Cyber Espionage

China-Linked DKnife AitM Framework Targets Routers to Hijack Traffic and Deliver Malware

Cybersecurity researchers have uncovered a sophisticated adversary-in-the-middle framework named DKnife, which has been operated by China-linked threat actors since at least 2019. The framework is designed to compromise routers and edge devices, enabling large-scale traffic interception, credential theft, and targeted malware distribution. According to a report published by Cisco Talos, DKnife consists of multiple Linux-based implants […]

China-Linked DKnife AitM Framework Targets Routers to Hijack Traffic and Deliver Malware Read More »

Asian State-Backed Group TGR-STA-1030 Breaches 70 Government and Infrastructure Organizations

Cybersecurity researchers at Palo Alto Networks Unit 42 have uncovered a previously unknown state-backed cyber espionage group that has compromised at least 70 government and critical infrastructure organizations across 37 countries within the last year. The threat actor, tracked as TGR-STA-1030, has also conducted widespread reconnaissance activities targeting government-related infrastructure in 155 countries between November and

Asian State-Backed Group TGR-STA-1030 Breaches 70 Government and Infrastructure Organizations Read More »

Infy Hackers Restart Operations Using New C2 Servers After Iran’s Internet Blackout Ends

The Iranian state-linked threat group known as Infy, also tracked as Prince of Persia, has resumed cyber operations after a temporary pause that coincided with Iran’s nationwide internet shutdown in early January 2026. Researchers say the group reappeared with new command-and-control (C2) servers, reinforcing assessments that Infy operates with state backing. According to a report released by SafeBreach, the

Infy Hackers Restart Operations Using New C2 Servers After Iran’s Internet Blackout Ends Read More »

China-Linked Amaranth Dragon Exploits WinRAR Vulnerability in Espionage Campaigns

Threat actors with links to China have been connected to a new wave of cyber espionage operations aimed at government and law enforcement institutions across Southeast Asia during 2025. Check Point Research has attributed the activity to a previously undocumented threat cluster named Amaranth-Dragon, which researchers say shows notable overlaps with the APT41 ecosystem. Countries

China-Linked Amaranth Dragon Exploits WinRAR Vulnerability in Espionage Campaigns Read More »

Cloudflare Zero-Day Vulnerability Allows Any Host Access by Bypassing Security Protections

Security researchers have disclosed a critical zero-day flaw in Cloudflare’s Web Application Firewall that allowed attackers to bypass security rules and directly access origin servers that were supposed to be fully protected. The issue was identified by researchers from FearsOff, who discovered that HTTP requests sent to the /.well-known/acme-challenge/ path could reach backend servers even when customers

Cloudflare Zero-Day Vulnerability Allows Any Host Access by Bypassing Security Protections Read More »

MuddyWater Launches RustyWater RAT Through Spear-Phishing Targeting Middle East Sectors

Cybersecurity researchers have uncovered a new spear phishing campaign linked to the Iranian threat actor MuddyWater, also known by multiple aliases, targeting critical sectors across the Middle East. The operation delivers a Rust based remote access trojan called RustyWater, signaling a continued shift toward more advanced and stealthy malware frameworks. Campaign Overview According to a

MuddyWater Launches RustyWater RAT Through Spear-Phishing Targeting Middle East Sectors Read More »

Russian APT28 Launches Credential-Stealing Campaign Targeting Energy and Policy Organizations

Russian state-sponsored threat actors linked to APT28, also known as BlueDelta, have been identified running an ongoing credential-harvesting operation aimed at energy research and policy-related organizations across multiple regions. According to findings, the campaign primarily targeted individuals connected to a Turkish energy and nuclear research body, employees of a European policy think tank, and organizations operating in North

Russian APT28 Launches Credential-Stealing Campaign Targeting Energy and Policy Organizations Read More »

FBI Warns of North Korean Hackers Using Malicious QR Codes in Spear-Phishing Attacks

The U.S. Federal Bureau of Investigation (FBI) has issued a new advisory warning that North Korean state sponsored threat actors are actively using malicious QR codes in spear phishing campaigns targeting organizations across the United States. According to the FBI, as of 2025, actors linked to the Kimsuky threat group have targeted think tanks, academic institutions, and both U.S.

FBI Warns of North Korean Hackers Using Malicious QR Codes in Spear-Phishing Attacks Read More »

China-Linked UAT-7290 Targets Telecom Companies with Linux Malware and ORB Nodes

Cybersecurity researchers have attributed a series of espionage driven cyber intrusions to a China linked threat actor tracked as UAT 7290, which has been actively targeting organizations across South Asia and Southeastern Europe. According to a new report published by Cisco Talos, the activity cluster has been operational since at least 2022 and is known

China-Linked UAT-7290 Targets Telecom Companies with Linux Malware and ORB Nodes Read More »

Russia-Aligned Hackers Exploit Viber to Target Ukrainian Military and Government Entities

A Russia aligned cyber threat group tracked as UAC-0184 has been observed abusing the Viber messaging platform to conduct targeted attacks against Ukrainian military and government organizations. The activity was detailed in a new technical report released by the 360 Threat Intelligence Center. Researchers stated that the group has maintained a high operational tempo throughout 2025, focusing

Russia-Aligned Hackers Exploit Viber to Target Ukrainian Military and Government Entities Read More »