Cloudflare is a organization tracked across 50 threat clusters and 148 intelligence report mentions on ThreatCluster. First observed November 3, 2025; most recent activity July 17, 2026.
Gamaredon, a Russian state-backed APT group, is actively exploiting a WinRAR vulnerability (CVE-2025-8088) to deploy malware against Ukrainian government and military targets. The attack begins with a spearphishing…
A critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS is being actively exploited in a large-scale cyberattack affecting over 700 websites, including those of Harvard University, Oxford University, Auburn…
The Gamaredon group, a Russian-aligned APT, has significantly upgraded its cyber capabilities in 2025, focusing on spear-phishing campaigns against Ukrainian targets. ESET Research reports that Gamaredon conducted 35…
The North Korean hacking group Kimsuky is utilizing generative AI to create malware aimed at South Korean government systems, as reported by Kaspersky on May 14, 2026. The malware, named HelloDoor, is a Rust-based…
A recent report from UK intelligence reveals that over 100 governments now have access to commercial spyware tools, a significant increase from 80 in 2023. These tools, such as NSO Group's Pegasus and Paragon's…
A critical vulnerability, CVE-2026-45247, has been identified in the Mirasvit Full Page Cache Warmer for Magento 2, allowing unauthenticated remote code execution via a crafted CacheWarmer cookie. The flaw, rated 9.8 on…
A sophisticated cyber espionage campaign has been uncovered, targeting multiple Malaysian government organizations. Attackers exploited a Cloudflare-hosted storage endpoint to exfiltrate sensitive files from compromised…
A newly identified supply chain vulnerability named 'Cordyceps' affects CI/CD workflows across major platforms, allowing unauthenticated attackers to exploit Git-based repositories. Novee's research flagged 654…
Torg Grabber, a new infostealer malware, is actively targeting 728 cryptocurrency wallet extensions and other applications, including password managers and communication tools. The malware employs the ClickFix technique…
Fortinet reported two vulnerabilities affecting FortiOS, FortiManager, FortiAnalyzer, and FortiProxy related to FortiCloud SSO authentication. The first vulnerability, an Authentication Bypass (CWE-288), allows…