China-linked attacker hit France’s critical infrastructure via trio of Ivanti zero-days last year

A China-linked threat actor, UNC5174, exploited three Ivanti CSA zero-days (CVE-2024-8190, CVE-2024-8963, CVE-2024-9380) to target French critical infrastructure sectors from September to November 2024.

Hunters International ransomware shuts down, releases free decryptors

Hunters International, a prolific Ransomware-as-a-Service (RaaS) operation responsible for nearly 300 global attacks, has officially shut down. The group announced the closure on July 3, 2025, offering free decryption tools to victims.

Tracing Blind Eagle to Proton66

Blind Eagle, also known as APT-C-36, is a persistent threat actor that targets organizations across Latin America, with a particular focus on Colombian financial institutions.

N. Korean Group BlueNoroff Uses Deepfake Zoom Calls in Crypto Scams

BlueNoroff, a North Korean state-sponsored APT group and a subgroup of the Lazarus Group, is conducting a sophisticated campaign targeting macOS users in the cryptocurrency sector.

Blind Eagle (APT-C-36) Exploits WebDAV and Dynamic DNS in Post-Patch Malware Campaign Targeting Colombia

Blind Eagle (APT-C-36), a threat group active since 2018, has launched a new phishing campaign targeting Colombian organizations. The group uses phishing emails to deliver malware via malicious URLs.

Hackers Use Open-Source Tools to Attack Financial Businesses in Africa

A threat actor group tracked as CL-CRI-1014 has been targeting financial institutions across Africa since at least 2023. These attackers function as initial access brokers (IABs), compromising networks and selling access on the dark web.
June 24, 2025

Dissecting Kimsuky’s Attacks on South Korea: In-Depth Analysis of GitHub-Based Malicious Infrastructure | EnkiWhiteHat

A newly uncovered spearphishing campaign by North Korean threat actor Kimsuky has been active since March 2025, leveraging GitHub and Dropbox to distribute malware, including the open-source XenoRAT.

Surge in XSS Cyberattacks Targets Popular Webmail Platforms, ESET Reports

Operation RoundPress, orchestrated by the Russia-aligned Sednit group, is actively exploiting cross-site scripting (XSS) vulnerabilities in widely used webmail platforms such as Roundcube, Horde, MDaemon, and Zimbra.

Qilin’s 'on-call lawyer' capability is fooling no one

Qilin introduced a controversial new feature in its affiliate panel—a "Call lawyer" button. This feature is designed to provide affiliates with access to legal experts who can assist in ransom negotiations by advising on legal implications.

APT36 Phishing Campaign Targets Indian Defense Using Credential-Stealing Malware

APT36 is conducting a targeted phishing campaign against Indian defense personnel. The campaign uses spear-phishing emails with malicious PDF attachments that mimic official government documents to deliver credential-stealing malware.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags