Advanced Persistent Threat (APT)

Ivanti VPN Zero-Day Exploits: Critical Vulnerabilities and Advanced Persistence Techniques

APT-News

Ivanti VPN Zero-Day Exploits: Critical Vulnerabilities and Advanced Persistence Techniques

Security teams worldwide are grappling with widespread exploitation of Ivanti Connect Secure VPN appliances, as researchers uncover...

Detecting and Mitigating CVE-2024-3400: Critical Zero-Day in Palo Alto GlobalProtect

CVE News

Detecting and Mitigating CVE-2024-3400: Critical Zero-Day in Palo Alto GlobalProtect

A critical zero-day vulnerability (CVE-2024-3400) in Palo Alto Networks’ PAN-OS GlobalProtect feature has been actively exploited since...

StormBamboo APT Targets ISPs to Poison Software Updates with Malware

APT-News

StormBamboo APT Targets ISPs to Poison Software Updates with Malware

A China-linked cyberespionage group known as StormBamboo (also tracked as Evasive Panda, Daggerfly, and Bronze Highland) has...

Russian APT28’s “Nearest Neighbor Attack”: Weaponizing Nearby Wi-Fi Networks for Covert Access

APT-News

Russian APT28’s “Nearest Neighbor Attack”: Weaponizing Nearby Wi-Fi Networks for Covert Access

In early 2022, Russian state-sponsored threat actor APT28 (also tracked as GruesomeLarch) deployed a novel attack vector...

XE Group’s Cybercrime Evolution: From Credit Card Skimming to Zero-Day Exploitation

APT-News

XE Group’s Cybercrime Evolution: From Credit Card Skimming to Zero-Day Exploitation

The XE Group, a cybercrime syndicate with suspected Vietnamese origins, has dramatically evolved its operations from traditional...

Trojan.MSIL.SUPERNOVA.A: Technical Analysis of the Windows Trojan Threat

Malware Analysis

Trojan.MSIL.SUPERNOVA.A: Technical Analysis of the Windows Trojan Threat

Trojan.MSIL.SUPERNOVA.A represents a significant Windows-based threat with high damage potential despite its currently limited distribution. First identified...

Trojan.Win64.COMBACKER.YABA-A: Analyzing the Persistent Low-Risk Threat to Windows Systems

News

Trojan.Win64.COMBACKER.YABA-A: Analyzing the Persistent Low-Risk Threat to Windows Systems

Trojan.Win64.COMBACKER.YABA-A represents a persistent though low-risk threat to Windows systems, first identified in January 2021 by Trend...

Trojan.Win64.HAFNIUM.A: Technical Analysis of the Microsoft Exchange Server Threat

Threat Intelligence

Trojan.Win64.HAFNIUM.A: Technical Analysis of the Microsoft Exchange Server Threat

The Trojan.Win64.HAFNIUM.A malware represents a sophisticated threat targeting Microsoft Exchange servers, initially attributed to the Chinese state-sponsored...

ASTROLOCKER Ransomware: Technical Analysis of a Mount Locker Affiliate Strain

Malware Analysis

ASTROLOCKER Ransomware: Technical Analysis of a Mount Locker Affiliate Strain

Ransom.Win32.ASTROLOCKER.A represents a lesser-known but technically sophisticated ransomware strain with potential ties to the Mount Locker operation....

RedLine Stealer Malware: Analyzing the MSIL.YXBDM Variant’s Data Theft Capabilities

Malware Analysis

RedLine Stealer Malware: Analyzing the MSIL.YXBDM Variant’s Data Theft Capabilities

TrojanSpy.MSIL.REDLINESTEALER.YXBDM represents a sophisticated information-stealing malware targeting Windows systems, first identified by Trend Micro researchers in April...

Ransom.Win64.CONTI.AA: Analyzing the Persistent Conti Ransomware Threat

Malware Analysis

Ransom.Win64.CONTI.AA: Analyzing the Persistent Conti Ransomware Threat

Ransom.Win64.CONTI.AA, a variant of the notorious Conti ransomware family, remains a significant threat to Windows systems despite...

Trojan.W97M.EMOTET.SMI: Analyzing the Persistent Emotet Threat Targeting Windows Systems

Malware Analysis

Trojan.W97M.EMOTET.SMI: Analyzing the Persistent Emotet Threat Targeting Windows Systems

Trojan.W97M.EMOTET.SMI is a variant of the notorious Emotet malware, primarily spread through malicious Microsoft Office documents. Despite...

Chinese APT Earth Baxia Targets APAC with GeoServer Exploits and Sophisticated Malware

APT-News

Chinese APT Earth Baxia Targets APAC with GeoServer Exploits and Sophisticated Malware

A China-linked advanced persistent threat group known as Earth Baxia has been conducting targeted attacks against government...

