T1053 - Scheduled Task/Job is a mitre_attack tracked across 50 threat clusters and 222 intelligence report mentions on ThreatCluster. First observed November 11, 2025; most recent activity July 17, 2026.
A critical vulnerability in the Joomla Content Editor (JCE), tracked as CVE-2026-48907, allows unauthenticated attackers to execute remote code on affected Joomla sites. This flaw affects JCE versions below 2.9.99.6 and…
The China-aligned threat group SHADOW-EARTH-053 has been exploiting unpatched Microsoft Exchange and IIS server vulnerabilities, specifically the ProxyLogon vulnerability chain, to conduct cyberespionage. This group has…
Gamaredon, a Russian state-backed APT group, is actively exploiting a WinRAR vulnerability (CVE-2025-8088) to deploy malware against Ukrainian government and military targets. The attack begins with a spearphishing…
A newly identified APT group, Armored Likho, is conducting a phishing campaign targeting government agencies and electric power sectors in Russia, Brazil, and Kazakhstan. The group employs a sophisticated infostealer…
Iranian state-aligned hackers, known as Nimbus Manticore (UNC1549), have intensified cyberattacks against the US aviation sector amid the ongoing US-Iran military conflict. Utilizing career-themed phishing and a novel…
The Chinese-speaking threat group CL-STA-1062 has been actively deploying a new .NET backdoor named TinyRCT against government and critical energy infrastructure in Southeast Asia throughout 2025. This campaign utilizes…
A critical zero-day vulnerability (CVE-2026-35273) in Oracle PeopleSoft has been exploited by the ShinyHunters group, leading to breaches of over 100 organizations, primarily in the education sector. The vulnerability…
A Russian threat actor, UAT-11795, has been distributing trojanized installers for software like WebEx and Zoom to deploy the Starland RAT since at least June 2025. The malware targets users primarily in the U.S., with…
From mid-2024 to early 2026, the Vietnam-aligned APT group OceanLotus has intensified its focus on domestic espionage, utilizing the SPECTRALVIPER backdoor in two major campaigns. The first campaign targeted a…
The Belarus-aligned cyber group FrostyNeighbor has launched a targeted campaign against government organizations in Ukraine and Poland since March 2026. Utilizing spearphishing techniques, the group delivers malicious…