Apt38 is a apt_group tracked across 12 threat clusters and 25 intelligence report mentions on ThreatCluster. First observed October 31, 2025; most recent activity June 22, 2026.
A sophisticated backdoor malware named Firestarter has been discovered on Cisco Firepower devices, attributed to the state-sponsored threat actor UAT-4356. The malware exploits two vulnerabilities, CVE-2025-20333 and…
The Lazarus Group, a North Korea-linked cybercrime organization, has intensified its operations against financial and cryptocurrency sectors using a sophisticated fileless Remote Access Trojan (RAT) called RemotePE.…
FamousSparrow, a China-aligned APT group, launched a multi-wave cyberespionage campaign against an Azerbaijani oil and gas company from late December 2025 to February 2026. The attackers employed an evolved DLL…
A North Korean cybercrime group known as Sapphire Sleet has launched a social engineering campaign targeting macOS users, as reported by Microsoft's Threat Intelligence unit. The campaign involves tricking users into…
A new supply chain attack, dubbed 'Mini Shai-Hulud', has compromised multiple npm packages related to SAP's Cloud Application Programming Model (CAP). This attack involves injecting malicious preinstall scripts into…
On April 18, 2026, Kelp DAO's LayerZero-powered cross-chain bridge was exploited, resulting in the theft of 116,500 rsETH, valued at approximately $293 million. The attacker utilized a forged cross-chain message to…
Recent reports detail the tactics employed by various cyber adversaries to enumerate files and directories on compromised systems. Adversaries utilize command shell utilities and custom tools to gather sensitive…
Five individuals have pleaded guilty to facilitating North Korean operatives in obtaining remote IT jobs at U.S. companies by using false and stolen identities. The U.S. Department of Justice has also seized $15 million…
South Korean authorities suspect that North Korea's Lazarus Group was behind a hack of Upbit, resulting in losses of approximately $30.4 million. The breach involved unusual activity in Solana tokens and led Upbit to…
The ATT&CK framework has released version 19, which includes significant updates to its structure and coverage. Notably, the Defense Evasion Tactic has been split into two distinct categories: Stealth and Defense…