Unmasking Prometei: Trend Micro’s MXDR Investigation Reveals Botnet’s Cryptomining Operations

APT-News

Unmasking Prometei: Trend Micro’s MXDR Investigation Reveals Botnet’s Cryptomining Operations

The Prometei botnet has evolved into a sophisticated threat since its emergence in 2016, now leveraging Microsoft...

Earth Estries APT Group’s Long-Term Cyber Espionage Campaign Targeting Global Infrastructure

APT-News

Earth Estries APT Group’s Long-Term Cyber Espionage Campaign Targeting Global Infrastructure

Since 2023, Chinese state-sponsored threat actor Earth Estries (tracked as Salt Typhoon/GhostEmperor/UNC2286) has conducted sophisticated cyber espionage...

MITRE ATT&CK 2024 Results: Ransomware & macOS Threats Dominate Enterprise Security

Threat Intelligence

MITRE ATT&CK 2024 Results: Ransomware & macOS Threats Dominate Enterprise Security

The 2024 MITRE ATT&CK® Evaluations for Enterprise reveal critical insights into ransomware and macOS threats, with vendors...

Earth Preta Evades Detection by Blending Legitimate and Malicious Tools

APT-News

Earth Preta Evades Detection by Blending Legitimate and Malicious Tools

The advanced persistent threat (APT) group Earth Preta, also known as Mustang Panda, has refined its evasion...

GoldenJackal APT Breaches Air-Gapped Government Systems in Sophisticated Cyberespionage Campaign

APT-News

GoldenJackal APT Breaches Air-Gapped Government Systems in Sophisticated Cyberespionage Campaign

ESET Research has uncovered a series of cyberespionage campaigns conducted by the advanced persistent threat (APT) group...

ESET APT Activity Report Q2-Q3 2024: Key Trends in State-Sponsored Cyber Threats

APT-News

ESET APT Activity Report Q2-Q3 2024: Key Trends in State-Sponsored Cyber Threats

ESET’s latest APT Activity Report for Q2-Q3 2024 reveals significant developments in state-aligned cyber threats, with China,...

RomCom APT Exploits Firefox and Windows Zero-Days in Stealthy Cyberattacks

APT-News

RomCom APT Exploits Firefox and Windows Zero-Days in Stealthy Cyberattacks

Summary for Security Leadership The Russia-aligned RomCom APT group (also tracked as Storm-0978 or UNC2596) has been...

Posts pagination

Previous 1 2 3 Next

Advanced Persistent Threat (APT)

Ivanti VPN Zero-Day Exploits: Critical Vulnerabilities and Advanced Persistence Techniques

Detecting and Mitigating CVE-2024-3400: Critical Zero-Day in Palo Alto GlobalProtect

StormBamboo APT Targets ISPs to Poison Software Updates with Malware

Russian APT28’s “Nearest Neighbor Attack”: Weaponizing Nearby Wi-Fi Networks for Covert Access

XE Group’s Cybercrime Evolution: From Credit Card Skimming to Zero-Day Exploitation

Trojan.MSIL.SUPERNOVA.A: Technical Analysis of the Windows Trojan Threat

Trojan.Win64.COMBACKER.YABA-A: Analyzing the Persistent Low-Risk Threat to Windows Systems

Trojan.Win64.HAFNIUM.A: Technical Analysis of the Microsoft Exchange Server Threat

ASTROLOCKER Ransomware: Technical Analysis of a Mount Locker Affiliate Strain

RedLine Stealer Malware: Analyzing the MSIL.YXBDM Variant’s Data Theft Capabilities

Ransom.Win64.CONTI.AA: Analyzing the Persistent Conti Ransomware Threat

Trojan.W97M.EMOTET.SMI: Analyzing the Persistent Emotet Threat Targeting Windows Systems

Chinese APT Earth Baxia Targets APAC with GeoServer Exploits and Sophisticated Malware

Unmasking Prometei: Trend Micro’s MXDR Investigation Reveals Botnet’s Cryptomining Operations

Earth Estries APT Group’s Long-Term Cyber Espionage Campaign Targeting Global Infrastructure

MITRE ATT&CK 2024 Results: Ransomware & macOS Threats Dominate Enterprise Security

Earth Preta Evades Detection by Blending Legitimate and Malicious Tools

GoldenJackal APT Breaches Air-Gapped Government Systems in Sophisticated Cyberespionage Campaign

ESET APT Activity Report Q2-Q3 2024: Key Trends in State-Sponsored Cyber Threats

RomCom APT Exploits Firefox and Windows Zero-Days in Stealthy Cyberattacks

You may have missed

YesWiki Path Traversal Vulnerability (CVE-2025-31131): Technical Analysis and Mitigation

Critical SQL Injection Vulnerability in Next-Cart Store to WooCommerce Migration Plugin (CVE-2025-30807)

WpTravelly Plugin Vulnerability Exposes WordPress Sites to Object Injection Attacks

Critical SQL Injection Vulnerability in WooCommerce Order Splitter Plugin (CVE-2025-31089)