China-Linked Ink Dragon Hacks Governments Using ShadowPad and FINALDRAFT Malware

The threat actor known as Jewelbug has been increasingly focusing on government targets in Europe since July 2025, even as it continues to attack entities located in Southeast Asia and South America. Check Point Research is tracking the cluster under the name Ink Dragon. It's also referenced by t...

Hamas Linked Hackers Using AshTag Malware Against Diplomatic Offices

New report by Unit 42 reveals the Hamas-linked Ashen Lepus WIRTE group is using the AshTag malware suite to target Middle Eastern diplomatic and government entities with advanced, hidden tactics...

WIRTE Leverages AshenLoader Sideloading to Install the AshTag Espionage Backdoor

An advanced persistent threat APT known as WIRTE has been attributed to attacks targeting government and diplomatic entities across the Middle East with a previously undocumented malware suite dubbed AshTag since 2020. Palo Alto Networks Unit 42 is tracking the activity cluster under the name Ash...

Chinese State Hackers Use New BRICKSTORM Malware Against VMware Systems

CISA, NSA, and Canadian Cyber Centre warn that PRC state-sponsored hackers are using BRICKSTORM, a stealthy Go-based backdoor, for long-term espionage in Government and IT networks...

Leaks show Intellexa burning zero-days to keep Predator spyware running

Intellexa is a well-known commercial spyware vendor, servicing governments and large corporations. Its main product is the Predator spyware. An investigation by several independent parties describes Intellexa as one of the most notorious mercenary spyware vendors, still operating its Predator...

CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored threat actors from the People's Republic of China PRC to maintain long-term persistence on compromised systems. "BRICKSTORM is a...

PRC State-Sponsored Actors Use BRICKSTORM Malware Across Public Sector and Information Technology Systems

The Cybersecurity and Infrastructure Security Agency CISA is aware of ongoing intrusions by People’s Republic of China PRC state-sponsored cyber actors using BRICKSTORM malware for long-term persistence on victim systems. BRICKSTORM is a sophisticated backdoor for VMware vSphere1,2 and Windows...

GoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ Infections

Cybercriminals associated with a financially motivated group known as GoldFactory have been observed staging a fresh round of attacks targeting mobile users in Indonesia, Thailand, and Vietnam by impersonating government services. The activity, observed since October 2024, involves distributing...

CVE-2024-36922

creationtimestamp| type| source ---|---|--- 2025-12-03 14:14:49+00:00| seen| https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8 2026-03-19 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/...

CVE-2025-13658

creationtimestamp| type| source ---|---|--- 2025-12-02 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-336-01 2025-12-03 00:03:08+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3m725ryqnwb2b 2025-12-03 00:03:08+00:00| seen|...

IDI Eikon Governalia 跨站脚本漏洞

IDI Eikon Governalia is an e-government and smart city software platform from the Spanish company IDI Eikon. A cross-site scripting vulnerability exists in IDI Eikon Governalia, which stems from reflective cross-site scripting and could lead to the execution of malicious JavaScript code...

Tomiris Shifts to Public-Service Implants for Stealthier C2 in Attacks on Government Targets

The threat actor known as Tomiris has been attributed to attacks targeting foreign ministries, intergovernmental organizations, and government entities in Russia with an aim to establish remote access and deploy additional tools. "These attacks highlight a notable shift in Tomiris's tactics, name...

Bloody Wolf Expands Java-based NetSupport RAT Attacks in Kyrgyzstan and Uzbekistan

The threat actor known as Bloody Wolf has been attributed to a cyber attack campaign that has targeted Kyrgyzstan since at least June 2025 with the goal of delivering NetSupport RAT. As of October 2025, the activity has expanded to also single out Uzbekistan, Group-IB researchers Amirbek Kurbanov...

fbi-exploit-kit-v2

fbi-exploit-kit-v2 Adv...

ICE Offers Up to $280 Million to Immigrant-Tracking ‘Bounty Hunter’ Firms

Immigration and Customs Enforcement lifted a $180 million cap on a proposed immigrant-tracking program while guaranteeing multimillion-dollar payouts for private surveillance firms...

CVE-2025-64128

creationtimestamp| type| source ---|---|--- 2025-11-25 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-329-03 2025-11-27 03:03:03+00:00| seen| https://infosec.exchange/users/offseq/statuses/115619435786411855 2025-11-27 03:03:06+00:00| seen|...

Zero-Day Zero: The AI Attack That Just Ended the Era of the Forgiving Internet

Why the Exploit Window Has Collapsed and How CISOs Must Pivot to Survive For decades, cybersecurity was a game of time. We banked on the buffer between a vulnerability’s disclosure and its widespread exploitation. We relied on the forgiving internet, where human attackers needed days or weeks to...

​​Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications​

CISA is aware of multiple cyber threat actors actively leveraging commercial spyware to target users of mobile messaging applications apps.1 These cyber actors use sophisticated targeting and social engineering techniques to deliver spyware and gain unauthorized access to a victim’s messaging app...

AI as Cyberattacker

From Anthropic: In mid-September 2025, we detected suspicious activity that later investigation determined to be a highly sophisticated espionage campaign. The attackers used AI’s “agentic” capabilities to an unprecedented degree­--using AI not just as an advisor, but to execute the cyberattacks...

Why IT Admins Choose Samsung for Mobile Security

Ever wonder how some IT teams keep corporate data safe without slowing down employees? Of course you have. Mobile devices are essential for modern work—but with mobility comes risk. IT admins, like you, juggle protecting sensitive data while keeping teams productive. That's why more enterprises a...