Collecting Cyber-News from over 60 sources

Tag: espionage

The 2 faces of AI: How emerging models empower and endanger cybersecurity

Jan 8, 2026 8:02 PM

Tags: ai, api, attack, compliance, credentials, cyber, cybersecurity, data, deep-fake, defense, detection, endpoint, espionage, exploit, finance, flaw, framework, GDPR, google, governance, government, group, guide, hacker, HIPAA, incident response, injection, intelligence, LLM, malicious, malware, mandiant, microsoft, network, PCI, penetration-testing, privacy, risk, russia, scam, security-incident, service, social-engineering, strategy, tactics, threat, tool, vulnerability, zero-day

Self-modifying, evasive malware More recently, the researchers at Google Threat Intelligence Group (GTIG) identified a disturbing new trend: malware that uses LLMs during execution to dynamically alter its own behavior and evade detection. This is not pre-generated code, this is code that adapts mid-execution.In June 2025, GTIG identified an experimental malware called PROMPTFLUX, which connects…
The 2 faces of AI: How emerging models empower and endanger cybersecurity

Jan 8, 2026 8:02 PM

Tags: ai, api, attack, compliance, credentials, cyber, cybersecurity, data, deep-fake, defense, detection, endpoint, espionage, exploit, finance, flaw, framework, GDPR, google, governance, government, group, guide, hacker, HIPAA, incident response, injection, intelligence, LLM, malicious, malware, mandiant, microsoft, network, PCI, penetration-testing, privacy, risk, russia, scam, security-incident, service, social-engineering, strategy, tactics, threat, tool, vulnerability, zero-day

Self-modifying, evasive malware More recently, the researchers at Google Threat Intelligence Group (GTIG) identified a disturbing new trend: malware that uses LLMs during execution to dynamically alter its own behavior and evade detection. This is not pre-generated code, this is code that adapts mid-execution.In June 2025, GTIG identified an experimental malware called PROMPTFLUX, which connects…
China-Linked UAT-7290 Targets Telecom Networks in South Asia

Jan 8, 2026 6:03 PM

Tags: china, cyber, espionage, network

A long-term cyber-espionage campaign targeting South Asia’s telecom firms has been linked to UAT-7290 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/china-uat-7290-targets-telecoms/
China-Linked UAT-7290 Targets Telecoms with Linux Malware and ORB Nodes

Jan 8, 2026 5:05 PM

Tags: attack, china, espionage, linux, malware, threat

A China-nexus threat actor known as UAT-7290 has been attributed to espionage-focused intrusions against entities in South Asia and Southeastern Europe.The activity cluster, which has been active since at least 2022, primarily focuses on extensive technical reconnaissance of target organizations before initiating attacks, ultimately leading to the deployment of malware families such as RushDrop First…
ToddyCat Malware Exploits ProxyLogon to Compromise Microsoft Exchange Servers

Jan 7, 2026 10:02 PM

Tags: cyber, espionage, exploit, group, malware, microsoft, risk, threat

ToddyCat, a sophisticated cyber-espionage threat group also known as Websiic and Storm-0247, has emerged as a significant risk to organizations across Europe and Asia. The group’s operations, which began in December 2020 by targeting Microsoft Exchange servers in Taiwan and Vietnam, have since evolved into complex, multi-stage campaigns that leverage advanced evasion techniques and specialized…
Russia-linked APT UAC-0184 uses Viber to spy on Ukrainian military in 2025

Jan 6, 2026 12:52 AM

Tags: apt, data, espionage, government, intelligence, malicious, military, monitoring, russia, spy, threat, ukraine

Russia-linked APT UAC-0184 targets Ukrainian military and government bodies via Viber, delivering malicious ZIP files for espionage in 2025. Russia-linked threat actor UAC-0184 (aka Hive0156) is targeting Ukrainian military and government entities, using Viber messages to deliver malicious ZIP files as part of ongoing intelligence-gathering operations in 2025. >>Recent monitoring data from the 360 “‹”‹Advanced…
Russia-linked APT UAC-0184 uses Viber to spy on Ukrainian military in 2025

Jan 6, 2026 12:52 AM

Tags: apt, data, espionage, government, intelligence, malicious, military, monitoring, russia, spy, threat, ukraine

