Lucene search
K

18 matches found

The Hacker News
The Hacker News
added 2026/03/25 11:58 a.m.6 views

The Kill Chain Is Obsolete When Your AI Agent Is the Threat

In September 2025, Anthropic disclosed that a state-sponsored threat actor used an AI coding agent to execute an autonomous cyber espionage campaign against 30 global targets. The AI handled 80-90% of tactical operations on its own, performing reconnaissance, writing exploit code, and attempting...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/03 9:12 a.m.11 views

APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks

The Russia-linked state-sponsored threat actor known as APT28 aka UAC-0001 has been attributed to attacks exploiting a newly disclosed security flaw in Microsoft Office as part of a campaign codenamed Operation Neusploit. Zscaler ThreatLabz said it observed the hacking group weaponizing the...

7.8CVSS8.3AI score0.72152EPSS
Exploits12
Talos Blog
Talos Blog
added 2024/09/06 12:59 p.m.13 views

The 2024 Threat Landscape State of Play

As we head into the final furlong of 2024, we caught up with Talos' Head of Outreach Nick Biasini to ask him what sort of year it's been so far in the threat landscape. In this video, Nick outlines his two major areas of concern. He also focusses on one state-sponsored actor that has been...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2024/05/06 1:47 p.m.36 views

China-Linked Hackers Suspected in ArcaneDoor Cyberattacks Targeting Network Devices

The recently uncovered cyber espionage campaign targeting perimeter network devices from several vendors, including Cisco, may have been the work of China-linked actors, according to new findings from attack surface management firm Censys. Dubbed ArcaneDoor, the activity is said to have commenced...

8.6CVSS7.2AI score0.70686EPSS
Exploits2
The Hacker News
The Hacker News
added 2024/04/25 5:50 a.m.62 views

State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage

A new malware campaign leveraged two zero-day flaws in Cisco networking gear to deliver custom malware and facilitate covert data collection on target environments. Cisco Talos, which dubbed the activity ArcaneDoor, attributed it as the handiwork of a previously undocumented sophisticated...

8.6CVSS8.2AI score0.70686EPSS
Exploits2
Talos Blog
Talos Blog
added 2024/04/24 3:54 p.m.76 views

ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices

Updated 2024-04-25 16:57 GMT with minor wording corrections regarding the targeting of other vendors. ArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from multiple vendors. Coveted by these actors, perimeter network devices are the...

10CVSS8.3AI score0.87397EPSS
Exploits9
Malwarebytes
Malwarebytes
added 2024/01/29 3:58 p.m.22 views

Hewlett Packard Enterprise also searched by Cozy Bear

Hewlett Packard Enterprise HPE has disclosed that the state-sponsored actor known as Cozy Bear aka Midnight Blizzard, gained unauthorized access to HPE’s cloud-based email environment. This news comes only days after Microsoft broke very similar news that it got hacked by this same state sponsore...

7AI score
Exploits0
MSRC
MSRC
added 2024/01/19 8:0 a.m.20 views

Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard

The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access. Microsoft has identified the threat...

7.3AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2023/12/07 12:1 p.m.25 views

Star Blizzard increases sophistication and evasion in ongoing attacks

Microsoft Threat Intelligence continues to track and disrupt malicious activity attributed to a Russian state-sponsored actor we track as Star Blizzard formerly SEABORGIUM, also known as COLDRIVER and Callisto Group. Star Blizzard has improved their detection evasion capabilities since 2022 while...

7.2AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2023/12/07 12:1 p.m.41 views

Star Blizzard increases sophistication and evasion in ongoing attacks

Microsoft Threat Intelligence continues to track and disrupt malicious activity attributed to a Russian state-sponsored actor we track as Star Blizzard formerly SEABORGIUM, also known as COLDRIVER and Callisto Group. Star Blizzard has improved their detection evasion capabilities since 2022 while...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/06/21 11:29 a.m.23 views

Chinese Hacker Group 'Flea' Targets American Ministries with Graphican Backdoor

Foreign affairs ministries in the Americas have been targeted by a Chinese state-sponsored actor named Flea as part of a recent campaign that spanned from late 2022 to early 2023. The cyber attacks, per Broadcom's Symantec, involved a new backdoor codenamed Graphican. Some of the other targets...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/06/13 4:21 a.m.92 views

Critical FortiOS and FortiProxy Vulnerability Likely Exploited - Patch Now!

Fortinet on Monday disclosed that a newly patched critical flaw impacting FortiOS and FortiProxy may have been "exploited in a limited number of cases" in attacks targeting government, manufacturing, and critical infrastructure sectors. The vulnerability, dubbed XORtigate and tracked as...

9.8CVSS9.9AI score0.99474EPSS
Exploits19
The Hacker News
The Hacker News
added 2023/05/25 8:28 a.m.41 views

China's Stealthy Hackers Infiltrate U.S. and Guam Critical Infrastructure Undetected

A stealthy China-based group managed to establish a persistent foothold into critical infrastructure organizations in the U.S. and Guam without being detected, Microsoft and the "Five Eyes" nations said on Wednesday. The tech giant's threat intelligence team is tracking the activity, which includ...

6.7AI score
Exploits0
hivepro
hivepro
added 2022/11/17 12:28 p.m.68 views

Iranian hackers leveraged Log4Shell to penetrate US federal agency

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Iranian APT activity was detected on the networks of federal agencies. The intruders utilized an exploit targeting Log4Shell CVE-2021-44228 to install XMRig crypto mining software on an unpatched VMware...

9.3CVSS2.7AI score0.99999EPSS
Exploits351
The Hacker News
The Hacker News
added 2022/11/15 11:3 a.m.54 views

Researchers Say China State-backed Hackers Breached a Digital Certificate Authority

A suspected Chinese state-sponsored actor breached a digital certificate authority as well as government and defense agencies located in different countries in Asia as part of an ongoing campaign since at least March 2022. Symantec, by Broadcom Software, linked the attacks to an adversarial group...

1.4AI score
Exploits0
The Hacker News
The Hacker News
added 2022/03/18 4:52 a.m.53 views

New Variant of Russian Cyclops Blink Botnet Targeting ASUS Routers

ASUS routers have emerged as the target of a nascent botnet called Cyclops Blink, almost a month after it was revealed the malware abused WatchGuard firewall appliances as a stepping stone to gain remote access to breached networks. According to a new report published by Trend Micro, the botnet's...

1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/09/22 7:16 p.m.93 views

MSHTML attack targets Russian state rocket centre and interior ministry

Malwarebytes has reason to believe that the MSHTML vulnerability listed under CVE-2021-40444 is being used to target Russian entities. The Malwarebytes Intelligence team has intercepted email attachments that are specifically targeting Russian organizations. The first template we found is designe...

6.8CVSS0.96843EPSS
Exploits38
ThreatPost
ThreatPost
added 2021/01/06 3:5 p.m.29 views

Feds Pinpoint Russia as ‘Likely’ Culprit Behind SolarWinds Attack

The U.S. government has identified Russia as the “likely” culprit behind the widespread SolarWinds cyberattack that has so far affected multiple federal agencies and private-sector companies. Cyberespionage is cited as the motivation behind the attack, which the feds characterized as ongoing. In ...

7.3AI score
Exploits0References20
Rows per page
Query Builder