T1566.001 - Spearphishing Attachment is a mitre_attack tracked across 50 threat clusters and 385 intelligence report mentions on ThreatCluster. First observed October 31, 2025; most recent activity July 17, 2026.
Active exploitation of two critical vulnerabilities has been reported: CVE-2026-20230 in Cisco Unified CM and CVE-2026-20971 in Samsung KNOX. The Cisco flaw, a server-side request forgery (SSRF), poses an immediate…
Gamaredon, a Russian state-backed APT group, is actively exploiting a WinRAR vulnerability (CVE-2025-8088) to deploy malware against Ukrainian government and military targets. The attack begins with a spearphishing…
The GhostShell malware cluster is actively targeting Ukraine’s UAV operations and defense supply chain. Utilizing advanced techniques such as mTLS-authenticated implants and Telegram-based loaders, the attackers gain…
Two Russia-aligned cyber campaigns are exploiting the WinRAR vulnerability CVE-2025-8088 against Ukrainian targets nearly a year after it was patched. The flaw, a path traversal vulnerability, allows attackers to write…
The Gamaredon group, a Russian-aligned APT, has significantly upgraded its cyber capabilities in 2025, focusing on spear-phishing campaigns against Ukrainian targets. ESET Research reports that Gamaredon conducted 35…
A newly identified APT group, Armored Likho, is conducting a phishing campaign targeting government agencies and electric power sectors in Russia, Brazil, and Kazakhstan. The group employs a sophisticated infostealer…
Russian cyber group APT28, also known as Fancy Bear, has been exploiting vulnerabilities in TP-Link and MikroTik routers to conduct large-scale DNS hijacking operations. This campaign, which has affected over 18,000…
The FBI has issued a warning regarding Iranian cyber actors deploying malware through the Telegram messaging app to target dissidents, journalists, and opposition figures globally. This operation, attributed to Iran's…
A phishing campaign targeting Ukrainian government organizations has been attributed to the Belarus-aligned Ghostwriter group, also known as UAC-0057. The campaign involves sending emails with PDF attachments that lead…
From mid-2024 to early 2026, the Vietnam-aligned APT group OceanLotus has intensified its focus on domestic espionage, utilizing the SPECTRALVIPER backdoor in two major campaigns. The first campaign targeted a…