Russia-linked APT UAC-0184 targets Ukrainian military and government bodies via Viber, delivering malicious ZIP files for espionage in 2025. Russia-linked threat actor UAC-0184 (aka Hive0156) is targeting Ukrainian military and government entities, using Viber messages to deliver malicious ZIP files as part of ongoing intelligence-gathering operations in 2025. >>Recent monitoring data from the 360 “‹”‹Advanced…
Russia-linked APT UAC-0184 uses Viber to spy on Ukrainian military in 2025

Jan 6, 2026 12:52 AM

Tags: apt, data, espionage, government, intelligence, malicious, military, monitoring, russia, spy, threat, ukraine

Russia-linked APT UAC-0184 targets Ukrainian military and government bodies via Viber, delivering malicious ZIP files for espionage in 2025. Russia-linked threat actor UAC-0184 (aka Hive0156) is targeting Ukrainian military and government entities, using Viber messages to deliver malicious ZIP files as part of ongoing intelligence-gathering operations in 2025. >>Recent monitoring data from the 360 “‹”‹Advanced…
Transparent Tribe Weaponizes >>JLPT<< Tests in New Cyber-Espionage Campaign Against India

Jan 5, 2026 1:52 AM

Tags: cyber, espionage, india

The post Transparent Tribe Weaponizes >>JLPT
Transparent Tribe Weaponizes >>JLPT<< Tests in New Cyber-Espionage Campaign Against India

Jan 5, 2026 1:52 AM

Tags: cyber, espionage, india

The post Transparent Tribe Weaponizes >>JLPT
Top 10 Cybersecurity Predictions for 2026

Jan 1, 2026 10:52 AM

Tags: access, ai, api, application-security, attack, authentication, automation, awareness, backdoor, backup, best-practice, blockchain, breach, business, ceo, china, ciso, cloud, communications, compliance, computer, computing, conference, control, corporate, crypto, cryptography, cyber, cyberattack, cybercrime, cybersecurity, data, data-breach, deep-fake, defense, detection, disinformation, email, encryption, espionage, exploit, extortion, finance, fraud, governance, government, group, hacker, hacking, healthcare, identity, incident response, infrastructure, intelligence, Internet, iran, korea, law, linkedin, LLM, malicious, malware, mfa, military, monitoring, msp, mssp, network, nist, north-korea, organized, phishing, privacy, programming, ransom, ransomware, regulation, risk, risk-management, russia, scam, service, skills, soc, social-engineering, software, strategy, supply-chain, tactics, technology, theft, threat, tool, training, ukraine, update, vulnerability, vulnerability-management, warfare, windows, zero-day

Top 10 Cybersecurity Predictions for 2026 The year AI changes cybersecurity forever Cybersecurity predictions are an opportunity to look forward instead of back, to be proactive instead of reactive, and to consider how changes in attackers, technology, and the security industry will impact the sustainability of managing cyber risks. Gaining future insights to the threats, targets,…
Knownsec Data Breach: A Trove of Espionage Tradecraft with an Insider Narrative

Jan 1, 2026 12:52 AM

Tags: breach, data, data-breach, espionage

First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/knownsec-data-breach-a-trove-of-espionage-tradecraft-with-an-insider-narrative
APT36 Targets Indian Government Systems Using Malicious Windows LNK Files

Dec 31, 2025 6:52 PM

Tags: cyber, detection, espionage, government, india, infection, malicious, threat, windows

A sophisticated cyber-espionage operation attributed to APT36, also known as Transparent Tribe, has been identified targeting Indian governmental, academic, and strategic entities through weaponized Windows shortcut files designed to evade detection and establish persistent remote access. The Pakistan-aligned threat actor deployed a deceptive LNK-based infection chain that leverages trusted system binaries and fileless execution techniques…
Equifax Europe CISO: Notorious breach spurred cybersecurity transformation

Dec 31, 2025 8:52 AM

Tags: access, ai, attack, authentication, awareness, breach, business, ceo, cio, ciso, cloud, computer, control, corporate, cyber, cyberattack, cybercrime, cybersecurity, data, defense, dora, espionage, finance, framework, google, government, identity, infrastructure, intelligence, network, nis-2, phishing, regulation, risk, risk-management, security-incident, service, strategy, technology, threat, update

