A Russian national will plead guilty to acting as an initial access broker (IAB) for Yanluowang ransomware attacks that targeted at least eight U.S. companies between July 2021 and November 2022.

North Korean hackers are abusing Google’s Find Hub tool to track the GPS location of their targets and remotely reset Android devices to factory settings. The attacks are primarily targeting South Koreans.

Security researchers at ENKI have uncovered a sophisticated espionage campaign targeting aerospace and defense organizations, in which the Lazarus Group is weaponizing a new variant of the Comebacker backdoor to infiltrate high-value targets.

Security researchers at CyberProof have uncovered critical connections between two sophisticated banking trojans Maverick and Coyote that are actively targeting Brazilian users through WhatsApp.

Multiple Chinese state-linked threat actors are exploiting legacy bugs in widely used software to conduct cyberespionage. These target government, non-profit, and private sector organizations across the U.S., Asia, Europe, and Latin America.

A sophisticated cyberattack campaign has been attributed to the threat actor group Cavalry Werewolf, targeting government agencies with the intent to steal sensitive data and establish persistent access within critical infrastructure networks.

A newly uncovered phishing campaign attributed to the Iran-linked threat actor MuddyWater has targeted international organizations using compromised email accounts. The campaign aimed to gather foreign intelligence and distribute Phoenix v4 backdoor.

“Premier Pass-as-a-Service” describes the emerging trend of advanced collaboration tactics between multiple China-aligned APT groups, notably Earth Estries and Earth Naga, that are making modern cyberespionage campaigns even more complex.

The Russian state-backed Star Blizzard hacker group has ramped up operations with new, constantly evolving malware families (NoRobot, MaybeRobot) deployed in complex delivery chains that start with ClickFix social engineering attacks.

Following the public disclosure of its LOSTKEYS malware in May 2025, the Russian state-sponsored threat group known as COLDRIVER, also tracked under aliases such as UNC4057, Star Blizzard, and Callisto, has rapidly evolved its cyber operations.