Tag: group
-
Iran internet blackout reaches 6th day as rights groups call for end to digital shutdown
The internet shutdown in Iran entered its sixth day on Friday, with human rights groups calling on the country’s leaders to restore digital access. First seen on therecord.media Jump to article: therecord.media/iran-internet-outage-israel-war
-
APT36 unleashes AI-generated ‘vibeware’ to flood targets
The Pakistani threat group has been using AI to rewrite malicious code across multiple programming languages, prioritising scale over sophistication to evade detection, security researchers have found First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366639830/APT36-unleashes-AI-generated-vibeware-to-flood-targets
-
Cognizant’s TriZetto Provider Solutions data breach impacted over 3.4 million patients
A breach at Cognizant’s TriZetto Provider Solutions exposed sensitive health data belonging to more than 3.4 million patients. A data breach at Cognizant’s TriZetto Provider Solutions exposed sensitive information belonging to more than 3.4 million patients. At this time, no ransomware group has claimed responsibility for the attack yet. TriZetto Provider Solutions is a healthcare…
-
Iran-Linked Hackers Target U.S. Critical Infrastructure Amid Rising Cyber Threats
Iran-linked threat actors are escalating cyber operations against U.S. and allied networks, with Seedworm recently deploying new backdoors against critical infrastructure and high-value organizations amid the current regional conflict. Activity associated with the Iranian APT group Seedworm (aka MuddyWater, Temp Zagros, Static Kitten) has been observed on the networks of multiple U.S. organizations since early…
-
Cyber Espionage Group CL-UNK-1068 Linked to China Targets Asian Infrastructure
Tags: china, cyber, espionage, government, group, infrastructure, law, malware, open-source, technology, threatA highly sophisticated cyber espionage group, designated as CL-UNK-1068, has been actively targeting critical infrastructure across South, Southeast, and East Asia since at least 2020. Originating from China, the threat actors focus on high-value sectors, including aviation, energy, government, law enforcement, technology, and telecommunications. The attackers use a versatile mix of custom malware, open-source utilities,…
-
Cybercrime Group in Vietnam Enables Massive Fraudulent Signups
A wave of fraudulent account registrations to a cybercrime ecosystem operating out of Vietnam. These fake accounts are not just spam; they underpin large-scale financial fraud, phishing, and interpersonal scams that erode trust in online platforms. Attackers scripted mass “puppet” signups on victim services, triggered SMS messages to premium-rate numbers, and then monetized the telecom…
-
Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure
High-value organizations located in South, Southeast, and East Asia have been targeted by a Chinese threat actor as part of a years-long campaign.The activity, which has targeted aviation, energy, government, law enforcement, pharmaceutical, technology, and telecommunications sectors, has been attributed by Palo Alto Networks Unit 42 to a previously undocumented threat activity group dubbed First…
-
Transparent Tribe’s ‘Vibeware’ Move Points to AI-Made Malware at Scale
Transparent Tribe (APT36) is moving from traditional, off”‘the”‘shelf tools to an AI-assisted malware model researchers now call “vibeware,” signaling how large language models are starting to industrialize mediocre but relentless attacks at scale.”‹ In its latest campaigns against Indian government bodies, embassies and regional targets, the group has shifted to an AI-driven development pipeline that…
-
AI Is Moving Faster Than Security Controls
Tags: access, ai, api, automation, computing, control, cybersecurity, data, governance, group, intelligence, monitoring, risk, service, software, technology, tool, updateAI is entering organisations faster than the security controls designed to govern it. Artificial intelligence is rapidly becoming embedded across organisations. AI assistants are now writing code, summarising documents, analysing data, and supporting operational decisions. What began as experimentation is quickly becoming operational dependency. For security teams, the challenge is not simply adopting AI. The…
-
China-Linked Hackers Use Malware Trio for Telecom Espionage
