T1078 - Valid Accounts is a mitre_attack tracked across 50 threat clusters and 546 intelligence report mentions on ThreatCluster. First observed November 3, 2025; most recent activity July 16, 2026.
A cyberattack targeting Poland's energy grid in December has been linked to a Russian government-affiliated hacking group. The attack affected 30 wind and photovoltaic farms and prompted the Cybersecurity and…
Cisco has disclosed a critical authentication bypass vulnerability, CVE-2026-20182, affecting its Catalyst SD-WAN Controller and Manager. This flaw allows unauthenticated remote attackers to bypass authentication and…
The Akira ransomware group has been identified as a significant threat to critical infrastructure, with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI warning of its active ransomware…
A cyber threat actor has been exploiting a zero-day vulnerability (CVE-2026-20127) in Cisco Catalyst SD-WAN Controller since 2023. This vulnerability allows unauthenticated remote attackers to bypass authentication and…
The Russian Foreign Intelligence Service (SVR) has been exploiting multiple vulnerabilities, including the SolarWinds breach, to compromise U.S. and allied networks. The SolarWinds attack, which began in September 2019,…
Russian-linked cyber groups have targeted multiple energy facilities in Poland, exploiting default ICS credentials. The attacks have led to significant disruptions in operations, with Poland's CERT releasing a report…
On March 11, 2026, medical technology firm Stryker experienced a significant cyberattack attributed to the Iran-linked hacking group Handala. The attack exploited vulnerabilities in Stryker's Microsoft Intune endpoint…
In February 2024, Change Healthcare suffered a ransomware attack attributed to the ALPHV group, impacting approximately 190 million individuals, making it the largest medical data breach in U.S. history. The attack…
Active exploitation of a critical vulnerability (CVE-2025-32975) in the Quest KACE Systems Management Appliance (SMA) is occurring, with attackers targeting unpatched instances to bypass authentication and gain…
A joint advisory from 21 global cybersecurity agencies warns that Russian state hackers from the FSB's Center 16 are exploiting poorly configured routers to infiltrate critical infrastructure networks worldwide. The…