DarkSword Malware

DarkSword is a sophisticated piece of malware--probably government designed--that targets iOS. Google Threat Intelligence Group GTIG has identified a new iOS full-chain exploit that leveraged multiple zero-day vulnerabilities to fully compromise devices. Based on toolmarks in recovered payloads, ...

Highly Autonomous Cyber-Capable Agents: Anticipating Capabilities, Tactics, and Strategic Implications

This report introduces the concept of "Highly Autonomous Cyber-Capable Agents" HACCAs, AI systems capable of autonomously conducting multi-stage cyber campaigns at a level comparable to today's top criminal hacking groups or state-affiliated threat actors, and analyzes the security implications o...

Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations

Several state-sponsored actors, hacktivist entities, and criminal groups from China, Iran, North Korea, and Russia have trained their sights on the defense industrial base DIB sector, according to findings from Google Threat Intelligence Group GTIG. The tech giant's threat intelligence division...

Notepad++ Users, You May Have Been Hacked by China

Suspected Chinese state-backed hackers hijacked the Notepad++ update infrastructure to deliver a backdoored version of the popular free source code editor and note-taking app for Windows...

Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users

The maintainer of Notepad++ has revealed that state-sponsored attackers hijacked the utility's update mechanism to redirect update traffic to malicious servers instead. "The attack involved an infrastructure-level compromise that allowed malicious actors to intercept and redirect update traffic...

Security strategies for safeguarding governmental data

The Deputy CISO blog series is where Microsoft Deputy Chief Information Security Officers CISOs share their thoughts on what is most important in their respective domains. In this series, you will get practical advice, tactics to start and stop deploying, forward-looking commentary on where the...

PRC State-Sponsored Actors Use BRICKSTORM Malware Across Public Sector and Information Technology Systems

The Cybersecurity and Infrastructure Security Agency CISA is aware of ongoing intrusions by People’s Republic of China PRC state-sponsored cyber actors using BRICKSTORM malware for long-term persistence on victim systems. BRICKSTORM is a sophisticated backdoor for VMware vSphere1,2 and Windows...

Today’s threat landscape demands a proactive OT security strategy

Today’s threat landscape demands a proactive OT security strategy By John Fokker and Mo Cashman · November 18, 2025 Overview: The operational technology OT security landscape is undergoing rapid transformation, marked by an escalation in advanced threats. As reported in Trellix’s November...

Attackers accelerate, adapt, and automate: Rapid7’s Q3 2025 Threat Landscape Report

The Q3 2025 Threat Landscape Report, authored by the Rapid7 Labs team, paints a clear picture of an environment where attackers are moving faster, working smarter, and using artificial intelligence to stay ahead of defenders. The findings reveal a threat landscape defined by speed, coordination,...

The 5 generative AI security threats you need to know about detailed in new e-book

Generative AI is reshaping the way security teams operate—accelerating threat detection, automating workflows, and enabling scale. But as defenders embrace AI to strengthen their posture, cyberattackers are doing the same to evolve faster than traditional defenses can adapt. Microsoft’s 2025...

The CISO imperative: Building resilience in an era of accelerated cyberthreats

The latest Microsoft Digital Defense Report 2025 paints a vivid picture of a cyberthreat landscape in flux. The surge in financially motivated cyberattacks and the persistent risk of nation-state actors demand urgent attention. But for those of us in the Office of the Chief Information Security...

US Disrupts Massive Cell Phone Array in New York

This is a weird story: The US Secret Service disrupted a network of telecommunications devices that could have shut down cellular systems as leaders gather for the United Nations General Assembly in New York City. The agency said on Tuesday that last month it found more than 300 SIM servers and...

From Protest to Power Plant: Interpreting the Role of Escalatory Hacktivism in Cyber Conflict

Since 2022, hacktivist groups have escalated their tactics, expanding from distributed denial-of-service attacks and document leaks to include targeting operational technology OT. By 2024, attacks on the OT of critical national infrastructure CNI had been linked to partisan hacktivist efforts in...

CISA and Partners Release Joint Advisory on Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage Systems

CISA, along with the National Security Agency, Federal Bureau of Investigation, and international partners, released a joint Cybersecurity Advisory on People’s Republic of China PRC state-sponsored Advanced Persistent Threat APT actors targeting critical infrastructure across sectors and continen...

Exploit for Unrestricted Upload of File with Dangerous Type in Sap Netweaver

The SUPERGROUP known as Scattered Lapsus$ Hunters - A combin...

Microsoft Put Older Versions of SharePoint on Life Support. Hackers Are Taking Advantage

Multiple hacking groups—including state actors from China—have targeted a vulnerability in older, on-premises versions of the file-sharing tool after a flawed attempt to patch it...

CISA: Iranian Cyber Actors May Target Vulnerable US Networks and Entities of Interest

CISA, the Federal Bureau of Investigation FBI, the Department of Defense Cyber Crime Center DC3, and the National Security Agency NSA published Iranian Cyber Actors May Target Vulnerable US Networks and Entities of Interest. This joint fact sheet details the need for increased vigilance for...

Understanding Iranian Capabilities and Hacktivist Activities

Understanding Iranian Capabilities and Hacktivist Activities By John Fokker · June 23, 2025 As geopolitical tensions flare again in the Middle East, cyber operations are increasingly becoming an extension of physical conflict. State-aligned threat actors, patriotic hackers, and ideologically...

Hackers Use Social Engineering to Target Expert on Russian Operations

Citizen Lab and Google uncovered a new, sophisticated cyberattack linked to Russian state actors that exploits App-Specific Passwords, bypassing Multi-Factor Authentication. Discover how to protect yourself from these evolving threats...

Blurring the Lines: How Nation-States and Organized Cybercriminals Are Becoming Alike

Blurring the Lines: How Nation-States and Organized Cybercriminals Are Becoming Alike By Tomer Shloman · January 7, 2025 The distinction between nation-state actors and organized cybercriminals is becoming increasingly blurred in our rapidly evolving cyber landscape. Historically, these groups ha...