Tags: access, china, cisco, communications, cyberespionage, espionage, group, hacker, infrastructure, malware, tool, usaResearchers Tie UAT-9244 Intrusion to Famous Sparrow and Tropic Trooper. A China-linked cyberespionage group has been targeting telecommunications providers in South America since 2024 using a set of newly discovered malware tools designed to maintain persistent access to critical communications infrastructure, Cisco Talos researchers found. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/china-linked-hackers-use-malware-trio-for-telecom-espionage-a-30940
-
FBI is Investigating the ‘Sophisticated’ Hack of Its Surveillance System
The FBI, CISA, and NSA reportedly are investigating the hack by an unnamed “sophisticated” actor of a FBI surveillance system that holds sensitive information. The breach carries the hallmarks of Chinese nation-state groups and comes amid concerns about attacks in the wake of the war against Iran and the shrinking of the federal cybersecurity apparatus.…
-
Iran-linked MuddyWater deploys Dindoor malware against U.S. organizations
Iran-linked APT MuddyWater targeted U.S. organizations, deploying the new Dindoor backdoor across sectors including banks, airports, and nonprofits. Broadcom’s Symantec Threat Hunter Team uncovered a campaign by the Iran-linked MuddyWater (aka SeedWorm, TEMP.Zagros, Mango Sandstorm, TA450, and Static Kitten) APT group targeting several U.S. organizations. >>Activity associated with Iranian APT group Seedworm has been spotted on the networks of multiple…
-
Microsoft warns North Korean threat groups are scaling up fake worker schemes with generative AI
Attackers have turned AI into a “force multiplier” for the country’s expansive scheme to get and keep operatives hired at global companies, researchers said. First seen on cyberscoop.com Jump to article: cyberscoop.com/microsoft-north-korea-ai-operations/
-
Nearly half of exploited zero-day flaws target enterprise-grade technology
A report by Google Threat Intelligence Group warns that AI will be used to speed and scale attacks in 2026. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/half-exploited-zero-day-flaws-enterprise-grade-technology/814021/
-
Transparent Tribe Uses AI to Mass-Produce Malware Implants in Campaign Targeting India
The Pakistan-aligned threat actor known as Transparent Tribe has become the latest hacking group to embrace artificial intelligence (AI)-powered coding tools to strike targets with various implants.The activity is designed to produce a “high-volume, mediocre mass of implants” that are developed using lesser-known programming languages like Nim, Zig, and Crystal and rely on trusted services…
-
Iran-linked APT targets US critical sectors with new backdoors
An Iran-linked hacking group has been active inside the networks of several US organizations since early February, raising concerns that the activity could precede broader … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/06/seedworm-muddywater-backdoors-victims/
-
Iran-nexus APT Dust Specter targets Iraq officials with new malware
A campaign by Iran-linked group Dust Specter is targeting Iraqi officials with phishing emails delivering new malware families. Zscaler ThreatLabz researchers linked the Iran-nexus group Dust Specter to a campaign targeting Iraqi government officials. Threat actors impersonated the country’s Ministry of Foreign Affairs in phishing messages that delivered previously unseen malware, including SPLITDROP, TWINTASK, TWINTALK,…
-
Iran-Linked MuddyWater Hackers Target U.S. Networks With New Dindoor Backdoor
New research from Broadcom’s Symantec and Carbon Black Threat Hunter Team has discovered evidence of an Iranian hacking group embedding itself in several U.S. companies’ networks, including banks, airports, non-profit, and the Israeli arm of a software company.The activity has been attributed to a state-sponsored hacking group called MuddyWater (aka Seedworm). It’s affiliated with the…
-
Teenage hacker myth primed for a middle-age criminal makeover
Tags: access, breach, business, corporate, crypto, cyber, cybercrime, cybersecurity, data, detection, extortion, finance, group, hacker, hacking, infrastructure, jobs, malware, network, penetration-testing, programming, ransomware, service, skills, software, technology, threat, vulnerabilityCybercrime cartels: Dray Agha, senior security operations manager at managed detection and response services firm Huntress, said the analysis illustrates that the “Hollywood image of a teenage lone wolf hacking for bragging rights” is vastly outdated since the threat landscape is dominated by “highly organised, profit-driven syndicates.””While young people may still engage in digital vandalism…
-
Google GTIG: 90 zero-day flaws exploited in 2025 as enterprise targets grow
