Smart Topics

Smart Topics (25 live) - ThreatCluster

Browse 25 live Smart Topics on ThreatCluster, plus 55 archived historic ones. Auto-grouped story arcs across cybersecurity coverage.

Live Smart Topics (25)

• Critical RCE and DoS Vulnerabilities Actively Exploited in Enterprise and Linux Ecosystems — Multiple clusters report active exploitation and patching of critical remote code execution and denial-of-service vulnerabilities across widely used enterprise software, Linux kernels, distributions, and open-source components. (84 clusters · last seen 2026-06-11)
• Geopolitical Conflicts Fuel Cyber and Kinetic Attacks on Critical Infrastructure — Clusters highlight state-backed cyber and kinetic attacks, drone and naval military developments, sanctions enforcement, and hybrid operations impacting critical infrastructure and regional security amid ongoing geopolitical tensions. (83 clusters · last seen 2026-06-11)
• State-Sponsored Cyber Espionage and Influence Operations Targeting Critical Infrastructure and Media — Clusters reveal nation-state cyber espionage campaigns using sophisticated malware, social engineering, fake personas, and disinformation to influence elections, surveil journalists, and target critical infrastructure. (56 clusters · last seen 2026-06-11)
• Novel Malware and AI-Driven Phishing Campaigns Targeting Credentials and Cryptocurrency — Multiple clusters describe phishing-as-a-service, AI-enabled phishing, social engineering scams, malware exploiting software supply chains, session hijacking, and cryptocurrency wallet compromises targeting diverse user groups. (56 clusters · last seen 2026-06-11)
• Cryptocurrency Exploits, Laundering Schemes, and Financial Crime Prosecutions — Clusters highlight large-scale cryptocurrency thefts, smart contract and cross-chain bridge vulnerabilities, laundering schemes, and law enforcement actions disrupting crypto-enabled financial crimes. (35 clusters · last seen 2026-06-11)
• Critical Vulnerabilities and Supply Chain Attacks in Software Platforms and Developer Tools — Clusters describe critical flaws and active exploits in enterprise software, server management, developer tools, and npm ecosystems enabling remote code execution and supply chain compromises. (28 clusters · last seen 2026-06-11)
• Emerging Ransomware and Malware Strains Causing Operational Disruptions and Data Loss — New ransomware variants and malware campaigns are causing permanent data loss, operational shutdowns in critical infrastructure and education sectors, and evolving extortion tactics. (15 clusters · last seen 2026-06-11)
• Russian energy sector targeting and threats — Cyber activities and physical threats involving Russian actors targeting energy infrastructure and resources. (48 clusters · last seen 2026-05-29)
• Iranian actors targeting energy infrastructure — Cyber threat activity involving Iranian entities targeting energy sector infrastructure and related systems. (41 clusters · last seen 2026-05-29)
• Chinese government targeting international research institutions — Cyber activities linked to Chinese government entities targeting global research projects and academic institutions. (33 clusters · last seen 2026-05-29)
• Russian government targeting government sectors — Cyber activities by Russian state actors aimed at government entities across various regions and sectors. (32 clusters · last seen 2026-05-29)
• Chinese financial sector targeting and defense activities — Cyber threat activities involving Chinese financial institutions, including targeted attacks, partnerships, and regulatory responses. (27 clusters · last seen 2026-05-29)
• North Korean Lazarus Group targeting cryptocurrency platforms — Cyber threat activity involving North Korea's Lazarus Group focusing on cryptocurrency exchanges, wallets, and blockchain infrastructure. (21 clusters · last seen 2026-05-29)
• Indian government targeting digital infrastructure — Cyber threat activities by actors targeting India's government digital infrastructure and online services. (18 clusters · last seen 2026-05-29)
• German government targeting cyber threat actors — Cybersecurity stories involving German government entities facing or responding to cyber threats and attacks. (14 clusters · last seen 2026-05-29)
• German financial sector targeted by cyber threat actors — Cyber threat groups are actively targeting financial institutions in Germany through various attack methods and malware campaigns. (13 clusters · last seen 2026-05-29)
