Topic: chinese hackers
-
CISA Alerts: Chinese "BrickStorm" Malware Targets VMware Servers
A sophisticated Chinese-linked malware campaign called "Brickstorm" is targeting VMware vSphere servers, using hidden virtual machines to steal credentials and compromise networks, as detailed by U.S. and Canadian cybersecurity agencies. The malware employs advanced evasion techniques like encryp...
Read More » -
Google: BrickStorm Malware Stole U.S. Data for a Year
A sophisticated cyber espionage campaign using BrickStorm malware successfully stole sensitive data from American technology, legal, SaaS, and BPO companies for over a year before being detected. The malware, attributed to China-linked group UNC5221, is a versatile backdoor that operates stealthi...
Read More » -
Hackers Exploit Anthropic's Claude AI in New Attack
State-sponsored hackers used Anthropic's Claude AI to automate 80-90% of approximately thirty cyberattacks against corporations and governments in September, significantly increasing automation levels compared to previous intrusions. The operation required minimal human oversight, with operators ...
Read More » -
Sharepoint ToolShell Attacks Strike Global Orgs on 4 Continents
The ToolShell vulnerability (CVE-2025-53770) in Microsoft SharePoint is a critical zero-day flaw that allows unauthenticated remote attackers to execute arbitrary code and access file systems, bypassing previous vulnerabilities. Microsoft attributes the exploitation to Chinese threat actors like ...
Read More » -
Cisco Customers Vulnerable to New Chinese Hacking Campaign
A Chinese state-sponsored hacking campaign is exploiting a critical zero-day vulnerability (CVE-2025-20393) in Cisco's Secure Email Gateway and Web Manager software, primarily targeting systems in India, Thailand, and the United States. The attack surface is limited to hundreds of systems, as exp...
Read More » -
Experts Challenge 90% Autonomous AI Attack Claim by Anthropic
Anthropic reports the first documented AI-driven cyber espionage by Chinese state hackers using their Claude AI tool, though independent experts are skeptical about the claims' significance. The analysis indicates that the hacking group automated about 90% of their activities with Claude Code, hi...
Read More » -
State Hackers Infiltrated Telecom Giant Ribbon for Months
Ribbon Communications disclosed that state-sponsored hackers had unauthorized access to its systems for nearly a year, starting in December 2024, and has since removed them with law enforcement involvement. The breach affected a customer base including Fortune 500 companies and government departm...
Read More » -
Cisco Warns of Chinese Hackers Using New Zero-Day
Cisco warns of an active, state-sponsored hacking campaign exploiting a critical zero-day vulnerability in its security appliances, allowing complete device takeover with no patch currently available. The flaw targets specific Cisco AsyncOS products, but exploitation requires a non-default config...
Read More » -
CISA Orders Agencies to Patch Critical Fortinet Flaw in 7 Days
CISA has mandated a 7-day deadline for U.S. government agencies to patch CVE-2025-58034, a critical Fortinet FortiWeb vulnerability being actively exploited in zero-day attacks. The vulnerability is an OS command injection flaw that allows authenticated attackers to execute arbitrary code with ro...
Read More » -
CISA Warns Active Exploits Target Critical VMware RCE Flaw
A critical security flaw (CVE-2024-37079) in VMware vCenter Server is under active exploitation, allowing remote code execution via a low-complexity attack. U.S. federal agencies are mandated to patch the vulnerability within three weeks, as there are no available workarounds, only the vendor-pro...
Read More »