uac-0226
UAC-0226, a threat cluster tracked by CERT-UA has intensified cyber-espionage operations against Ukrainian military, law enforcement, and government institutions since early 2025.
china
In April 2024, the People’s Liberation Army (PLA) disbanded its Strategic Support Force (SSF), establishing three independent branches: the Cyberspace Force, Aerospace Force, and Information Support Force (ISF). This reorganization reflects a strategic pivot toward specialization and operation...
phishing
Healthcare organizations with SIEM deployments and immature SOCs face escalating risks from AI-driven vishing attacks leveraging voice deepfakes. This analysis outlines a pragmatic, phased approach for integrating AI-based voice deepfake detection and audio watermarking..
lap-dogs
LapDogs, PolarEdge, and Volt Typhoon represent a new wave of China-linked ORB (Operational Relay Box) networks, each leveraging compromised SOHO routers, IoT devices, and enterprise infrastructure to conduct targeted, persistent espionage. LapDogs, first identified in 2025, uses the "ShortLeash"..
edr
This analysis delivers a comprehensive, data-driven comparison of the top five Endpoint Detection and Response (EDR) platforms in the US market for 2026: CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne Singularity, Palo Alto Cortex XDR, and Bitdefender GravityZone.
predatory-sparrow
Predatory Sparrow (Gonjeshke Darande) is a pro-Israel hacktivist group, likely state-affiliated, that has escalated destructive cyber operations against Iranian critical infrastructure since the early 2020s. Their attacks—most recently the June 2025 disruption of Bank Sepah—employ ransomware...
iran
Iranian cyber threat actors have evolved into highly capable, multi-motivated operators, leveraging both state sponsorship and ransomware affiliate partnerships to conduct espionage, sabotage, and financially motivated attacks. In 2025, the Iran-Israel conflict has catalyzed a surge in..
Stealth Falcon, OilRig, Molerats, and Dark Caracal represent the most active and sophisticated Middle Eastern APT groups, each aligned with state or political interests and employing advanced tactics for espionage, surveillance, and disruption. Stealth Falcon’s exploitation of CVE-2025-33053..
Sandworm, a Russian GRU-affiliated cyber threat group (Unit 74455), continues to escalate its offensive cyber operations, with a primary focus on Ukraine and Western allies. The group is notorious for high-impact attacks such as the 2015-2016 Ukrainian power grid blackouts...
Void Blizzard, a Russian state-sponsored APT attributed to the GRU and tracked as Laundry Bear by Dutch intelligence, has rapidly emerged as a major cyber espionage threat since April 2024. The group targets government, defense, telecommunications, NGOs, and critical infrastructure across NATO...
Bumblebee malware has escalated its tactics by compromising the supply chain of RVTools, a widely used VMware utility, to deliver trojanized installers containing a malicious version.dll loader. This attack, detected in May 2025, distributed malware via both official and typosquatted domains..
Cut Through the Noise: Intelligence-Driven Insights Tailored for Your Security Needs
Stealth Falcon, OilRig, Molerats, and Dark Caracal represent the most active and sophisticated Middle Eastern APT groups, each aligned with state or political interests and employing advanced tactics for espionage, surveillance, and disruption. Stealth Falcon’s exploitation of CVE-2025-33053..
BADBOX 2.0 represents a significant escalation in global supply chain cyber threats, infecting over 1 million off-brand AOSP devices—including TVs, smartphones, tablets, and car infotainment systems—via pre-installed firmware backdoors and malicious apps.
Sandworm, a Russian GRU-affiliated cyber threat group (Unit 74455), continues to escalate its offensive cyber operations, with a primary focus on Ukraine and Western allies. The group is notorious for high-impact attacks such as the 2015-2016 Ukrainian power grid blackouts...
VenomRAT, first observed in 2020 as a fork of Quasar RAT, has evolved into a modular, service-based remote access trojan with advanced keylogging, stealth, and evasion capabilities. It is distributed primarily through phishing campaigns and fake antivirus websites (notably Bitdefender clones)...
Void Blizzard, a Russian state-sponsored APT attributed to the GRU and tracked as Laundry Bear by Dutch intelligence, has rapidly emerged as a major cyber espionage threat since April 2024. The group targets government, defense, telecommunications, NGOs, and critical infrastructure across NATO...
Venom Spider (TA4557) is a financially motivated cybercriminal group specializing in spear-phishing campaigns against HR professionals, primarily in the U.S., U.K., Canada, Australia, and Germany. Their attacks exploit the HR function’s need to process external attachments..
Bumblebee malware has escalated its tactics by compromising the supply chain of RVTools, a widely used VMware utility, to deliver trojanized installers containing a malicious version.dll loader. This attack, detected in May 2025, distributed malware via both official and typosquatted domains..
DragonForce has rapidly evolved into a major RaaS operation, distinguished by its sophisticated use of BYOVD techniques to bypass EDR and escalate privileges. The group’s modular ransomware builder allows affiliates to select vulnerable drivers (notably TrueSight.sys, RentDrv.sys) for process ter...
LOSTKEYS, first observed in early 2025, marks a significant evolution in Russian cyber-espionage, attributed to the FSB-backed COLDRIVER group. Unlike traditional spear-phishing, LOSTKEYS employs a sophisticated multi-stage infection chain initiated by fake CAPTCHA lure websites (ClickFix)...
Gunra ransomware is a newly emerged, highly sophisticated double-extortion threat, first detected in April 2025 and attributed to a financially motivated group leveraging the Conti ransomware codebase. It targets Windows environments...
Golden Chickens (aka Venom Spider) is a financially motivated Eastern European threat actor operating a modular malware-as-a-service (MaaS) platform since at least 2017..
TheWizards is a China-aligned APT group, active since at least 2022, specializing in espionage and influence operations across Asia and the Middle East. Their hallmark is the use of IPv6 SLAAC spoofing to hijack legitimate software update mechanisms—most notably Tencent QQ..