• Chinese transportation sector cyber activities — Monitoring cyber operations and vulnerabilities targeting China's transportation infrastructure and related entities. (12 clusters · last seen 2026-05-29)
• Indian healthcare sector targeted by cyber threat actors — Cybersecurity stories involving Indian healthcare organizations facing attacks, vulnerabilities, or malware campaigns. (11 clusters · last seen 2026-05-29)
• Canadian financial sector targeted by cyber threats — Cyber threat actors are actively targeting Canada's financial industry through various attack vectors, impacting institutions and infrastructure. (11 clusters · last seen 2026-05-29)
• Canadian energy sector targeted by cyber threats — Cybersecurity stories involving Canadian energy companies and infrastructure, highlighting threat actors and their targeting activities. (11 clusters · last seen 2026-05-29)
• German supply chain actors targeted by malicious packages — Cyber threat activity involving German entities compromised through supply chain attacks on software and hardware components. (10 clusters · last seen 2026-05-29)
• Russian DDoS activity targeting infrastructure — Analysis of distributed denial-of-service campaigns originating from Russia aimed at various sectors and services. (8 clusters · last seen 2026-05-29)
• TeamPCP supply chain activity — Analysis of supply chain attacks involving TeamPCP targeting software packages, cloud services, and development tools. (8 clusters · last seen 2026-05-29)
• Iranian DDoS activity targeting regional services — This topic covers DDoS campaigns originating from Iran aimed at various sectors and infrastructure within the region. (8 clusters · last seen 2026-05-29)
• Indian financial sector cybersecurity activity — Monitoring cyber operations and threats targeting India's financial industry, including malware, hacking groups, and defense efforts. (6 clusters · last seen 2026-05-29)

Archived Smart Topics (55)

• This Week’s AI Attack Vectors: Prompt Injection and Autonomous Agent Flaws — Emerging AI threats include prompt injection attacks on AI and CI/CD systems, vulnerabilities in autonomous AI agents, AI-driven phishing, and AI-powered defense tools addressing these evolving risks. (78 clusters · last seen 2026-06-07)
• Geopolitical Cyber-Physical Attacks Disrupting Critical Infrastructure — Ongoing geopolitical tensions drive cyber and kinetic attacks, espionage, military escalations, and disruptions to energy, maritime, and supply chain infrastructure across multiple regions. (62 clusters · last seen 2026-06-07)
• Drone Warfare and Counter-Drone Tactics in Current Conflicts — Clusters highlight drone attacks, GPS jamming/spoofing, and counter-drone developments impacting military, civilian, and critical infrastructure sectors amid ongoing conflicts including Ukraine. (38 clusters · last seen 2026-06-07)
• AI-Enhanced Phishing and Social Engineering Campaigns — Multiple campaigns use hacked social media accounts, major ad and messaging platforms, AI-enhanced phishing kits, and novel social engineering tactics to distribute scams, malware, and credential theft. (35 clusters · last seen 2026-06-07)
• This Week’s Cryptocurrency Exploits and Wallet Thefts — Significant financial losses arise from crypto bridge exploits, smart contract vulnerabilities, phishing, laundering networks, and multisig wallet security incidents targeting high-value cryptocurrency holders. (28 clusters · last seen 2026-06-07)
• Global Law Enforcement Crackdowns on Cybercrime Marketplaces and Ransomware — Clusters highlight prosecutions, regulatory actions, and multinational efforts against dark web markets, ransomware campaigns, and extortion targeting critical infrastructure and healthcare. (16 clusters · last seen 2026-06-07)
• Supply Chain Attacks Targeting Developer Tools and Software Ecosystems — Attackers increasingly compromise developer tools, third-party modules, and npm typosquatting to infiltrate software builds and steal credentials, impacting software supply chains. (7 clusters · last seen 2026-06-07)
• State-linked cyber and kinetic attacks on critical infrastructure and maritime assets — State-linked cyber and kinetic operations target critical infrastructure including nuclear plants, undersea cables, and maritime assets amid geopolitical tensions and gray-zone conflicts. (52 clusters · last seen 2026-06-05)
• Drone and cyber-physical warfare in the Russia-Ukraine conflict — Ongoing Russia-Ukraine hostilities feature coordinated drone strikes, missile attacks, cyber intrusions, and counter-drone operations targeting military and critical infrastructure assets. (41 clusters · last seen 2026-06-05)
