T1021.004 - SSH is a mitre_attack tracked across 19 threat clusters and 24 intelligence report mentions on ThreatCluster. First observed November 26, 2025; most recent activity July 8, 2026.
In 2024, Iranian APT group BladedFeline launched a cyber campaign against Kurdish and Iraqi government officials, utilizing advanced malware tools including the Shahmaran backdoor and the Whisper backdoor. The attacks…
The Cloud Atlas APT group has been observed employing a sophisticated cyber espionage campaign targeting government and commercial entities in Russia and Belarus. This campaign, active since 2025 and continuing into…
In 2026, Iranian APT groups, notably Cavern Manticore and OilRig, have intensified cyber operations against Israeli organizations, primarily in the IT and government sectors. Cavern Manticore employs a modular…
The traditional 90-day vulnerability disclosure policy is deemed ineffective as AI accelerates bug detection and exploitation. Security expert Himanshu Anand highlights that AI tools can convert security patches into…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed active exploitation of critical vulnerabilities in Lantronix EDS5000-series devices and Ubiquiti's UniFi OS. The Lantronix vulnerability,…
A newly disclosed vulnerability in the Linux kernel, tracked as CVE-2026-31431 and named 'Copy Fail', allows unprivileged local users to gain root access on virtually all major Linux distributions released since 2017.…
Team82 identified two critical vulnerabilities in Vertiv's Liebert IS-UNITY-DP network cards, both rated 9.8 on the CVSSv3 scale. The vulnerabilities, CVE-2025-46412 and CVE-2025-41426, allow for authentication bypass…
Trendmicro's TrendAI™ Research has identified two AI-augmented threat campaigns, SHADOW-AETHER-040 and SHADOW-AETHER-064, targeting government and financial organizations in Latin America. These campaigns began in late…
A new supply chain attack, dubbed 'Mini Shai-Hulud', has compromised multiple npm packages related to SAP's Cloud Application Programming Model (CAP). This attack involves injecting malicious preinstall scripts into…
The Vect 2.0 ransomware, emerging from a partnership with the TeamPCP group, has been found to irreversibly destroy files larger than 128 KB instead of encrypting them for ransom. This critical flaw, identified by Check…