German Government Summons Russian Ambassador Over Major Cyberattack

The German government has formally summoned the Russian ambassador following the attribution of a significant cyberattack and coordinated disinformation campaign to Russian actors. This development comes amid heightened concerns regarding interference in Germany’s political processes and critical infrastructure. According to Read More …

NANOREMOTE, cousin of FINALDRAFT

In October 2025, Elastic Security Labs discovered a newly-observed Windows backdoor in telemetry. The fully-featured backdoor Elastic Security Lab call NANOREMOTE shares characteristics with malware described in REF7707 and is similar to the FINALDRAFT implant. One of the malware’s primary Read More …

SHADOW-VOID-042 Targets Multiple Industries with Void Rabisu-like Tactics

In October and November 2025, campaigns targeting sectors such as energy, defence, pharmaceuticals, and cybersecurity shared characteristics with older campaigns attributed to Void Rabisuopen on a new tab (also known as ROMCOM, Tropical Scorpius, Storm-0978). Void Rabisu is known to Read More …

Hunting for Mythic in network traffic

Threat actors frequently employ post-exploitation frameworks in cyberattacks to maintain control over compromised hosts and move laterally within the organization’s network. While they once favored closed-source frameworks, such as Cobalt Strike and Brute Ratel C4, open-source projects like Mythic, Sliver, Read More …

Researcher claims Salt Typhoon spies attended Cisco training scheme

A security researcher specializing in tracking China threats claims two of Salt Typhoon’s members were former attendees of a training scheme run by Cisco. SentinelLabs’ Dakota Cary linked Yu Yang and Qiu Daibing, two alleged members of the Chinese state Read More …

U.S. Justice Department Announces Actions to Combat Two Russian State-Sponsored Cyber Criminal Hacking Groups

The Justice Department announced two indictments in the Central District of California charging Ukrainian national Victoria Eduardovna Dubranova, 33, also known as Vika, Tory, and SovaSonya, for her role in conducting cyberattacks and computer intrusions against critical infrastructure and other Read More …

National cybercrime network operating for 14 years dismantled in Indonesia

Security researchers have uncovered enormous cybercrime infrastructure in Indonesia that’s been operating unabated for more than 14 years. The length of the operation, the domains included, the malware circulated, and the data being sold on the black market, were all Read More …

React2Shell RCE flaw exploited by Chinese hackers hours after disclosure

Just as the experts predicted, cybercriminals are now actively exploiting the critical severity vulnerability in React Server Components (RSC) that was discovered late last week. To make matters worse, the crooks observed abusing the bug seem to be working for Read More …

AI-Automated Threat Hunting Brings GhostPenguin Out of the Shadows

Hunting high-impact, advanced malware is a difficult task. It becomes even harder and more time-consuming when defenders focus on low-detection or zero-detection samples. Every day, a huge number of files are sent to platforms like VirusTotal, and the relevant ones Read More …