• Cryptocurrency wallet and smart contract exploits surge this week — Financial losses mount from exploits targeting cryptocurrency wallets, smart contracts, cross-chain bridges, and third-party modules, alongside money laundering and kidnapping schemes involving crypto assets. (40 clusters · last seen 2026-06-05)
• State-backed cyber espionage leveraging cloud and social engineering this week — Nation-state actors conduct sophisticated cyber espionage campaigns using cloud platforms, social engineering, fake profiles, and spyware to target governments, military, journalists, and activists amid geopolitical tensions. (36 clusters · last seen 2026-06-05)
• Supply chain attacks hit developer tools and open-source ecosystems this week — Attackers exploit trusted developer environments and open-source package repositories through malicious versions and compromised components to infiltrate software supply chains and developer credentials. (16 clusters · last seen 2026-06-05)
• This Week’s Surge in AI-Powered Cyberattacks and Defenses — Emerging AI-powered attack techniques including prompt injection, AI-enabled phishing, deepfake fraud, and AI-driven malware are met with new AI-based security tools, governance efforts, and incident response platforms addressing vulnerabil (76 clusters · last seen 2026-06-04)
• Crypto Ecosystem Under Siege: Exploits, Phishing, and Laundering This Week — Sophisticated malware campaigns, bridge and smart contract exploits, phishing scams, multisig tampering, and money laundering networks are causing significant financial losses and prompting law enforcement actions in the crypto space. (44 clusters · last seen 2026-06-04)
• Recent State-Backed Espionage via Social Engineering and Cloud Abuse — State-backed espionage campaigns exploit social engineering tactics, fake profiles, and cloud platforms to target governments, political figures, journalists, and critical sectors amid geopolitical tensions. (43 clusters · last seen 2026-06-04)
• Geopolitical cyber and kinetic conflict in Russia-Ukraine and regional theaters — Ongoing cyberattacks, drone and kinetic strikes, espionage, sanctions enforcement, and military posturing characterize the multifaceted conflict involving Russia, Ukraine, and regional actors including Iran, Greece, and North Korea. (30 clusters · last seen 2026-06-04)
• Emerging OT Attacks Target Physical Processes and Defensive Advances — Industrial control systems face new vulnerabilities and exploits, with cyberattacks shifting from reconnaissance to physical process manipulation, while market growth and strategic acquisitions drive improved OT security frameworks. (20 clusters · last seen 2026-06-04)
• Drone Warfare and Counter-Drone Tech in Ongoing Conflicts — The evolving use of weaponized drones and electronic countermeasures, including interceptor drones, plays a significant role in ongoing military engagements, particularly in the Ukraine conflict. (12 clusters · last seen 2026-06-04)
• Spike in Supply Chain Attacks Targeting Developer Tools and Open Source — Attackers increasingly compromise developer environments and open-source software dependencies, including package repositories like npm, to infiltrate software supply chains and steal developer credentials. (12 clusters · last seen 2026-06-04)
• New Zero-Click Spyware Campaigns Targeting Journalists and Activists — Advanced spyware leveraging zero-click exploits is actively used in targeted surveillance and hacking campaigns against journalists and activists, prompting enhanced device security measures. (8 clusters · last seen 2026-06-04)
• Russia-Ukraine and Iran-related cyber and military operations impacting infrastructure — Ongoing geopolitical conflicts, including the Russia-Ukraine and Iran-related tensions, fuel cyberattacks, sanctions, military escalations, and international defense partnerships affecting critical infrastructure and regional stability. (84 clusters · last seen 2026-06-03)
• AI-enhanced phishing campaigns targeting financial services — Sophisticated phishing and social engineering attacks leverage AI enhancements and impersonation of trusted brands to steal credentials and defraud users across financial and corporate sectors. (40 clusters · last seen 2026-06-03)
