DCBI-Netlog-LAB v1.0 - Command Injection

An issue in the component /networkconfig/nsgmasq.cgi of DCN Digital China Networks DCBI-Netlog-LAB v1.0 allows attackers to bypass authentication and execute arbitrary commands via a crafted request. id: CVE-2023-26802 info: name: DCBI-Netlog-LAB v1.0 - Command Injection author: pussycat0x...

Dozens of malicious wallpapers found on Steam Workshop: gamers’ accounts at risk

Since late 2025, malware has been spreading rapidly through the Steam Workshop, the gaming platform's built-in service for players to create and share custom content. The attackers are primarily targeting gamers in China and Russia, aiming to hijack their accounts. To pull this off, they are...

Chinese Hackers Abused Google Workspace Rules to Steal Research and Defense Emails

A China-linked espionage group hid inside North American medical, academic, and military research networks for more than a year, quietly stealing sensitive research and defense email. The way in was a backdoor on their REDCap research servers that stole login credentials. The exfiltration was the...

China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade

Instead of hiding on the laptops and servers defenders watch most closely, a China-nexus group spent close to a decade hidden inside the Linux login system itself. Sygnia, which tracks the group as Velvet Ant , says it backdoored the PAM and OpenSSH components that decide who is allowed to sign i...

CVE-2026-7516

A vulnerability was identified in the Lenovo Android Application, distributed exclusively on tablets in the Chinese market, that could allow a website visited by the built-in browser to overwrite system clipboard contents...

China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance

Cybersecurity researchers have warned of a "resurgence and expansion" of JDY , a covert network associated with China-nexus state-sponsored threat actors. "The JDY botnet comprises over 1,500 SOHO small office and home office and IoT devices and operates as a centrally controlled, high-performanc...

CVE-2026-7516

A vulnerability was identified in the Lenovo Android Application, distributed exclusively on tablets in the Chinese market, that could allow a website visited by the built-in browser to overwrite system clipboard contents...

EUVD-2026-36046

A vulnerability was identified in the Lenovo Android Application, distributed exclusively on tablets in the Chinese market, that could allow a website visited by the built-in browser to overwrite system clipboard contents...

CVE-2026-7516

The CVE-2026-7516 entry concerns the Lenovo Android Application distributed on Chinese-market tablets. The vulnerability allows a website viewed in the app’s built-in browser to overwrite the device clipboard contents. The issue is tied to the built-in browser component and clipboard handling, wi...

New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework

Cybersecurity researchers have discovered a previously unreported threat cluster dubbed OP-512 where "OP" stands for "opponent" that has been observed targeting Microsoft Internet Information Services IIS servers to deploy a bespoke web shell framework. ReliaQuest has assessed with moderate to hi...

China-Linked TA4922 Expands Phishing Attacks to U.K., Germany, Italy, and South Africa

A new China-linked cybercrime group known as TA4922 has expanded its targeting focus to target European organizations in the U.K., Germany, Italy, and South Africa. These efforts have been complemented by a "rapid operational tempo" and a continually evolving malware arsenal comprising known...

China-Linked TA4922 Hackers Target UK, Europe With New SilentRunLoader Malware

Proofpoint says TA4922, a suspected China aligned cybercrime group, is targeting UK and European organisations with tax, payroll and benefits themed malware campaigns...

Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor

Cybersecurity researchers have disclosed details of a new Linux malware dubbed Showboat that has been put to use in a campaign targeting a telecommunications provider in the Middle East since at least mid-2022. "Showboat is a modular post-exploitation framework designed for Linux systems, capable...

Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks

Microsoft on Tuesday said it disrupted a malware-signing-as-a-service MSaaS operation that weaponized the company's Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromising thousands of machines and networks across the world. The tech giant attribut...

China-Linked Twill Typhoon Uses Fake Apple and Yahoo Sites for Espionage

A new Darktrace report reveals how Chinese hackers use fake Apple and Yahoo sites and the FDMTP malware framework to spy on organisations...

cnnvd-cve-report-generator

No d...

UNISOC Chipsets 安全漏洞

UNISOC Chipsets are chipset solutions developed by UNISOC, a company based in China. There are security vulnerabilities present in UNISOC Chipsets, and these vulnerabilities stem from improper input validation, which may lead to remote denial-of-service attacks...

China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions

A sophisticated China-nexus advanced persistent threat APT group has been attributed to attacks targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025. The activity is being tracked by Cisco Talos under the moniker UAT-8302 ,...

UAT-8302 and its box full of malware

Cisco Talos is disclosing UAT-8302, a sophisticated, China-nexus advanced persistent threat APT group targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025. After successful compromises, UAT-8302 deploys multiple custom-made...

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

The North Korea-aligned state-sponsored hacking group known as ScarCruft has compromised a video game platform in a supply chain espionage attack, trojanizing its components with a backdoor called BirdCall to likely target ethnic Koreans residing in China. While prior versions of the backdoor hav...