China is a country tracked across 50 threat clusters and 2573 intelligence report mentions on ThreatCluster. First observed October 23, 2025; most recent activity July 17, 2026.
A sophisticated threat actor known as UAT-7290, tracked by Cisco Talos, has expanded its operations to target telecommunications providers in Southeastern Europe. This group, which has been active since at least 2022,…
Telecommunications providers in South Asia and Southeastern Europe have been targeted by the China-linked threat operation UAT-7290 in a series of cyberespionage attacks. The intrusions involved extensive reconnaissance…
Cisco has addressed a maximum-severity vulnerability in AsyncOS, tracked as CVE-2025-20393, which has been actively exploited for at least a month. The flaw affects Secure Email Gateway (SEG) and Secure Email and Web…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated that government agencies secure their systems against a critical Gogs vulnerability, tracked as CVE-2025-8110. This remote code execution…
Cisco Talos reported that the Secure Email Gateway is under attack due to a zero-day vulnerability. The campaign is attributed to UAT-9686, an advanced persistent threat actor believed to have connections to China.…
Cisco has disclosed a critical authentication bypass vulnerability, CVE-2026-20182, affecting its Catalyst SD-WAN Controller and Manager. This flaw allows unauthenticated remote attackers to bypass authentication and…
Google has issued an emergency update to address a high-severity zero-day vulnerability, CVE-2025-13223, in its Chrome browser. This flaw, linked to the V8 JavaScript engine, allows attackers to execute arbitrary code…
The China-aligned threat group SHADOW-EARTH-053 has been exploiting unpatched Microsoft Exchange and IIS server vulnerabilities, specifically the ProxyLogon vulnerability chain, to conduct cyberespionage. This group has…
On April 3, 2025, Ivanti disclosed CVE-2025-22457, a critical buffer overflow vulnerability affecting Ivanti Connect Secure and other products. The vulnerability allows unauthenticated remote code execution, and…
Operation Highland, attributed to the Velvet Ant cyberespionage group, involved a sophisticated attack that began in 2016 and persisted undetected for a decade. The attackers hijacked the authentication stack of a major…