Senior US Officials Impersonated in Malicious Messaging Campaign

FBI is issuing this announcement to warn and provide mitigation tips to the public about an ongoing malicious text and voice messaging campaign. Since April 2025, malicious actors have impersonated senior US officials to target individuals, many of whom are Read More …

Israeli spyware firm NSO to pay Meta $168m. in damages for hijacking WhatsApp servers

A federal jury in California handed Israel’s NSO Group a $168 million penalty on Tuesday for hijacking the servers of WhatsApp in order to hack users of the Meta-owned chat platform on behalf of foreign spy agencies. The case caps Read More …

Lampion Is Back With ClickFix Lures

Unit 42 researchers recently uncovered a highly focused malicious campaign targeting dozens of Portuguese organizations, particularly in the government, finance and transportation sectors. This campaign was orchestrated by the threat actors behind Lampion malware, an infostealer that focuses on sensitive Read More …

TeleMessage, a modified Signal clone used by US government officials, has been hacked

A hacker has exploited a vulnerability in TeleMessage, which provides modded versions of encrypted messaging apps such as Signal, Telegram, and WhatsApp, to extract archived messages and other data relating to U.S. government officials and companies who used the tool, Read More …

Apple notifies new victims of spyware attacks across the world

Apple sent notifications this week to several people who the company believes were targeted with government spyware, according to two of the alleged targets. In the past, Apple has sent similar notifications to targets and victims of spyware, and directed Read More …

Earth Kurma APT Campaign Targets Southeast Asian Government, Telecom Sectors

Trend Research uncovered a sophisticated APT campaign targeting government and telecommunications sectors in Southeast Asia. Named Earth Kurma, the attackers use advanced custom malware, rootkits, and cloud storage services for data exfiltration. Earth Kurma demonstrates adaptive malware toolsets, strategic infrastructure Read More …

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

Day after day, threat actors create new malware to use in cyberattacks. Each of these new implants is developed in its own way, and as a result gets its own destiny – while the use of some malware families is Read More …

Suspected Kimsuky (APT-Q-2) attacks South Korean companies

Kimsuky, alias Mystery Baby, Baby Coin, Smoke Screen, Black Banshe, etc., is tracked internally by Qi’anxin as APT-Q-2. The APT group was publicly disclosed in 2013, with attack activity dating as far back as 2012. Kimsuky’s main target for attacks Read More …

GOFFEE continues to attack organizations in Russia

GOFFEE is a threat actor that first came to our attention in early 2022. Since then, Kaspersky researchers have observed malicious activities targeting exclusively entities located in the Russian Federation, leveraging spear phishing emails with a malicious attachment. Starting in Read More …

Trump orders federal investigation into former CISA director Chris Krebs

President Trump on Wednesday ordered a federal investigation into Chris Krebs, the former director of U.S. cybersecurity agency CISA. In a new executive order, Trump instructed the Department of Homeland Security, which houses CISA, and the U.S. attorney general to Read More …