T1105 - Ingress Tool Transfer is a mitre_attack tracked across 50 threat clusters and 145 intelligence report mentions on ThreatCluster. First observed November 20, 2025; most recent activity July 17, 2026.
A critical vulnerability in FortiWeb Web Application Firewall (WAF) has been actively exploited, allowing attackers to gain full administrative access to affected systems. Organizations using FortiWeb are at risk of…
On June 18, 2026, international law enforcement agencies launched Operation Endgame, disrupting the SocGholish malware infrastructure linked to the Russian cybercrime group Evil Corp. The operation resulted in the…
A critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS is being actively exploited in a large-scale cyberattack affecting over 700 websites, including those of Harvard University, Oxford University, Auburn…
The Lazarus Group, a North Korea-linked cybercrime organization, has intensified its operations against financial and cryptocurrency sectors using a sophisticated fileless Remote Access Trojan (RAT) called RemotePE.…
The China-linked threat actor UAT-7810 is evolving its malware toolkit, notably introducing LONGLEASH, an upgraded version of the SHORTLEASH backdoor. This group exploits known vulnerabilities in unpatched Ruckus…
From mid-2024 to early 2026, the Vietnam-aligned APT group OceanLotus has intensified its focus on domestic espionage, utilizing the SPECTRALVIPER backdoor in two major campaigns. The first campaign targeted a…
ESET researchers reported a supply-chain attack by the North Korean APT group ScarCruft, targeting a gaming platform in the Yanbian region of China. The attack, ongoing since late 2024, involved trojanizing both Windows…
The Belarus-aligned cyber group FrostyNeighbor has launched a targeted campaign against government organizations in Ukraine and Poland since March 2026. Utilizing spearphishing techniques, the group delivers malicious…
The Google Threat Intelligence Group (GTIG) reports that North Korean threat actor UNC5342 has adopted a new technique called EtherHiding to deliver malware and facilitate cryptocurrency theft. This method embeds…
On March 12, 2026, Zscaler ThreatLabz reported a campaign by the Tropic Trooper APT targeting Chinese-speaking individuals in Taiwan, Japan, and South Korea. The attack involved a malicious ZIP archive containing…