Tag: china
-
Breach Roundup: Mr. Raccoon Wants Your Password
Tags: breach, china, data, data-breach, flaw, fortinet, healthcare, leak, password, phishing, ransomware, scamAlso, Eurail Breach, ChipSoft Hospital Disruptions, W3LL Phishing Takedown. This week, a Raccoon-linked actor hit help desks, Eurail exposed 308K users, Fortinet patched critical flaws, Pushpaganda scams, major data leaks hit healthcare and China, ransomware and phishing ops surged, and multiple breaches impacted firms and hospitals. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/breach-roundup-mr-raccoon-wants-your-password-a-31450
-
State-sponsored threats: Different objectives, similar access paths
A look at 2025 state-sponsored threats, exploring how actors linked to China, Russia, North Korea, and Iran use vulnerabilities, identity, and trusted access paths to achieve their goals. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/state-sponsored-threats-different-objectives-similar-access-paths/
-
China-linked cloud credential heist runs on typos and SMTP
Typosquatting for cloud-native espionage: The campaign relies heavily on deception, the researchers pointed out, using C2 domains closely resembling legitimate Alibaba Cloud services. The typosquatting approach allows malicious traffic to blend into routine cloud operations, specifically in environments where outbound filtering is absent.The implant used is an obfuscated ELF binary, with an executable designed for…
-
Cyber-Inspekteur: Hybride Attacken nehmen weiter zu
Deutschland ist im Visier staatlicher Hacker.Hybride Attacken auf kritische Infrastruktur in Deutschland und Bundeswehr-Truppen im Ausland nehmen weiter zu. Spätestens seit 2022 sei ein spürbarer Zuwachs zu verzeichnen, sagte der Bundeswehr-Inspekteur Cyber- und Informationsraum, Vizeadmiral Thomas Daum, bei einem Pressetermin bei der Nato-Cyberabwehrübung «Locked Shields» im niederrheinischen Kalkar. Cyber-Angriffe gegen die Bundeswehr richteten sich gegen Rechenzentren in…
-
APT41 Targets Linux Cloud Servers With New Winnti Backdoor
A previously undocumented Linux backdoor attributed to China-linked threat group APT41 (Winnti) has been uncovered, targeting cloud workloads across AWS, GCP, Azure, and Alibaba Cloud. The ELF-based implant, currently showing zero detections on VirusTotal, transforms Linux servers into stealthy credential theft nodes using a novel SMTP-based command-and-control (C2) mechanism. The discovery indicates a new phase in APT41’s Linux and cloud-targeted…
-
ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers
A critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation in the wild.The vulnerability in question is CVE-2025-0520 (aka CNVD-2020-26585), which carries a CVSS score of 9.4 out of 10.0.It relates to a case of unrestricted file upload that stems from improper validation of First…
-
APT41 Delivers ‘Zero-Detection’ Backdoor to Harvest Cloud Credentials
The prolific China-backed threat group is targeting AWS, Google, Azure, and Alibaba cloud environments and using typosquatting to obscure C2 communication. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/apt41-zero-detection-backdoor-harvest-cloud-credentials
-
APT41 Delivers ‘Zero-Detection’ Backdoor to Harvest Cloud Credentials
The prolific China-backed threat group is targeting AWS, Google, Azure, and Alibaba cloud environments and using typosquatting to obscure C2 communication. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/apt41-zero-detection-backdoor-harvest-cloud-credentials
-
Red Hat RHELocates its Chinese engineering team to India
Hundreds of layoffs, but this smells of geopolitics, not downsizing First seen on theregister.com Jump to article: www.theregister.com/2026/04/10/red_hat_ends_china_engineering/
-
Alleged 10 Petabyte Data Theft From China’s Tianjin Supercomputing Hub
Hacker claims a 10 petabyte data theft from China’s Tianjin Supercomputing Center, raising concerns over exposed defense-related data. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/alleged-10-petabyte-data-theft-from-chinas-tianjin-supercomputing-hub/
-
Why is the timeline to quantum-proof everything constantly shrinking?
