OneDrive is a tool tracked across 50 threat clusters and 87 intelligence report mentions on ThreatCluster. First observed November 10, 2025; most recent activity July 17, 2026.
From mid-2024 to early 2026, the Vietnam-aligned APT group OceanLotus has intensified its focus on domestic espionage, utilizing the SPECTRALVIPER backdoor in two major campaigns. The first campaign targeted a…
The China-aligned APT group Webworm has shifted its focus from Asia to Europe, targeting government organizations in Belgium, Italy, Poland, Serbia, and Spain during 2025. ESET researchers identified new backdoors,…
In 2024, ESET identified a new China-aligned APT group named LongNosedGoblin, which targets governmental entities in Southeast Asia and Japan. The group employs a custom toolset, primarily using C#/.NET applications, to…
Xu Zewei, a 33-year-old Chinese national, was extradited from Italy to the United States on April 27, 2026, following his arrest in Milan on July 3, 2025. He is accused of participating in cyberattacks directed by the…
Microsoft has revealed GigaWiper, a destructive Windows backdoor that integrates components from three malware families, including Crucio and FlockWiper. This Golang-based malware is designed for post-initial access…
The newly identified Pink extortion group has emerged, utilizing voice phishing (vishing) tactics to gain access to Microsoft 365 accounts. Researchers from Unit 42 have tracked the group under cluster designation…
A coordinated international effort led by Microsoft and Europol has dismantled Tycoon2FA, a significant phishing-as-a-service platform responsible for bypassing multi-factor authentication and enabling large-scale…
In March 2026, the EvilTokens phishing kit emerged as a significant threat, allowing cybercriminals to bypass multi-factor authentication (MFA) and compromise Microsoft 365 accounts. This Phishing-as-a-Service (PhaaS)…
In July 2026, researchers demonstrated that open-weight AI models can be easily poisoned, allowing attackers to implant backdoors for under $100. Katie Paxton-Fear successfully manipulated a model to execute remote code…
A new wave of scams utilizing fake CAPTCHA prompts has emerged, allowing attackers to install malware without traditional download methods. Known as 'ClickFix,' this tactic tricks users into executing malicious scripts…