T1059.005 - Visual Basic is a mitre_attack tracked across 50 threat clusters and 88 intelligence report mentions on ThreatCluster. First observed November 12, 2025; most recent activity July 17, 2026.
Gamaredon, a Russian state-backed APT group, is actively exploiting a WinRAR vulnerability (CVE-2025-8088) to deploy malware against Ukrainian government and military targets. The attack begins with a spearphishing…
The GhostShell malware cluster is actively targeting Ukraine’s UAV operations and defense supply chain. Utilizing advanced techniques such as mTLS-authenticated implants and Telegram-based loaders, the attackers gain…
The Gamaredon group, a Russian-aligned APT, has significantly upgraded its cyber capabilities in 2025, focusing on spear-phishing campaigns against Ukrainian targets. ESET Research reports that Gamaredon conducted 35…
A newly identified APT group, Armored Likho, is conducting a phishing campaign targeting government agencies and electric power sectors in Russia, Brazil, and Kazakhstan. The group employs a sophisticated infostealer…
Russian cyber group APT28, also known as Fancy Bear, has been exploiting vulnerabilities in TP-Link and MikroTik routers to conduct large-scale DNS hijacking operations. This campaign, which has affected over 18,000…
A sophisticated malware campaign targeting macOS users has been linked to North Korean threat group Sapphire Sleet. This operation focuses on cryptocurrency organizations, venture capital firms, and Web3 developers.…
A sophisticated malware campaign targeting users in South Korea has been identified, utilizing malicious LNK files that leverage GitHub as a command and control (C2) infrastructure. The campaign, attributed to North…
The North Korean hacking group Kimsuky is utilizing generative AI to create malware aimed at South Korean government systems, as reported by Kaspersky on May 14, 2026. The malware, named HelloDoor, is a Rust-based…
In 2026, Iranian APT groups, notably Cavern Manticore and OilRig, have intensified cyber operations against Israeli organizations, primarily in the IT and government sectors. Cavern Manticore employs a modular…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed active exploitation of critical vulnerabilities in Lantronix EDS5000-series devices and Ubiquiti's UniFi OS. The Lantronix vulnerability,…