT Read More »
Researchers have uncovered that North Korean threat actors behind the Contagious Interview campaign are increasingly leveraging JSON storage services to host and deploy malicious payloads. These platforms allow attackers to operate covertly while blending in with normal traffic. Tactics and Techniques According to NVISO researchers Bart Parys, Stef Collart, and Efstratios Lontzetidis, the actors now
North Korean Hackers Abuse JSON Services to Deliver Malware Covertly Read More »