Security leaders should prioritize anomalous-activity detection and zero-trust principles, a new report recommends.

Chinese group Jewelbug hacked a Russian IT provider, exploiting Microsoft tools and exfiltrating data via Yandex Cloud.

Google, which disclosed the campaign, said it was one of the most significant supply-chain hacks in recent memory.

PlugX and Bookworm campaigns strike Asian telecom and ASEAN targets using DLL side-loading and modular RATs.

Hackers are increasingly using a new AI-powered offensive security framework called HexStrike-AI in real attacks to exploit newly disclosed n-day flaws. [...]

Cloud storage and remote operation can expose critical sectors to Chinese espionage, warned the Czech Republic's NÚKIB, "making trust in the reliability of the provider absolutely crucial."

UAT-7237 exploits unpatched Taiwan servers using SoundBill, Cobalt Strike, and SoftEther VPN for persistent control.

: Attempts to censor QUIC traffic create chance to block access to offshore DNS resolvers

The Security Affairs Malware Round 56 newsletter provides an overview of recent malware threats and incidents. The topics covered include a supply chain attack involving a compromised mouse configuration tool from Endgame Gear, which highlights the risks associated with third-party software. Another article discusses Darktrace's response to a Linux intrusion via the Auto-Color backdoor, indicating the targeting of Linux systems by sophisticated threats. The newsletter also reports on the use of Node.JS to launch JSCeal malware, demonstrating the exploitation of development tools for malicious purposes. Additionally, an analysis of the FunkSec ransomware is presented, offering insights into its operation. While the specific impacts of these threats are not detailed in the provided summary, these incidents collectively illustrate the diverse tactics employed by cyber adversaries. For complete technical context, implications, and detailed impacts of these threats, readers are advised to visit the original article at the provided URL. Based on the summary, these incidents underscore the need for comprehensive cybersecurity strategies to address various attack vectors.

Kaspersky uncovers a sophisticated APT41 cyberespionage campaign targeting African government IT, showcasing the Chinese group's full TTPs, including Impacket and Cobalt Strike.

Singapore says China-linked group UNC3886 targeted its critical infrastructure by hacking routers and security devices. Singapore accused China-linked APT group UNC3886 of targeting its critical infrastructure. UNC3886 is a sophisticated China-linked cyber espionage group that targets network devices and virtualization technologies using zero-day exploits. Its primary focus is on defense, technology, and telecommunications sectors in […]

A new report traces the history of the early wave of Chinese hackers who became the backbone of the state's espionage apparatus.

North Korean hackers exploit npm packages to deploy multi-stage malware, targeting job-seeking developers

Kaspersky has discovered a new spyware named SparkKitty, present on the Apple App Store and the Google Play Store. This malware steals photos and targets cryptographic information. Active since early 2024, SparkKitty spreads via malicious applications.

A Chinese APT hacker group has infected SOHO routers with the ShortLeash backdoor to build a stealthy espionage infrastructure. This operation, attributed to the LapDogs group, aims to establish a clandestine network for cyberespionage activities. The compromised routers serve as access points for subsequent attacks, allowing the attackers to monitor and exfiltrate sensitive data.