Apt29 is a apt_group tracked across 20 threat clusters and 24 intelligence report mentions on ThreatCluster. First observed February 15, 2026; most recent activity July 14, 2026.
Russian state-backed hackers from APT28 are actively exploiting a high-severity stored cross-site scripting vulnerability (CVE-2025-66376) in the Zimbra Collaboration Suite (ZCS) to target Ukrainian government entities.…
Two Russia-aligned cyber campaigns are exploiting the WinRAR vulnerability CVE-2025-8088 against Ukrainian targets nearly a year after it was patched. The flaw, a path traversal vulnerability, allows attackers to write…
FamousSparrow, a China-aligned APT group, launched a multi-wave cyberespionage campaign against an Azerbaijani oil and gas company from late December 2025 to February 2026. The attackers employed an evolved DLL…
The SUNBURST backdoor, discovered by FireEye, exploits trojanized updates to SolarWinds Orion software, affecting numerous public and private organizations globally. The attack vector involves a malicious DLL,…
ESET's latest APT Activity Report reveals that from October 2025 to March 2026, China-aligned threat actors engaged in extensive espionage campaigns, particularly in Venezuela and the Gulf region. Following U.S.…
Adversaries are increasingly leveraging external remote services like VPNs and Citrix to gain unauthorized access to networks. These attacks often involve using valid accounts obtained through credential harvesting or…
Mandiant Threat Intelligence has assessed with high confidence that UNC1151 is linked to the Belarusian government, conducting cyber operations primarily targeting Ukraine, Lithuania, Latvia, Poland, and Germany. The…
North Korea's cyber program has transitioned to a modular malware strategy, moving away from monolithic malware families to a more fragmented ecosystem. This change is a response to years of international sanctions, law…
Recent cybersecurity reports detail the exploitation of software vulnerabilities in client applications, particularly targeting web browsers and Microsoft Office. Adversaries utilize techniques such as Drive-by…
Russian hackers have deployed a new remote access toolkit named 'CTRL' to hijack Remote Desktop Protocol (RDP) sessions. This toolkit utilizes FRP-based reverse tunnels to gain stealthy access to compromised Windows…