APT

Iranian Hackers Launch SpearSpecter Spy Operation Targeting Defense and Government

A state backed Iranian cyber espionage group, commonly known as APT42, has been observed conducting a new intelligence collection campaign aimed at individuals and organizations connected to national security. The Israel National Digital Agency (INDA) has named this ongoing operation SpearSpecter after identifying its activity in early September 2025. Highly Targeted Social Engineering Operations INDA […]

Iranian Hackers Launch SpearSpecter Spy Operation Targeting Defense and Government Read More »

Konni Hackers Turn Google Find Hub into Remote Data Wiping Tool

A North Korea linked actor known as Konni, also tracked as Earth Imp, Opal Sleet, Osmium, TA406, and Vedalia, has run targeted campaigns that compromise Android and Windows systems, steal credentials, and gain remote control of victims’ devices. Researchers at the Genians Security Center say the group used social engineering to distribute malware disguised as

Konni Hackers Turn Google Find Hub into Remote Data Wiping Tool Read More »

China’s Hackers Repurpose Legacy Flaws, from Log4j to IIS, into Global Espionage Tools

Chinese state aligned hacking groups continue to rely on long standing software vulnerabilities to conduct stealthy cyber operations across the globe. A recent incident involving a U.S. based non profit organization shows how older flaws such as Log4j, Atlassian, Struts, and IIS weaknesses are still being reused to gain long term access for intelligence gathering.

China’s Hackers Repurpose Legacy Flaws, from Log4j to IIS, into Global Espionage Tools Read More »

SonicWall Confirms State Sponsored Hackers Behind September Cloud Backup Breach

Network security giant SonicWall has officially confirmed that a sophisticated state-sponsored threat actor was responsible for a September security incident. The breach resulted in the unauthorized access of firewall configuration backup files from a specific cloud environment, though the company has assured customers that its core products and firmware remain unaffected. Isolated Breach in a

SonicWall Confirms State Sponsored Hackers Behind September Cloud Backup Breach Read More »

Mysterious ‘SmudgedSerpent’ Hackers Target U.S. Policy Experts Amid Rising Iran–Israel Tensions

A previously unknown hacking group, codenamed “SmudgedSerpent,” has been uncovered targeting American academics and foreign policy specialists. This cyber espionage campaign, which occurred between June and August 2025, aligns with a period of significantly heightened tensions between Iran and Israel, pointing to a clear intelligence-gathering motive. Deceptive Lures and Established Playbooks The threat actor, identified

Mysterious ‘SmudgedSerpent’ Hackers Target U.S. Policy Experts Amid Rising Iran–Israel Tensions Read More »

Operation SkyCloak Uses Tor-Enabled OpenSSH Backdoor to Target Defense Organizations

A sophisticated cyber espionage campaign, dubbed Operation SkyCloak, is using weaponized phishing emails to deploy a highly stealthy backdoor on target systems. The malware establishes persistent remote access by combining a customized OpenSSH server with a Tor hidden service, creating a covert channel that is extremely difficult to trace. The Lure: Phishing with Military Documents The

Operation SkyCloak Uses Tor-Enabled OpenSSH Backdoor to Target Defense Organizations Read More »

Nation-State Hackers Use New Airstalk Malware in Suspected Supply Chain Attack

A sophisticated threat actor, believed to be state-sponsored, has been discovered using a previously unknown malware family dubbed “Airstalk” in a suspected software supply chain attack. The malware uniquely abuses a legitimate enterprise mobile device management (MDM) API to establish a covert communication channel with its operators. The Attacker and the Malware’s Core Deception Tracked

Nation-State Hackers Use New Airstalk Malware in Suspected Supply Chain Attack Read More »

China-Linked Hackers Exploit Windows Shortcut Vulnerability to Target European Diplomats

A China-affiliated cyber espionage group, tracked as UNC6384, has been discovered conducting a sophisticated campaign targeting European diplomatic and government entities. The attacks, occurring between September and October 2025, exploit an unpatched Windows shortcut vulnerability to deploy the notorious PlugX remote access trojan on victim systems. Strategic Targeting of European Diplomacy According to a technical

China-Linked Hackers Exploit Windows Shortcut Vulnerability to Target European Diplomats Read More »

China-Linked Tick APT Exploits Lanscope Zero-Day to Compromise Corporate Networks

A sophisticated cyber espionage group known as Tick has been identified as the actor behind the exploitation of a critical, recently disclosed zero-day vulnerability in Motex Lanscope Endpoint Manager. This campaign, targeting specific sectors for intelligence gathering, demonstrates the continued threat posed by advanced persistent threats (APTs) to corporate network security. The Zero-Day Vulnerability: CVE-2025-61932

China-Linked Tick APT Exploits Lanscope Zero-Day to Compromise Corporate Networks Read More »

Russian Hackers Target Ukrainian Organizations Using Stealthy, Living Off the Land Tactics

Russian threat actors have reportedly conducted a series of stealthy cyberattacks on organizations in Ukraine, aiming to steal confidential data and maintain persistent access to compromised networks.According to a recent joint report by Symantec and Carbon Black Threat Hunter Team, the attacks targeted a large business services company for two months and a local government

Russian Hackers Target Ukrainian Organizations Using Stealthy, Living Off the Land Tactics Read More »