A series of sophisticated phishing campaigns targeting diplomatic and governmental organizations has been linked to a Russian-state sponsored hacking group known as APT29, or Cozy Bear. This threat actor has been active since January 17, 2022, employing a range of techniques that highlight their ongoing interest in gathering sensitive diplomatic…
In recent weeks, the Chinese state-sponsored hacking group known as Override Panda has made headlines again, launching a sophisticated phishing campaign aimed at acquiring sensitive information. This resurgence focuses on utilizing spear-phishing tactics to compromise targeted entities. According to a report by Cluster25, this threat actor leveraged a spear-phishing email…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding a critical vulnerability in Trimble’s Cityworks software for geographic information systems (GIS). This vulnerability, identified as CVE-2025-0994, is currently under active exploitation, posing significant risk to its users. CVE-2025-0994 carries a CVSS v4 score of 8.6, indicating…
T-Mobile, a prominent U.S. telecommunications provider, has acknowledged being targeted by Chinese cyber threat actors aiming to infiltrate its systems to access sensitive data. The perpetrators, identified as Salt Typhoon, have been conducting a prolonged campaign focusing on extracting cellphone communications of individuals considered “high-value intelligence targets.” The extent of…
A critical security vulnerability in Atlassian’s Confluence Server and Data Center products has recently been exploited in active cyberattacks, leading to the deployment of cryptocurrency miners and ransomware. The flaw, identified as CVE-2022-26134 with a CVSS score of 9.8, was patched by Atlassian on June 3, 2022. This vulnerability enables…
Recent reports have surfaced detailing a targeted cyberattack campaign aimed at unpatched Microsoft Exchange Servers, utilizing these vulnerabilities as a foothold to deploy the sophisticated ShadowPad malware. Key targets include entities in Afghanistan, Malaysia, and Pakistan, particularly focusing on organizations within the telecommunications, manufacturing, and transportation sectors. The activity was…
Cisco Confirms Cyberattack Linked to Yanluowang Ransomware Gang On May 24, 2022, Cisco Systems, a leading networking equipment provider, confirmed it fell victim to a cyberattack that exploited vulnerabilities in its digital infrastructure. The breach occurred after an attacker compromised a Cisco employee’s personal Google account, which contained synchronized passwords…
In early 2022, an attack infrastructure targeting Cisco was also utilized in an attempted breach of an unnamed workforce management solutions holding company. This attempted intrusion occurred just one month prior to the Cisco incident, highlighting a strategy employed by cybercriminals to exploit vulnerabilities in various sectors. According to cybersecurity…
Recent investigations have uncovered the involvement of former Conti cybercrime group members in multiple campaigns targeting Ukraine from April through August 2022. According to Google’s Threat Analysis Group (TAG), these cyber operations reflect a strategic continuation of prior attacks against the Eastern European nation amidst the ongoing Russo-Ukrainian conflict. The…