• Critical Linux kernel vulnerabilities enabling remote exploitation — Multiple critical vulnerabilities affecting Linux kernels and distributions including Ubuntu, Fedora, SUSE, and Oracle allow remote code execution, denial of service, and privilege escalation, prompting urgent patches. (38 clusters · last seen 2026-06-03)
• Cryptocurrency ecosystem attacks: exploits, scams, and laundering — Cryptocurrency platforms face threats from private key compromises, multisig tampering, smart contract exploits, laundering networks, and emerging quantum risks leading to multimillion-dollar losses. (32 clusters · last seen 2026-06-03)
• Supply chain attacks targeting developer tools and open-source packages — Attackers compromise developer environments, GitHub accounts, npm packages, and third-party modules to inject malicious code, steal credentials, and facilitate large-scale crypto thefts. (26 clusters · last seen 2026-06-03)
• Drone warfare and counter-drone operations in Ukraine and regional conflicts — Advancements in drone technologies, including weaponized drones and electronic countermeasures, are prominently featured in the Ukraine conflict and other regional military operations. (21 clusters · last seen 2026-06-03)
• Ransomware and malware campaigns exploiting credential theft and evasion — New ransomware strains and malware use stolen credentials, browser-based attack vectors, and obfuscation techniques to infiltrate healthcare, critical infrastructure, and enterprise environments. (16 clusters · last seen 2026-06-03)
• Advanced spyware targeting journalists and activists — State-linked spyware firms deploy zero-click exploits and human intelligence operations to surveil journalists and activists, raising significant privacy and security concerns. (8 clusters · last seen 2026-06-03)
• Escalating Russia-China-Iran cyber espionage and influence amid geopolitical tensions — Clusters highlight escalating geopolitical conflicts driving cyber espionage, military modernization, election interference, sanctions enforcement, and cyber influence operations involving Russia, China, Iran, North Korea, and regional acto (104 clusters · last seen 2026-05-31)
• Surge in smart contract exploits and wallet thefts in cryptocurrency ecosystem — Clusters describe attacks exploiting smart contract vulnerabilities, third-party module flaws, key compromises, and social engineering scams leading to large-scale crypto theft, fraud, and illicit finance including terrorism and drug traffi (44 clusters · last seen 2026-05-31)
• Spike in critical infrastructure cyberattacks triggers national security responses — Rising cyberattacks and vulnerabilities in critical infrastructure sectors including energy, water, and military networks prompt government initiatives, strategic partnerships, and policy shifts to enhance cybersecurity and resilience. (36 clusters · last seen 2026-05-31)
• State spyware campaigns targeting journalists and activists exposed — State-linked spyware campaigns and intelligence operations focus on journalists, activists, and academic communities, prompting enhanced anti-spyware defenses and revealing covert influence and recruitment efforts. (22 clusters · last seen 2026-05-31)
• Supply chain attacks hit developer tools and open-source ecosystems — Recent supply chain compromises focus on developer environments, open-source package repositories, and CI/CD workflows to infiltrate software development pipelines and steal cloud and infrastructure credentials. (20 clusters · last seen 2026-05-31)
• Weaponized drone strikes and countermeasures in Ukraine conflict — Reports cover the development, deployment, and countermeasures of weaponized drones in military and border security contexts, including drone strikes disrupting logistics in conflicts such as Ukraine. (19 clusters · last seen 2026-05-31)
• State-linked cyber espionage and influence operations amid Ukraine and Asia-Pacific tensions — Nation-state actors conduct sustained cyber espionage, disinformation, hybrid warfare, and influence campaigns targeting critical infrastructure, regional adversaries, and geopolitical hotspots including Ukraine and Asia-Pacific. (48 clusters · last seen 2026-05-28)
• Sophisticated exploits and malware targeting cryptocurrency ecosystem — The cryptocurrency sector faces multi-million dollar thefts and scams through blockchain and smart contract exploits, novel malware, social engineering, and AI-enhanced phishing campaigns. (45 clusters · last seen 2026-05-28)
• Supply chain attacks targeting open-source and developer ecosystems — Attackers increasingly compromise open-source packages, developer tools, CI/CD pipelines, and software repositories to deliver malware and steal credentials. (28 clusters · last seen 2026-05-28)
