T1036 - Masquerading is a mitre_attack tracked across 50 threat clusters and 132 intelligence report mentions on ThreatCluster. First observed November 17, 2025; most recent activity July 17, 2026.
A sophisticated cyber campaign has exploited a critical cPanel vulnerability (CVE-2026-41940) to breach government and military servers in Southeast Asia, particularly targeting Indonesia. The attackers utilized a…
On June 18, 2026, international law enforcement agencies launched Operation Endgame, disrupting the SocGholish malware infrastructure linked to the Russian cybercrime group Evil Corp. The operation resulted in the…
The Chinese-speaking threat group CL-STA-1062 has been actively deploying a new .NET backdoor named TinyRCT against government and critical energy infrastructure in Southeast Asia throughout 2025. This campaign utilizes…
Rapid7 Labs has identified a sustained espionage campaign by a China-nexus threat actor, Red Menshen, targeting global telecommunications infrastructure. The research, titled 'Sleeper Cells in the Telecom Backbone,'…
A critical zero-day vulnerability (CVE-2026-35273) in Oracle PeopleSoft has been exploited by the ShinyHunters group, leading to breaches of over 100 organizations, primarily in the education sector. The vulnerability…
The FBI and CISA have issued a warning regarding a phishing campaign by Russian intelligence services targeting Signal users to steal Backup Recovery Keys. This escalation allows attackers to access victims' historical…
Five malicious NuGet packages were discovered targeting developers in the Chinese .NET ecosystem. The packages, published under the account bmrxntfj, impersonate legitimate libraries and have accumulated around 65,000…
In 2024, Iranian APT group BladedFeline launched a cyber campaign against Kurdish and Iraqi government officials, utilizing advanced malware tools including the Shahmaran backdoor and the Whisper backdoor. The attacks…
In 2026, Iranian APT groups, notably Cavern Manticore and OilRig, have intensified cyber operations against Israeli organizations, primarily in the IT and government sectors. Cavern Manticore employs a modular…
Adversaries are increasingly leveraging external remote services like VPNs and Citrix to gain unauthorized access to networks. These attacks often involve using valid accounts obtained through credential harvesting or…