CERTFR-2026-ACT-007

creationtimestamp| type| source ---|---|--- 2026-02-16 12:45:50+00:00| seen| https://bsky.app/profile/cert-fr.bsky.social/post/3mey3eubk2s26 2026-02-16 12:45:54+00:00| seen| https://social.numerique.gouv.fr/users/certfr/statuses/116080374524280085 2026-02-16 12:59:54+00:00| seen|...

Applying Public Health Systematic Approaches to Cybersecurity: The Economics of Collective Defense

The U.S. public health system increased life expectancy by more than 30 years since 1900 through systematic data collection, evidence-based intervention, and coordinated response. This paper examines whether cybersecurity can benefit from similar organizational principles. We find that both domai...

Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs

A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL. Google Threat Intelligence Group GTIG described the hacking group as possibly affiliated with Russian intelligence services. The threat actor is assessed to have...

CVE-2025-66603

creationtimestamp| type| source ---|---|--- 2026-02-10 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-041-01...

CVE-2025-66607

creationtimestamp| type| source ---|---|--- 2026-02-10 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-041-01...

Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities

A previously undocumented cyber espionage group operating from Asia broke into the networks of at least 70 government and critical infrastructure organizations across 37 countries over the past year, according to new findings from Palo Alto Networks Unit 42. In addition, the hacking crew has been...

GHSA-M82Q-59GV-MCR9

creationtimestamp| type| source ---|---|--- 2026-02-05 15:56:30+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/n8n-security-advisory-av26-091...

GHSA-HV53-3329-VMRM

creationtimestamp| type| source ---|---|--- 2026-02-05 15:56:30+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/n8n-security-advisory-av26-091...

CVE-2025-34512

creationtimestamp| type| source ---|---|--- 2026-02-05 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-036-04...

Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign

Cybersecurity researchers have disclosed details of an active web traffic hijacking campaign that has targeted NGINX installations and management panels like Baota BT in an attempt to route it through the attacker's infrastructure. Datadog Security Labs said it observed threat actors associated...

China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns

Threat actors affiliated with China have been attributed to a fresh set of cyber espionage campaigns targeting government and law enforcement agencies across Southeast Asia throughout 2025. Check Point Research is tracking the previously undocumented activity cluster under the moniker...

APT28’s Stealthy Multi-Stage Campaign Leveraging CVE‑2026‑21509 and Cloud C2 Infrastructure

APT28’s Stealthy Multi-Stage Campaign Leveraging CVE‑2026‑21509 and Cloud C2 Infrastructure By Pham Duy Phuc and Alex Lanstein · February 4, 2026 Updated February 9, 2026: This analysis has been updated to clarify malware naming conventions. Introduction Russian state-sponsored threat group APT28...

Mustang Panda Deploys Updated COOLCLIENT Backdoor in Government Cyber Attacks

Threat actors with ties to China have been observed using an updated version of a backdoor called COOLCLIENT in cyber espionage attacks in 2025 to facilitate comprehensive data theft from infected endpoints. The activity has been attributed to Mustang Panda aka Earth Preta, Fireant, HoneyMyte,...

Experts Detect Pakistan-Linked Cyber Campaigns Aimed at Indian Government Entities

Indian government entities have been targeted in two campaigns undertaken by a threat actor that operates in Pakistan using previously undocumented tradecraft. The campaigns have been codenamed Gopher Strike and Sheet Attack by Zscaler ThreatLabz, which identified them in September 2025. "While...

CVE-2021-2166

creationtimestamp| type| source ---|---|--- 2026-01-27 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-02...

CVE-2021-21705

creationtimestamp| type| source ---|---|--- 2026-01-27 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-02...

CVE-2015-2301

creationtimestamp| type| source ---|---|--- 2026-01-27 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-02...

CVE-2019-9638

creationtimestamp| type| source ---|---|--- 2026-01-27 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-02...

China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023

Cybersecurity researchers have discovered a JScript-based command-and-control C2 framework called PeckBirdy that has been put to use by China-aligned APT actors since 2023 to target multiple environments. The flexible framework has been put to use against Chinese gambling industries and malicious...

HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns

Over the past few years, we've been observing and monitoring the espionage activities of HoneyMyte aka Mustang Panda or Bronze President within Asia and Europe, with the Southeast Asia region being the most affected. The primary targets of most of the group's campaigns were government entities. A...