Threat Intelligence M-Trends 2025: State-Sponsored IT Workers Emerge as Global Threat Mandiant’s latest threat report shows how attackers adapt faster than defenses, shifting strategies toward credential theft and insider threats. Kevin Townsend1 day ago
Incident Response Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle The CVE-2025-22457 has already been exploited by a China-nexus hacking gang notorious for breaking into edge network devices. Ryan NaraineApril 11, 2025
Artificial Intelligence Google Targets SOC Overload With Automated AI Alert and Malware Analysis Tools Google plans to unleash automated AI agents into overtaxed SOCs to reduce the manual workload for cybersecurity investigators. Ryan NaraineApril 9, 2025
Artificial Intelligence Google Pushing ‘Sec-Gemini’ AI Model for Threat-Intel Workflows Experimental Sec-Gemini v1 touts a combination of Google’s Gemini LLM capabilities with real-time security data and tooling from Mandiant. Ryan NaraineApril 7, 2025
Malware & Threats Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances Ivanti misdiagnoses a remote code execution vulnerability and Mandiant reports that Chinese hackers are launching in-the-wild exploits. Ryan NaraineApril 3, 2025
Nation-State Mandiant Uncovers Custom Backdoors on End-of-Life Juniper Routers China-nexus cyberespionage group caught planting custom backdoors on end-of-life Juniper Networks Junos OS routers. Ryan NaraineMarch 12, 2025
Malware & Threats How Russian Hackers Are Exploiting Signal ‘Linked Devices’ Feature for Real-Time Spying Mandiant warns that multiple Russian APTs are abusing a nifty Signal Messenger feature to surreptitiously spy on encrypted conversations. Ryan NaraineFebruary 19, 2025
Nation-State North Korea Hackers Linked to Breach of German Missile Manufacturer The targeting of Diehl Defence is significant because the company specializes in the production of missiles and ammunition. Ryan NaraineSeptember 30, 2024
Nation-State Iranian APT Operating as Initial Access Provider to Networks in the Middle East Iranian state-sponsored threat actor UNC1860 is operating as an initial access provider to high-profile networks in the Middle East. Ionut ArghireSeptember 24, 2024
Fraud & Identity Theft Mandiant Offers Clues to Spotting and Stopping North Korean Fake IT Workers Mandiant shines the spotlight on the growing infiltration of US and Western companies by North Korean fake IT workers. Ryan NaraineSeptember 23, 2024
Malware & Threats Mandiant Shines Spotlight on APT45 Behind North Korea’s Digital Military Machine A fresh Mandiant report documents North Korea's APT45 as a distinct hacking team conducting cyberespionage and ransomware operations. Ryan NaraineJuly 25, 2024
Cyberwarfare Chinese Hacking Group APT41 Infiltrates Global Shipping and Tech Sectors, Mandiant Warns Chinese government-backed hacking team caught breaking into organizations in shipping, logistics and automotive sectors in Europe and Asia. Ryan NaraineJuly 18, 2024