Lucene search
K

8 matches found

The Hacker News
The Hacker News
added 2026/04/03 5:34 p.m.9 views

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025, following a two-year period of minimal targeting in the region. The campaign has been attributed to TA416 , a cluster of activity that overlaps with DarkPeony, RedDelta, Red Lich,...

10CVSS7.2AI score0.99359EPSS
Exploits18
The Hacker News
The Hacker News
added 2026/02/06 2:56 p.m.7 views

China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery

Cybersecurity researchers have taken the wraps off a gateway-monitoring and adversary-in-the-middle AitM framework dubbed DKnife that's operated by China-nexus threat actors since at least 2019. The framework comprises seven Linux-based implants that are designed to perform deep packet inspection...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/02 8:55 a.m.16 views

Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users

The maintainer of Notepad++ has revealed that state-sponsored attackers hijacked the utility's update mechanism to redirect update traffic to malicious servers instead. "The attack involved an infrastructure-level compromise that allowed malicious actors to intercept and redirect update traffic...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/11/07 4:7 p.m.27 views

From Log4j to IIS, China's Hackers Turn Legacy Bugs into Global Espionage Tools

A China-linked threat actor has been attributed to a cyber attack targeting an U.S. non-profit organization with an aim to establish long-term persistence, as part of broader activity aimed at U.S. entities that are linked to or involved in policy issues. The organization, according to a report...

10CVSS9AI score0.99999EPSS
Exploits498
Microsoft Secure
Microsoft Secure
added 2025/07/22 1:0 p.m.47 views

Disrupting active exploitation of on-premises SharePoint vulnerabilities

July 23, 2025 update – Expanded analysis and threat intelligence from our continued monitoring of exploitation activity by Storm-2603 leading to the deployment of Warlock ransomware. Based on new information, we have updated the Attribution, Indicators of compromise, extended and clarified...

9.8CVSS10AI score0.99979EPSS
Exploits41
The Hacker News
The Hacker News
added 2025/04/21 3:13 p.m.21 views

SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks

A new Android malware-as-a-service MaaS platform named SuperCard X can facilitate near-field communication NFC relay attacks, enabling cybercriminals to conduct fraudulent cashouts. The active campaign is targeting customers of banking institutions and card issuers in Italy with an aim to...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2023/03/09 2:54 p.m.2 views

Hackers Exploiting Remote Desktop Software Flaws to Deploy PlugX Malware

Security vulnerabilities in remote desktop programs such as Sunlogin and AweSun are being exploited by threat actors to deploy the PlugX malware. AhnLab Security Emergency Response Center ASEC, in a new analysis, said it marks the continued abuse of the flaws to deliver a variety of payloads on...

7.4AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/03/03 1:33 a.m.37 views

Highlights from the New U.S. Cybersecurity Strategy

The Biden administration today issued its vision for beefing up the nations collective cybersecurity posture, including calls for legislation establishing liability for software products and services that are sold with little regard for security. The White Houses new national cybersecurity strate...

Exploits0
Rows per page
Query Builder