Experts say advancements in hardware, mathematics and growing fear of Chinese scientific breakthroughs are pushing Google and others to call for speedier migration. First seen on cyberscoop.com Jump to article: cyberscoop.com/quantum-computing-industry-timeline-threat-accelerating/
-
Trump’s Proposed $707 Million CISA Budget Cut a ‘Gift to Nation-State Actors’
The Trump Administration wants to strip $707 million from CISA as it looks to narrow the scope of the security agency, but cybersecurity experts are saying that such cuts are a strategic mistake at a time when threat groups linked to China, Iran, and other nation-states are increasingly targeting U.S. critical infrastructure. First seen on…
-
The alleged breach of China’s National Supercomputing Center can have serious geopolitical consequences
A hacker allegedly stole 10+ PB of sensitive military and aerospace data from China’s National Supercomputing Center, risking national security. A massive alleged breach has hit China’s National Supercomputing Center (NSCC) in Tianjin. A hacker claims to have exfiltrated over 10 petabytes of highly sensitive data, including military, aerospace, and missile-related information. The facility supports…
-
China’s Tianjin Supercomputer Center Allegedly Hit in 10-Petabyte Data Theft
A threat actor has allegedly executed one of the largest data heists in China’s history, siphoning an astounding 10 petabytes of highly classified information from the National Supercomputing Center (NSCC) in Tianjin. The stolen dataset reportedly includes sensitive defense documents, missile schematics, and advanced aerospace research. The Tianjin center serves as a centralized infrastructure hub…
-
Silver Fox Campaign Spreads ValleyRAT via Fake Chinese Telegram Language Pack
New analysis of a fake Telegram installer uploaded to MalwareBazaar shows Silver Fox expanding its ValleyRAT operations with a fresh delivery chain that hides behind a Chinese-language pack-decoy and an uncommon ZPAQ-based packer. The MSI is a WiX-built installer (IssueAccentRequest, 4.49 MB) that runs a VBScript custom action as SYSTEM immediately after file extraction, while…
-
France Limits Chinese-Made Solar Energy Components
Paris Backs Protectionism and Cybersecurity Requirements to Keep Out Chinese Firms. France is saying non to Chinese photovoltaic components through a mix of protectionism and cybersecurity requirements as it readies a government-backed program of new solar energy projects. Chinese cybersecurity laws require firms to share key information and generally cooperate with Beijing. First seen on…
-
New FBI Warning: Chinese Apps Could Expose User Data
The FBI is warning Americans about data security risks tied to foreign-developed mobile apps, especially those linked to China. The post New FBI Warning: Chinese Apps Could Expose User Data appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-fbi-warns-foreign-apps-data-security-risks/
-
Fast-moving Storm-1175 uses new exploits to breach networks and drop Medusa
Tags: access, attack, breach, china, data, data-breach, exploit, flaw, group, network, ransomware, theft, update, vulnerabilityChina-based actor Storm-1175 runs fast ransomware attacks, exploiting new flaws to breach systems and quickly deploy Medusa ransomware. China-based actor Storm-1175 carries out fast, financially driven ransomware attacks by exploiting newly disclosed vulnerabilities before organizations patch them. The group targets exposed systems and quickly moves from initial access to data theft and Medusa ransomware deployment,…
-
China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware
A China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of zero-day and N-day vulnerabilities to orchestrate “high-velocity” attacks and break into susceptible internet-facing systems.”The threat actor’s high operational tempo and proficiency in identifying exposed perimeter assets have proven successful, with recent First seen on thehackernews.com Jump…
-
Microsoft links Medusa ransomware affiliate to zero-day attacks
Microsoft says that Storm-1175, a China-based financially motivated cybercriminal group known for deploying Medusa ransomware payloads, has been deploying n-day and zero-day exploits in high-velocity attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-links-medusa-ransomware-affiliate-to-zero-day-attacks/
-
6 ways attackers abuse AI services to hack your business
Tags: ai, api, attack, backdoor, breach, business, ceo, china, control, cve, cyber, cybercrime, cybersecurity, data, email, espionage, exploit, framework, group, hacking, injection, leak, LLM, malicious, malware, marketplace, microsoft, monitoring, open-source, openai, service, skills, software, startup, supply-chain, threat, tool, vulnerabilityAbusing AI platforms as covert C2 channels: Cybercriminals are also abusing AI platforms as covert command-and-control (C2) channels by turning AI services into proxies that hide malicious traffic inside the flow of legitimate content.Instead of running a dedicated C2 server, malware is programmed to fetch commands and exfiltrate data through AI services, circumventing traditional security…
-
Google battles Chinese open-weights models with Gemma 4
Now with a more permissive license, multi-modality, and support for more than 140 languages First seen on theregister.com Jump to article: www.theregister.com/2026/04/02/googles_gemma_4_open_weights/
-
CISA gives agencies two weeks to patch video conferencing bug exploited by Chinese hackers
A bug in a popular line of video conferencing software is being exploited by hackers, prompting the U.S. government to order all agencies to patch the vulnerability within two weeks. First seen on therecord.media Jump to article: therecord.media/trueconf-cyberattack-cisa-hackers
-
China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing
A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025, following a two-year period of minimal targeting in the region.The campaign has been attributed to TA416, a cluster of activity that overlaps with DarkPeony, RedDelta, Red Lich, SmugX, UNC6384, and Vertigo Panda.”This TA416 activity included multiple First seen on…
-
FBI Declares Surveillance System Breach a ‘Major Incident’
China-linked hackers breached an FBI surveillance system, exposing sensitive investigation data and prompting a “major incident” classification. The post FBI Declares Surveillance System Breach a ‘Major Incident’ appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-china-linked-fbi-surveillance-breach-major-incident/
-
Cryptohack Roundup: Charges in Uranium Finance Case
Also: Chinese Firms Indicted in Crypto-Linked Fentanyl Supply Case. This week, charges filed in Uranium Finance hack, indictment of Chinese firms in fentanyl supply case, a class action lawsuit against Nvidia, Drift Protocol exploit, KuCoin operational barriers in the United States and a U.K. sanction filed against Xinbi. First seen on govinfosecurity.com Jump to article:…
-
TrueConf zero-day vulnerability exploited to target government networks
Suspected China-nexus attackers have leveraged a zero-day vulnerability (CVE-2026-3502) in the TrueConf client application to distribute malware within government networks in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/02/trueconf-zero-day-vulnerability-cyber-espionage/
-
FBI Warns Chinese Mobile Apps Could Expose User Data to Cyberattacks
The Federal Bureau of Investigation (FBI) has issued a public warning about potential data security risks associated with foreign-developed mobile applications, particularly those developed by companies based in China. While the advisory focuses on apps widely used in the United States, the risks highlighted are global and relevant to users worldwide. Apps operating within China’s…
-
The Triple-Headed Dragon: Inside the Three-Cluster Chinese Cyberespionage Campaign Targeting SE Asia
The post The Triple-Headed Dragon: Inside the Three-Cluster Chinese Cyberespionage Campaign Targeting SE Asia appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/stately-taurus-southeast-asia-cyberespionage-three-clusters-unit-42/