Transportation is a industry tracked across 50 threat clusters and 254 intelligence report mentions on ThreatCluster. First observed October 24, 2025; most recent activity July 17, 2026.
A cyber threat actor has been exploiting a zero-day vulnerability (CVE-2026-20127) in Cisco Catalyst SD-WAN Controller since 2023. This vulnerability allows unauthenticated remote attackers to bypass authentication and…
The China-aligned threat group SHADOW-EARTH-053 has been exploiting unpatched Microsoft Exchange and IIS server vulnerabilities, specifically the ProxyLogon vulnerability chain, to conduct cyberespionage. This group has…
In March 2026, Iranian hackers linked to the Ministry of Intelligence and Security (MOIS) breached the Los Angeles County Metropolitan Transportation Authority (LACMTA), stealing at least 700 gigabytes of sensitive…
The Cybersecurity and Infrastructure Security Agency (CISA) has initiated the CI Fortify program to bolster the resilience of critical infrastructure operators against cyberattacks. This initiative encourages…
The Russian state-sponsored group Sandworm has intensified its cyber operations against industrial and critical infrastructure, utilizing pre-compromised operational technology (OT) environments instead of zero-day…
From mid-2024 to early 2026, the Vietnam-aligned APT group OceanLotus has intensified its focus on domestic espionage, utilizing the SPECTRALVIPER backdoor in two major campaigns. The first campaign targeted a…
On March 12, 2026, Zscaler ThreatLabz reported a campaign by the Tropic Trooper APT targeting Chinese-speaking individuals in Taiwan, Japan, and South Korea. The attack involved a malicious ZIP archive containing…
ESET's latest APT Activity Report reveals that from October 2025 to March 2026, China-aligned threat actors engaged in extensive espionage campaigns, particularly in Venezuela and the Gulf region. Following U.S.…
As the 2026 FIFA World Cup approaches, cyber threats are escalating, particularly from Iranian-linked hackers. These actors are expected to target fans and infrastructure through various cyberattacks, including phishing…
Daxin, a sophisticated backdoor linked to China, has reappeared in Taiwan, targeting a multinational high-tech manufacturer. Discovered in May 2026, it operates stealthily by hijacking legitimate TCP connections for…