Topic: chinese threat actors
-
Cisco Email Security Appliances Hacked via Unpatched Zero-Day
A critical zero-day vulnerability (CVE-2025-20393) in Cisco email security appliances is being exploited, allowing attackers to gain full control, particularly when a non-default Spam Quarantine feature is exposed to the internet. Attackers have installed a sophisticated toolkit for persistent, s...
Read More » -
'BRICKSTORM' Backdoor: Chinese Hackers Target US Firms
A sophisticated cyber espionage campaign using the BRICKSTORM backdoor is targeting U.S. companies, particularly in legal, tech, and SaaS sectors, and is attributed to Chinese-aligned hackers with goals beyond intelligence gathering. The threat actors, known as UNC5221, employ a complex, multi-st...
Read More » -
State Hackers Exploit Most Software Vulnerabilities
State-sponsored hackers were responsible for over half of all attributed software vulnerability exploits in the first half of 2025, primarily targeting critical infrastructure and enterprise systems for espionage rather than financial gain. Chinese state-linked groups dominated these activities, ...
Read More » -
Ransomware Attacks Target Vulnerable SharePoint Servers
Chinese-linked threat actors are exploiting critical SharePoint vulnerabilities (CVE-2025-53770 and CVE-2025-53771) to deploy Warlock ransomware, targeting over 400 organizations, including US federal agencies. Suspected Chinese hacking groups Storm-2603, Linen Typhoon, and Violet Typhoon are usi...
Read More » -
State-Sponsored Hackers Hijacked Notepad++ Updates
A suspected Chinese state-sponsored hacking group compromised Notepad++'s update server, exploiting vulnerabilities in its updater to deliver malicious software to targeted organizations in East Asia. The attackers maintained access for months by hijacking the shared hosting infrastructure, redir...
Read More » -
CISA Warns: VMware ESXi Flaw Actively Exploited by Ransomware
CISA warns that a critical, patched VMware ESXi vulnerability (CVE-2025-22225) is now being actively exploited by ransomware groups to escape virtual machine sandboxes. The flaw, part of a trio of zero-days, impacts a wide range of VMware products and has reportedly been used by threat actors sin...
Read More » -
CISA Warns: Ransomware Attackers Exploit VMware ESXi Flaw
A critical VMware ESXi vulnerability (CVE-2025-22225) is now actively exploited by ransomware groups, prompting urgent patching calls from CISA. The flaw is part of a trio of zero-days; new analysis reveals a toolkit weaponizing all three, potentially developed by Chinese-speaking actors as early...
Read More » -
Hackers Exploit Microsoft ClickOnce & AWS for Stealth Attacks
The OneClik cyberattack campaign exploits Microsoft ClickOnce and custom Golang malware to target energy sector organizations, disguising malicious traffic within legitimate AWS cloud services. Attackers use phishing emails with fraudulent Azure-hosted sites to distribute malicious ClickOnce file...
Read More » -
North Korean Hackers Target React2Shell Flaw in EtherRAT Malware
A sophisticated malware implant called EtherRAT exploits the critical React2Shell vulnerability, using Ethereum smart contracts for command-and-control and establishing five persistence mechanisms on Linux systems, with links to North Korean threat actors. The React2Shell vulnerability is a sever...
Read More » -
Colt Data Breach: Warlock Ransomware Auctions Stolen Customer Files
Colt Technology Services experienced a data breach where customer documentation was stolen and is now being auctioned online by the Warlock ransomware gang. The stolen files include sensitive financial records, network architecture details, and extensive customer information, with the gang demand...
Read More »