Cloud as a new technological axis: Equifax’s $3 billion migration to the cloud, “which had been brewing for about seven years” and which the company says is the largest technological investment in its history, has involved moving more than 300 systems, over 30 product families, and thousands of customers to the company’s cloud platform, Equifax Cloud, in Spain…
React2Shell: Anatomy of a max-severity flaw that sent shockwaves through the web

Dec 29, 2025 12:55 PM

Tags: access, attack, backdoor, botnet, china, cvss, data, data-breach, espionage, exploit, flaw, framework, google, group, intelligence, Internet, linux, metric, network, remote-code-execution, service, strategy, tool, update, vulnerability

What the research quickly agreed on: Across early reports from Wiz, Palo Alto Networks’ Unit 42, Google AWS, and others, there was a strong alignment on the core mechanics of React2Shell. Researchers independently confirmed that the flaw lives inside React’s server-side rendering pipeline and stems from unsafe deserialization in the protocol used to transmit component…
Evasive Panda cyberespionage campaign uses DNS poisoning to install MgBot backdoor

Dec 29, 2025 10:55 AM

Tags: apt, attack, backdoor, china, cyber, cyberespionage, dns, espionage, group, kaspersky

China-linked APT Evasive Panda used DNS poisoning to deliver the MgBot backdoor in targeted cyber-espionage attacks in Türkiye, China, and India. Kaspersky researchers spotted the China-linked APT group Evasive Panda (aka Daggerfly, Bronze Highland, and StormBamboo) running a targeted cyber-espionage campaign using DNS poisoning to deliver the MgBot backdoor against victims in Türkiye, China, and…
59,000 Servers Breached: Operation PCPcat Targets React and Next.js at Internet Scale

Dec 24, 2025 2:19 PM

Tags: cyber, espionage, framework, infrastructure, Internet, theft

A large-scale cyber espionage operation known as Operation PCPcat has shaken the modern web infrastructure, compromising more than 59,000 servers in just 48 hours. The campaign targets systems built on React frameworks, including widely deployed Next.js and React Servers, and has already resulted in the theft of hundreds of thousands of credentials. First seen on thecyberexpress.com Jump to…
SideWinder APT Launches Cyberattacks on Indian Entities Posing as the Income Tax Department

Dec 22, 2025 3:18 PM

Tags: apt, cyber, cyberattack, detection, espionage, india, microsoft, threat

Zscaler Threat Hunting has identified a sophisticated espionage campaign targeting Indian entities through fraudulent >>Income Tax Department
Arcane Werewolf Hacker Group Expands Arsenal with Loki 2.1 Malware Toolkit

Dec 22, 2025 3:18 PM

Tags: cyber, espionage, group, hacker, intelligence, malware, russia, threat

The cyber espionage group known as Arcane Werewolf (also tracked as Mythic Likho) has significantly upgraded its offensive capabilities, targeting Russian manufacturing enterprises with a new iteration of its custom malware. According to a report by BI.ZONE Threat Intelligence: campaigns observed in October and November 2025 reveal that the group has transitioned from the Loki…
Hackers exploit Microsoft OAuth device codes to hijack enterprise accounts

Dec 22, 2025 1:19 PM

Tags: access, attack, automation, awareness, breach, china, conference, credentials, cybercrime, data, email, espionage, exploit, finance, government, group, hacker, hacking, linkedin, malicious, microsoft, military, phishing, qr, russia, tactics, threat, tool, unauthorized

Tools of the trade: What’s driving the surge is the availability of tools that make these attacks easy to execute. Proofpoint identified two primary kits: SquarePhish2 and Graphish.SquarePhish2 is an updated version of a tool originally published by Dell Secureworks in 2022. It automates the OAuth Device Grant Authorization flow and integrates QR code functionality.The…
Hackers exploit Microsoft OAuth device codes to hijack enterprise accounts

Dec 22, 2025 1:19 PM

Tags: access, attack, automation, awareness, breach, china, conference, credentials, cybercrime, data, email, espionage, exploit, finance, government, group, hacker, hacking, linkedin, malicious, microsoft, military, phishing, qr, russia, tactics, threat, tool, unauthorized