• OT and critical infrastructure cyberattacks shift toward physical disruption — Cyber threats against OT and critical infrastructure are shifting from reconnaissance to active physical process manipulation, prompting new defense centers and AI-powered security solutions. (24 clusters · last seen 2026-05-28)
• Emerging AI-driven cyber threats: phishing, prompt injection, and autonomous agent exploits — AI technologies are increasingly exploited for malicious purposes such as AI-powered phishing, prompt injection attacks, autonomous AI agent vulnerabilities, and AI-generated non-consensual content. (23 clusters · last seen 2026-05-28)
• Emerging drone threats and countermeasures in military and public event contexts — Recent incidents include drone attacks, crashes, GPS and satellite signal interference, and deployment of anti-drone systems in conflict zones and large public venues. (23 clusters · last seen 2026-05-28)
• Ransomware campaigns exploiting remote access protocols and network edge devices — Ransomware-as-a-Service groups increasingly leverage vulnerabilities in Remote Desktop Protocol and network edge devices to conduct widespread double-extortion attacks and expand victim counts. (16 clusters · last seen 2026-05-28)
• Law enforcement takedowns and controversies involving cybercrime infrastructure and spyware tools — International law enforcement operations disrupt cybercrime enablers such as VPN services and cryptocurrency networks, while the deployment of advanced spyware tools by authorities faces political and legal scrutiny. (8 clusters · last seen 2026-05-28)
• Iranian government cyber activities — Tracking cyber operations and espionage activities conducted by Iran against government entities and regional targets. (23 clusters · last seen 2026-05-28)
• Ethereum and DeFi platform exploits and recovery efforts — Monitoring cyber incidents involving Ethereum and DeFi projects, including exploits, asset recoveries, and related threat actor activity. (12 clusters · last seen 2026-05-27)
• Supply chain attacks targeting Ukraine — Analysis of supply chain compromises involving Ukrainian entities and the methods used to target critical infrastructure and software providers. (10 clusters · last seen 2026-05-27)
• Iranian cyber activities targeting healthcare sector — Monitoring cyber espionage and attack campaigns by Iranian actors against healthcare organizations and infrastructure. (8 clusters · last seen 2026-05-27)
• Chinese manufacturing sector targeted by cyber threats — Cyber threat actors focus on Chinese manufacturing companies, aiming to disrupt operations, steal intellectual property, or conduct espionage. (13 clusters · last seen 2026-05-26)
• Ukraine-related financial sector cyber activities — Analysis of cyber operations and threats targeting Ukraine's financial industry by various actors and regions. (10 clusters · last seen 2026-05-26)
• Supply chain attackers deploying Shai-hulud malware — Cyber threat actors leveraging supply chain methods to distribute Shai-hulud malware across software ecosystems. (10 clusters · last seen 2026-05-26)
• Chinese actors conducting DDoS attacks — Analysis of cyber threat activity involving DDoS campaigns orchestrated by Chinese entities targeting various sectors and regions. (9 clusters · last seen 2026-05-26)
• UK energy sector targeted by cyber actors — Cyber threat activity involving actors targeting the United Kingdom's energy infrastructure through various attack vectors and tactics. (9 clusters · last seen 2026-05-26)
• Taiwanese technology sector targeted by cyber actors — Cyber threat activity involving Taiwanese technology companies, supply chains, and infrastructure, highlighting regional cyber operations. (8 clusters · last seen 2026-05-26)
• Indian manufacturing sector targeted by cyber actors — Cybersecurity stories involving threat actors targeting manufacturing companies and infrastructure within India. (8 clusters · last seen 2026-05-26)
• Japanese supply chain actors targeted by cyber attacks — Cyber threat activity involving Japanese entities and supply chain infrastructure, highlighting targeted attacks and vulnerabilities. (8 clusters · last seen 2026-05-26)
• Australian energy sector targeted by cyber actors — Cyber threat activity involving Australian energy companies and infrastructure, highlighting sector-specific cyber operations. (5 clusters · last seen 2026-05-26)