Unc5221 is a apt_group tracked across 11 threat clusters and 21 intelligence report mentions on ThreatCluster. First observed November 5, 2025; most recent activity June 23, 2026.
On April 3, 2025, Ivanti disclosed CVE-2025-22457, a critical buffer overflow vulnerability affecting Ivanti Connect Secure and other products. The vulnerability allows unauthenticated remote code execution, and…
Between May 2025 and Spring 2026, the Belgian State Security experienced a data breach exposing employee information, attributed to vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM). Hackers exploited flaws…
ESET's latest APT Activity Report reveals that from October 2025 to March 2026, China-aligned threat actors engaged in extensive espionage campaigns, particularly in Venezuela and the Gulf region. Following U.S.…
The Chinese espionage group UNC5221, also known as VerdantBamboo, has been using the Brickstorm backdoor and new malware variants Plenet and AgentPSD to maintain access to compromised Microsoft 365 environments.…
A Chinese threat actor known as VerdantBamboo compromised a company's network through a managed service provider (MSP) over 18 months. The initial breach involved a Linux-based Egnyte Storage Sync appliance, which was…
Google's Threat Intelligence Group tracked 90 zero-day vulnerabilities exploited in 2025, a rise from 78 in 2024. Less than half of these vulnerabilities were attributed to specific threat actors, with spyware vendors…
A Chinese state-backed hacking group, UNC6201, has been exploiting a critical zero-day vulnerability in Dell RecoverPoint for Virtual Machines since at least mid-2024. The flaw, tracked as CVE-2026-22769, features a…
F5 disclosed a security breach affecting its BIG-IP product line, where a state-sponsored threat actor gained unauthorized access to the company's internal engineering and product development environments. The attackers…
A security breach of F5's BIG-IP product line has been disclosed, revealing that a state-sponsored threat actor gained unauthorized access to F5's internal engineering and product development environments. The attackers…
Chinese state-sponsored hackers have maintained long-term access to critical US networks, utilizing Brickstorm malware for data theft and infiltration. The campaign, which has affected at least eight government services…