Nation-State
MITRE R&D network hacked in early January by a state-sponsored threat group that exploited an Ivanti zero-day vulnerability.
Hi, what are you looking for?
SecurityWeek
Nation-State
The FishMonger APT group, a subdivision of Chinese cybersecurity firm I-Soon, compromised seven organizations in a 2022 campaign.
Nation-State
China-nexus cyberespionage group caught planting custom backdoors on end-of-life Juniper Networks Junos OS routers.
Nation-State
South American cyberespionage group Blind Eagle has infected over 1,600 organizations in Colombia in a recent campaign.
Malware & Threats
The $1.4 billion ByBit cryptocurrency heist combined social engineering, stolen AWS session tokens, MFA bypasses and a rigged JavaScript file.
Malware & Threats
Silk Typhoon APT caught using IT supply chain entry points to conduct reconnaissance, siphon data, and move laterally on victim networks.
Nation-State
An Iranian threat actor was seen targeting UAE organizations with polyglot files to deliver a new backdoor named Sosano.
Nation-State
Mandiant summarizes some of the latest operations of Russia’s notorious Sandworm group, which it now tracks as APT44.
Malware & Threats
Palo Alto Networks has started releasing hotfixes for the firewall zero-day CVE-2024-3400, which some have linked to North Korea’s Lazarus.
Data Breaches
The US government says Midnight Blizzard’s compromise of Microsoft corporate email accounts "presents a grave and unacceptable risk to federal agencies."
Government
Ivanti releases a carefully scripted YouTube video and an open letter from chief executive Jeff Abbott vowing to fix the entire security organization.
Cloud Security
News analysis: SecurityWeek editor-at-large Ryan Naraine reads the CSRB report on China's audacious Microsoft’s Exchange Online hack and isn't at all surprised by the findings.
Cyberwarfare
Threat intelligence firm EclecticIQ documents the delivery of malware phishing lures to government and private energy organizations in India.
Nation-State
Two Chinese cyberespionage groups have been targeting entities and member countries affiliated with ASEAN.
Malware & Threats
Despite a surge in zero-day attacks, data shows that security investments into OS and software exploit mitigations are forcing attackers to find new attack...
Government
Australia and New Zealand support the UK in condemning Chinese hackers for targeting UK institutions and parliamentarians.
Cyberwarfare
The US Treasury Department sanctions a pair of Chinese hackers linked to “malicious cyber operations targeting US critical infrastructure sectors.”
Cyberwarfare
Russia’s APT29 hacking group is expanding targets to political parties in Germany using a new backdoor variant tracked as Wineloader.
Supply Chain Security
More details have come to light on the recent supply chain attack targeting GitHub Actions, including its root cause.
Mobile & Wireless
Cloud Security
Artificial Intelligence
Artificial Intelligence
Vulnerabilities
Noteworthy stories that might have slipped under the radar: Capital One hacker’s sentence reversed, Google patches critical Chrome vulnerability, the story of an Expat...
Supply Chain Security
Artificial Intelligence