A powerful iOS exploit kit named “Coruna” has transitioned from elite surveillance operations to financially motivated cryptocurrency theft, signaling a dangerous shift in the mobile threat landscape. From Spyware Vendor to Cybercriminal Hands Google Threat Intelligence Group (GTIG) has disclosed details on a previously undocumented iOS exploit kit containing 23 exploits and five full exploit…
Cisco Talos has disclosed a new threat activity cluster, UAT-9244, assessed with high confidence to be a China-nexus advanced persistent threat (APT) actor closely associated with FamousSparrow and Tropic Trooper. Since 2024, the group has targeted critical telecommunications infrastructure in South America with three distinct malware implants. Key Findings TernDoor: A new Windows backdoor variant…
Microsoft, Europol, and a coalition of cybersecurity partners have dismantled Tycoon 2FA, one of the most prolific phishing-as-a-service (PhaaS) platforms ever documented, seizing 330 domains used for credential theft and multi-factor authentication bypass. The coordinated takedown marks the first cross-border public-private action of its kind under a U.S. court order and Europol’s Cyber Intelligence Extension…
Cisco has released critical security updates to address two maximum-severity vulnerabilities in its Secure Firewall Management Center (FMC) software that could allow unauthenticated remote attackers to gain complete root access to affected systems. Critical Vulnerabilities Overview Secure FMC serves as the central management interface for Cisco firewall administrators, providing control over application policies, intrusion prevention,…
Team Cymru has revealed that threat actors behind the recent AI-assisted campaign targeting Fortinet FortiGate appliances leveraged an open-source, AI-native security testing platform called CyberStrikeAI to execute mass automated attacks, compromising over 600 devices across 55 countries. Key Findings The investigation traced back to IP address 212.11.64[.]250, used by a suspected Russian-speaking threat actor for…
Akamai SIRT discovers Zerobot botnet actively exploiting CVE-2025-68613 in n8n workflow automation platform, marking a shift from traditional IoT targeting to enterprise infrastructure.
Check Point Research has unveiled a sophisticated Chinese APT campaign dubbed Silver Dragon that has been actively targeting government entities and organizations across Southeast Asia and Europe since mid-2024. The threat actor operates within the umbrella of Chinese-nexus APT41 and employs multiple infection chains to deliver custom backdoors designed for covert data exfiltration. Campaign Overview…
Russia’s state-sponsored threat actor APT28 (also known as Fancy Bear) has been linked to active exploitation of CVE-2026-21513, a high-severity MSHTML zero-day vulnerability, before Microsoft released its patch in February 2026. This finding comes from new research published by Akamai, highlighting the sophisticated tradecraft employed by Russian intelligence operations. Vulnerability Details CVE-2026-21513 carries a CVSS…
A sophisticated supply chain attack has been uncovered targeting Go developers through a malicious module that impersonates the legitimate golang.org/x/crypto library. The attack demonstrates how threat actors are increasingly exploiting namespace confusion to compromise developer environments and deploy persistent backdoors. The Attack Mechanism Security researchers at Socket discovered the malicious module github[.]com/xinfeisoft/crypto, which masquerades as…
A sophisticated phishing campaign has been discovered that transforms web browsers into comprehensive surveillance platforms by masquerading as a Google Account security page. According to Malwarebytes researchers, this attack represents one of the most fully-featured browser-based surveillance toolkits observed in the wild. Attack Methodology The attack begins with a convincing replica of a Google Account…
