T1056.001 - Keylogging is a mitre_attack tracked across 44 threat clusters and 50 intelligence report mentions on ThreatCluster. First observed November 21, 2025; most recent activity July 17, 2026.
T1056.001 Keylogging is a MITRE ATT&CK technique where attackers capture user keystrokes to harvest credentials and other sensitive data. It can be implemented via OS-level keyloggers, browser-based scripts, or malware components, enabling credential theft and data exfiltration across platforms. This technique remains a foundational risk in cybersecurity due to its direct access to user inputs and login information.
A China-linked threat actor known as Red Menshen has been conducting a long-term espionage campaign targeting global telecommunications networks using a stealthy Linux kernel backdoor called BPFdoor. This malware…
From mid-2024 to early 2026, the Vietnam-aligned APT group OceanLotus has intensified its focus on domestic espionage, utilizing the SPECTRALVIPER backdoor in two major campaigns. The first campaign targeted a…
Bauman Moscow State Technical University is revealed to host a secret department training students for the GRU, Russia's military intelligence. Leaked documents show that over 2,000 students have been trained in…
A new malware named NarwhalRAT has been discovered targeting Korean users through phishing emails impersonating the Microsoft security team. The malware, linked to the North Korean hacking group APT37, can perform over…
A Russian threat actor known as UAT-11795 has been deploying the Starland RAT and WLDR agent since June 2025, primarily targeting users in the U.S., Germany, Romania, and Venezuela. The group uses trojanized installers…
Oblivion RAT is a sophisticated Android remote access trojan (RAT) sold as a Malware-as-a-Service (MaaS) platform. It operates on a subscription model, providing threat actors with tools like a web-based APK builder and…
A Moroccan intelligence insider revealed that the government utilized Israeli-manufactured Pegasus spyware to surveil journalists, human rights defenders, and foreign officials. The whistleblower, known as Safir,…
Cybersecurity researchers have identified nine critical vulnerabilities in low-cost IP KVM devices, including Sipeed NanoKVM, which could allow unauthenticated attackers to gain extensive control over compromised hosts.…
A new Android malware named Perseus has been identified, actively targeting user notes to extract sensitive information such as passwords and financial data. Distributed via unofficial app stores disguised as IPTV…
In March 2026, cybersecurity researchers discovered CrystalX RAT, a new malware-as-a-service (MaaS) being promoted in private Telegram channels. This malware offers a wide range of capabilities, including remote access,…