Topic: apt groups
-
Google: Hackers Use Gemini AI for Every Attack Phase
State-sponsored hacking groups from China, Iran, North Korea, and Russia are using Google's Gemini AI to conduct reconnaissance, craft phishing messages, write malicious code, and plan sophisticated attacks. These actors integrate AI into core workflows, such as automating vulnerability analysis,...
Read More » -
Nation-State Hackers Now Using Gemini AI in Attacks
Nation-state hacking groups from Iran, China, and North Korea are increasingly using AI tools like Google's Gemini to enhance offensive cyber operations, particularly for reconnaissance, social engineering, and intelligence gathering. These actors leverage generative AI for tasks such as writing ...
Read More » -
Cisco Email Security Appliances Hacked via Unpatched Zero-Day
A critical zero-day vulnerability (CVE-2025-20393) in Cisco email security appliances is being exploited, allowing attackers to gain full control, particularly when a non-default Spam Quarantine feature is exposed to the internet. Attackers have installed a sophisticated toolkit for persistent, s...
Read More » -
Patch Now: CISA Warns of Active Oracle Identity Manager Attack
A critical vulnerability (CVE-2025-61757) in Oracle Identity Manager is being actively exploited, allowing unauthenticated attackers to execute arbitrary code via HTTP. CISA has urgently added this flaw to its Known Exploited Vulnerabilities catalog, advising immediate patching or isolation of af...
Read More » -
APT37 Hackers Use Google Find Hub to Wipe Android Data
North Korean hackers are using Google's Find Hub service to remotely wipe Android devices and track locations, primarily targeting South Koreans through KakaoTalk messages and linked to known threat groups like APT37 and Kimsuky. The attack begins with spear-phishing messages impersonating author...
Read More » -
Urgent Windows 0-Day and Critical Flaw Actively Exploited
Two critical Windows vulnerabilities are being actively exploited in widespread global attacks, including a zero-day flaw used since 2017 and another that Microsoft failed to patch in a recent update. The zero-day vulnerability (CVE-2025-9491) has been exploited by up to eleven advanced threat gr...
Read More » -
ScreenConnect Flaws Exploited in Network Breaches
Cyber-attacks are increasingly using legitimate remote monitoring and management (RMM) tools like ConnectWise ScreenConnect for initial network access through phishing, providing stealthy unauthorized control. Attackers exploit ScreenConnect's features such as unattended access and VPN functional...
Read More » -
China's Salt Typhoon Hackers Target European Telecoms
A China-linked cyber espionage group known as Salt Typhoon is targeting European telecommunications providers to infiltrate critical infrastructure for intelligence gathering and surveillance. The attackers exploited a Citrix NetScaler Gateway vulnerability, deployed the SNAPPYBEE backdoor via DL...
Read More » -
Washington Post email hack exposes journalists' accounts
A sophisticated cyberattack targeted Washington Post journalists, compromising email accounts of reporters covering national security, economic policy, and China, with evidence pointing to a state-sponsored hacking group. Experts suspect advanced persistent threat (APT) groups linked to China, kn...
Read More »