
A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094)
The suspected Chinese state-sponsored hackers who breached workstations of several US Treasury employees in December 2024 did so by leveraging not one, but two zero-days, …

Sandworm APT’s initial access subgroup hits organizations accross the globe
A subgroup of Russia’s Sandworm APT has been working to achieve initial and persistent access to the IT networks of organizations working in economic sectors Russia is …

China-aligned PlushDaemon APT compromises supply chain of Korean VPN
ESET researchers have uncovered a supply chain attack targeting a South Korean VPN provider, carried out by PlushDaemon, a newly identified China-aligned APT group. In this …

How Russian hackers went after NGOs’ WhatsApp accounts
Star Blizzard, a threat actor tied to the Russian Federal Security Service (FSB), was spotted attempting to compromise targets’ WhatsApp accounts through a clever …

RomCom hackers chained Firefox and Windows zero-days to deliver backdoor
Russia-aligned APT group RomCom was behind attacks that leveraged CVE-2024-9680, a remote code execution flaw in Firefox, and CVE-2024-49039, an elevation of privilege …

Faraway Russian hackers breached US organization via Wi-Fi
Forest Blizzard, a threat group associated with Russia’s GRU military intelligence service, repeatedly breached a US-based organization via compromised computer systems …

Researchers unearth two previously unknown Linux backdoors
ESET researchers have identified multiple samples of two previously unknown Linux backdoors: WolfsBane and FireWood. The goal of the backdoors and tools discovered is …

FBI confirms China-linked cyber espionage involving breached telecom providers
After months of news reports that Chinese threat actors have breached the networks of US telecommunications and internet service providers, the FBI and the Cybersecurity and …

Aerospace employees targeted with malicious “dream job” offers
It’s not just North Korean hackers who reach out to targets via LinkedIn: since at least September 2023, Iranian threat actor TA455 has been trying to compromise workers …

North Korean hackers employ new tactics to compromise crypto-related businesses
North Korean hackers are targeting crypto-related businesses with phishing emails and novel macOS-specific malware. The crypto-related phishing campaign Since July 2024, …

Russian hackers deliver malicious RDP configuration files to thousands
Midnight Blizzard – a cyber espionage group that has been linked to the Russian Foreign Intelligence Service (SVR) – is targeting government, academia, defense, …

GoldenJackal APT group breaches air-gapped systems in Europe
ESET researchers have discovered a series of attacks that took place in Europe from May 2022 to March 2024, where the attackers used a toolset capable of targeting air-gapped …
Featured news
Resources
Don't miss
- The risks of autonomous AI in machine-to-machine interactions
- Balancing cloud security with performance and availability
- The XCSSET info-stealing malware is back, targeting macOS users and devs
- A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094)
- Two Estonians plead guilty in $577M cryptocurrency Ponzi scheme