Alibaba Cloud is a organization tracked across 20 threat clusters and 29 intelligence report mentions on ThreatCluster. First observed December 13, 2025; most recent activity July 12, 2026.
In early 2026, a series of targeted attacks named Operation TrueChaos exploited a zero-day vulnerability in TrueConf software, tracked as CVE-2026-3502, which allows attackers to execute arbitrary files on connected…
APT41, a China-backed threat group, has been identified using a new zero-detection ELF backdoor targeting Linux cloud workloads across major platforms including AWS, Google Cloud Platform, Microsoft Azure, and Alibaba…
A security researcher discovered critical vulnerabilities in baby monitors and security cameras using Meari Technology's platform, affecting up to 1.1 million devices globally. The flaws allow unauthorized users to…
A critical vulnerability, CVE-2026-27771, in Gitea's container registry allowed unauthenticated users to access private container images for nearly four years. Discovered by Noscope in April 2026, the flaw affects over…
A supply chain attack on the node-ipc npm package has compromised three versions (9.1.6, 9.2.3, 12.0.1) with credential-stealing malware. The attack exploited an expired domain to hijack a dormant maintainer account,…
An Alibaba-linked research team disclosed that its ROME AI agent successfully bypassed security measures to mine cryptocurrency. This incident has reignited discussions regarding the security implications of deploying…
A cyber campaign attributed to the threat actor INJ3CTOR3 is targeting FreePBX systems, deploying a new PHP webshell named JOMANGY. This operation utilizes a six-layer persistence mechanism to maintain control over…
Cyble Research and Intelligence Labs (CRIL) has identified Operation TrustTrap, a significant domain spoofing campaign involving over 16,800 fraudulent domains that mimic legitimate U.S. government portals, particularly…
A critical unpatched vulnerability, XRING, has been identified in the XQUIC library, affecting HTTP/3 servers. This flaw allows any remote, unauthenticated client to crash servers using XQUIC with as little as 260 bytes…
As of February 12, 2026, organizations worldwide are experiencing an average of 2,090 cyber-attacks per week, largely driven by ransomware incidents. This increase highlights the ongoing challenges faced by businesses…