Tools of the trade: What’s driving the surge is the availability of tools that make these attacks easy to execute. Proofpoint identified two primary kits: SquarePhish2 and Graphish.SquarePhish2 is an updated version of a tool originally published by Dell Secureworks in 2022. It automates the OAuth Device Grant Authorization flow and integrates QR code functionality.The…
China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

Dec 18, 2025 7:19 PM

Tags: attack, china, cyber, cybersecurity, espionage, group, malware, threat, windows

A previously undocumented China-aligned threat cluster dubbed LongNosedGoblin has been attributed to a series of cyber attacks targeting governmental entities in Southeast Asia and Japan.The end goal of these attacks is cyber espionage, Slovak cybersecurity company ESET said in a report published today. The threat activity cluster has been assessed to be active since at…
Group Policy abuse reveals China-aligned espionage group targeting governments

Dec 18, 2025 11:19 AM

Tags: china, espionage, government, group, malware, threat, windows

ESET Research has identified a previously undocumented China-aligned advanced persistent threat group that uses Windows Group Policy to deploy malware and move through victim … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/18/eset-china-aligned-apt-group-policy/
Group Policy abuse reveals China-aligned espionage group targeting governments

Dec 18, 2025 11:19 AM

Tags: china, espionage, government, group, malware, threat, windows

ESET Research has identified a previously undocumented China-aligned advanced persistent threat group that uses Windows Group Policy to deploy malware and move through victim … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/18/eset-china-aligned-apt-group-policy/
Group Policy abuse reveals China-aligned espionage group targeting governments

Dec 18, 2025 11:19 AM

Tags: china, espionage, government, group, malware, threat, windows

ESET Research has identified a previously undocumented China-aligned advanced persistent threat group that uses Windows Group Policy to deploy malware and move through victim … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/18/eset-china-aligned-apt-group-policy/
Chinese Ink Dragon Breaches European Government Networks, Affecting Asia and South America

Dec 18, 2025 10:19 AM

Tags: access, breach, china, cyber, espionage, government, group, infrastructure, network, threat, usa

Ink Dragon, a Chinese espionage group, has significantly expanded its operational reach from Southeast Asia and South America into European government networks, according to ongoing research by Check Point Research. The threat actor employs a methodical approach that combines strategic server compromises with sophisticated relay infrastructure to maintain persistent access and support global operations. The…
Chinese Hackers Hijack European Networks for Espionage

Dec 17, 2025 9:19 PM

Tags: china, espionage, government, group, hacker, hacking, network

Ink Dragon Compromised IIS Networks to Relay ShadowPad Malware. A Chinese hacking group is using compromised European government networks as relay nodes to route commands and support other hacking operations. Security firm Check Point attributed the campaign to a Chinese espionage group it tracks as Ink Dragon. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/chinese-hackers-hijack-european-networks-for-espionage-a-30319
Chinese Ink Dragon Group Hides in European Government Networks

Dec 17, 2025 11:19 AM

Tags: china, espionage, government, group, network

China’s Ink Dragon is using European government networks to hide its espionage activity First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chinese-ink-dragon-hides-european/
State-Level Cyber Espionage Suspected in KT Telecom Breach

Dec 17, 2025 9:19 AM

Tags: breach, cyber, espionage, fraud, korea, technology

A recent report by British technology research firm Rethink Technology Research has raised serious concerns over a cyberattack on KT, South Korea’s leading telecom operator, suggesting the incident may involve state-level cyber espionage rather than a simple fraud case. The report, titled “KT Cyberattack: More Serious Than You Think,” was published on December 10 and analyzes the implications of the…
State-Level Cyber Espionage Suspected in KT Telecom Breach

Dec 17, 2025 9:19 AM

Tags: breach, cyber, espionage, fraud, korea, technology

A recent report by British technology research firm Rethink Technology Research has raised serious concerns over a cyberattack on KT, South Korea’s leading telecom operator, suggesting the incident may involve state-level cyber espionage rather than a simple fraud case. The report, titled “KT Cyberattack: More Serious Than You Think,” was published on December 10 and analyzes the implications of the…