Pierluigi Paganini
November 08, 2025
A China-linked group targeted a U.S. non-profit to gain long-term access, part of wider attacks on U.S. entities tied to policy matters. China-linked hackers breached a U.S. policy-focused nonprofit in April 2025, maintaining weeks of access. They used DLL sideloading via vetysafe.exe, a tactic used by other Chinese APT groups like Space Pirates, Kelp, and […]
Pierluigi Paganini
November 07, 2025
Russia-linked group InedibleOchotense used fake ESET installers in phishing attacks on Ukrainian targets in May 2025. Russia-linked group InedibleOchotense used trojanized ESET installers in phishing attacks against Ukrainian entities detected in May 2025. The campaign used emails and Signal messages to deliver trojanized ESET installers that installed both legitimate software and the Kalambur backdoor. “Another […]
Pierluigi Paganini
November 05, 2025
Cybersecurity firm SonicWall attributed the September security breach exposing firewall configuration files to state-sponsored hackers. In September, SonicWall urged customers to reset credentials after firewall backup files tied to MySonicWall accounts were exposed. The company announced it had blocked attackers’ access and was working with cybersecurity experts and law enforcement agencies to determine the scope […]
Pierluigi Paganini
November 01, 2025
A China-linked APT group UNC6384 exploits a Windows zero-day in an active cyber espionage targeting European diplomats. Arctic Wolf Labs researchers uncovered a cyber espionage campaign by China-linked APT UNC6384 targeting diplomatic entities in Hungary, Belgium, and other EU nations. UNC6384 is a China-nexus actor recently detailed by Google TAG, has expanded from targeting Southeast […]
Pierluigi Paganini
October 29, 2025
Russian actors, likely linked to Sandworm, targeted Ukrainian firms using LotL tactics and dual-use tools to steal data and stay hidden, says Symantec and Carbon Black. Russian threat actors, likely linked to the APT Sandworm, targeted Ukrainian organizations to steal sensitive data and maintain long-term network access, Symantec Threat Hunter Team and Carbon Black report. […]
Pierluigi Paganini
October 27, 2025
Kaspersky links the first Chrome zero-day of 2025 to tools used in attacks attributed to Memento Labs, formerly known as the Hacking Team. The actor behind Operation ForumTroll used the same tools seen in Dante spyware attacks. Kaspersky researchers linked the first Chrome zero-day of 2025 (CVE-2025-2783), a sandbox escape flaw, to the arsenal of […]
Pierluigi Paganini
October 24, 2025
China-based threat actors exploited ToolShell SharePoint flaw CVE-2025-53770 soon after its July patch. China-linked threat actors exploited the ToolShell SharePoint flaw vulnerability, tracked as CVE-2025-53770, to breach a telecommunications company in the Middle East after it was addressed by Microsoft in July 2025. “China-based attackers used the ToolShell vulnerability (CVE-2025-53770) to compromise a telecoms company in […]
Pierluigi Paganini
October 23, 2025
North Korean Lazarus hackers targeted 3 European defense firms via Operation DreamJob, using fake recruitment lures to hit UAV tech staff. North Korea-linked Lazarus APT group (aka Hidden Cobra) launched Operation DreamJob, compromising three European defense companies. Threat actors used fake recruiter profiles to lure employees into UAV technology roles, aiming to gain access to […]
Pierluigi Paganini
October 22, 2025
PhantomCaptcha phishing campaign hit Ukraine relief groups with a WebSocket RAT on Oct 8, 2025, targeting Red Cross, UNICEF, and others. SentinelOne researchers uncovered PhantomCaptcha, a coordinated spear-phishing campaign on October 8, 2025, targeting Ukraine war relief groups, including Red Cross, UNICEF, NRC, and local administrations. Threat actors used fake emails to deploy a WebSocket-based […]
Pierluigi Paganini
October 22, 2025
Russia-linked COLDRIVER rapidly evolved its malware since May 2025, refining tools just days after releasing its LOSTKEYS variant, says Google. The Russia-linked hacking group COLDRIVER has been quickly upgrading its malware since May 2025, when its LOSTKEYS malware was exposed. According to Google’s Threat Intelligence Group, the hackers have been rolling out frequent updates and […]
