T1547 - Boot Or Logon Autostart Execution is a mitre_attack tracked across 50 threat clusters and 165 intelligence report mentions on ThreatCluster. First observed January 28, 2026; most recent activity July 16, 2026.
Operation Highland, attributed to the Velvet Ant cyberespionage group, involved a sophisticated attack that began in 2016 and persisted undetected for a decade. The attackers hijacked the authentication stack of a major…
Gamaredon, a Russian state-backed APT group, is actively exploiting a WinRAR vulnerability (CVE-2025-8088) to deploy malware against Ukrainian government and military targets. The attack begins with a spearphishing…
The GhostShell malware cluster is actively targeting Ukraine’s UAV operations and defense supply chain. Utilizing advanced techniques such as mTLS-authenticated implants and Telegram-based loaders, the attackers gain…
A sophisticated backdoor malware named Firestarter has been discovered on Cisco Firepower devices, attributed to the state-sponsored threat actor UAT-4356. The malware exploits two vulnerabilities, CVE-2025-20333 and…
Two Russia-aligned cyber campaigns are exploiting the WinRAR vulnerability CVE-2025-8088 against Ukrainian targets nearly a year after it was patched. The flaw, a path traversal vulnerability, allows attackers to write…
The Gamaredon group, a Russian-aligned APT, has significantly upgraded its cyber capabilities in 2025, focusing on spear-phishing campaigns against Ukrainian targets. ESET Research reports that Gamaredon conducted 35…
A phishing campaign targeting Ukrainian government organizations has been attributed to the Belarus-aligned Ghostwriter group, also known as UAC-0057. The campaign involves sending emails with PDF attachments that lead…
The China-linked threat actor UAT-7810 is evolving its malware toolkit, notably introducing LONGLEASH, an upgraded version of the SHORTLEASH backdoor. This group exploits known vulnerabilities in unpatched Ruckus…
The Belarus-aligned cyber group FrostyNeighbor has launched a targeted campaign against government organizations in Ukraine and Poland since March 2026. Utilizing spearphishing techniques, the group delivers malicious…
On March 1, 2026, a China-nexus threat actor launched a cyber campaign targeting countries in the Persian Gulf region, coinciding with renewed conflict in the Middle East. The attack utilized social engineering tactics,…