T1047 - Windows Management Instrumentation is a mitre_attack tracked across 50 threat clusters and 78 intelligence report mentions on ThreatCluster. First observed November 13, 2025; most recent activity July 17, 2026.
SonicWall has reported two critical vulnerabilities, CVE-2026-15409 and CVE-2026-15410, affecting its SMA1000 Series appliances, which are currently being actively exploited. The first vulnerability, CVE-2026-15409, is…
The Akira ransomware group has been identified as a significant threat to critical infrastructure, with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI warning of its active ransomware…
On June 18, 2026, international law enforcement agencies launched Operation Endgame, disrupting the SocGholish malware infrastructure linked to the Russian cybercrime group Evil Corp. The operation resulted in the…
The Gamaredon group, a Russian-aligned APT, has significantly upgraded its cyber capabilities in 2025, focusing on spear-phishing campaigns against Ukrainian targets. ESET Research reports that Gamaredon conducted 35…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published a new guide titled 'Adapting Zero Trust Principles to Operational Technology' to assist organizations in implementing zero trust…
From mid-2024 to early 2026, the Vietnam-aligned APT group OceanLotus has intensified its focus on domestic espionage, utilizing the SPECTRALVIPER backdoor in two major campaigns. The first campaign targeted a…
In 2026, Iranian APT groups, notably Cavern Manticore and OilRig, have intensified cyber operations against Israeli organizations, primarily in the IT and government sectors. Cavern Manticore employs a modular…
In 2024, ESET identified a new China-aligned APT group named LongNosedGoblin, which targets governmental entities in Southeast Asia and Japan. The group employs a custom toolset, primarily using C#/.NET applications, to…
Adversaries are increasingly leveraging external remote services like VPNs and Citrix to gain unauthorized access to networks. These attacks often involve using valid accounts obtained through credential harvesting or…
Two critical vulnerabilities, CVE-2026-20186 and CVE-2026-20180, have been published for Cisco Identity Services Engine (ISE) on April 15, 2026. Both vulnerabilities allow authenticated remote attackers with Read Only…