Google’s GTIG reports 90 zero-day vulnerabilities exploited in the wild in 2025, up from 78 in 2024, with a growing share targeting enterprise systems. Google’s Threat Intelligence Group (GTIG) identified 90 zero-day vulnerabilities exploited in the wild in 2025. While slightly below the 100 observed in 2023, the number increased from 78 in 2024, with…
-
Challenges and projects for the CISO in 2026
Tags: access, ai, authentication, automation, awareness, cisco, ciso, cloud, communications, control, credentials, cybersecurity, data, defense, detection, edr, email, encryption, endpoint, finance, framework, group, identity, intelligence, leak, mobile, network, service, soc, sophos, strategy, technology, trainingHazel DÃez (Banco Santander), Roberto Lara (Vodafone), Marijus Briedis (NordVPN), Ãlvaro Fernández (Sophos), and Ãngel Ortiz (Cisco). Banco Santander, Vodafone, NordVPN, Sophos y Cisco. Montaje: Foundry Against this backdrop, Cisco defines AI as “the fundamental technology that will set the cybersecurity agenda in 2026,” in the words of Ortiz, who refers to the company’s Integrated…
-
Zero-day exploits hit enterprises faster and harder
Tags: access, apple, attack, backdoor, business, china, cisco, cve, data, detection, endpoint, espionage, exploit, firewall, flaw, fortinet, google, group, hacker, infrastructure, ivanti, least-privilege, mobile, network, oracle, radius, ransomware, risk, router, russia, service, software, technology, threat, update, vpn, vulnerability, zero-dayEnterprise environments under siege: Chinese threat actors continued to display a preference for targets that are difficult to monitor and allow persistent access to strategic networks. Notable examples include the groups that GTIG tracks as UNC5221, which exploited a flaw in Ivanti Connect Secure (CVE-2025-0282) and UNC3886, which exploited a vulnerability in Juniper routers (CVE-2025-21590).Another…
-
China-Nexus Hackers Target Telecommunication Providers with New Malware Attack
A highly sophisticated China-linked threat actor, identified as UAT-9244, has been actively targeting critical telecommunications infrastructure across South America since 2024. Security researchers assess with high confidence that UAT-9244 exhibits close operational overlap with known espionage groups such as FamousSparrow and Tropic Trooper. To maintain a strong foothold in victim networks, the hackers deploy a…
-
Google Uncovers 90 Zero-Day Vulnerabilities Under Active Exploitation in 2025
Tags: cyber, cybersecurity, exploit, google, group, intelligence, mobile, software, threat, vulnerability, zero-dayGoogle Threat Intelligence Group (GTIG) reported 90 zero-day vulnerabilities actively exploited in the wild during 2025. While this total is slightly below the 2023 peak, it highlights a critical shift in the cybersecurity landscape, as attackers are increasingly abandoning generic browser exploits to target edge devices, enterprise software, and mobile operating systems.”‹ Shifting Targets and…
-
Google says spyware makers and China-linked groups dominated zero-day attacks last year
Of the 90 zero-days GTIG tracked in 2025, 43 hit enterprise tech First seen on theregister.com Jump to article: www.theregister.com/2026/03/05/zero_day_attacks_enterprise_tech_record/
-
Google says spyware makers and China-linked groups dominated zero-day attacks last year
Of the 90 zero-days GTIG tracked in 2025, 43 hit enterprise tech First seen on theregister.com Jump to article: www.theregister.com/2026/03/05/zero_day_attacks_enterprise_tech_record/
-
Nation-State Actor Embraces AI Malware Assembly Line
Pakistan’s APT36 threat group has begun using vibe-coding to churn out mediocre malware, but at a scale that could overwhelm defenses. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/nation-state-actor-ai-malware-assembly-line
-
Pakistan-Linked APT36 Floods Indian Govt Networks With AI-Made ‘Vibeware’
Bitdefender research reveals Pakistani group APT36 is using AI-generated vibeware and trusted cloud services like Google Sheets to target Indian officials. First seen on hackread.com Jump to article: hackread.com/pakistan-apt36-indian-govt-networks-ai-vibeware/
-
Google says 90 zero-days exploited in 2025 as commercial vendor activity grows
Google Threat Intelligence Group said it tracked 90 zero-day vulnerabilities that were exploited by a variety of actors last year, surpassing the 78 that were used by threat actors in 2024. First seen on therecord.media Jump to article: therecord.media/google-says-90-zero-days-exploited-apt-spyware-vendors