A newly formed Russian hacktivist alliance called Russian Legion has launched OpDenmark, a coordinated cyberattack campaign against Danish critical infrastructure in retaliation for the country’s 1.5 billion DKK military aid package to Ukraine.
Google Threat Intelligence reveals widespread exploitation of CVE-2025-8088 by Russian APT groups, Chinese actors, and cybercriminals. The WinRAR path traversal flaw enables payload delivery via the Windows Startup folder, with active campaigns targeting Ukraine, LATAM, and financial sectors.
Russian APT group Sandworm attempted to deploy destructive DynoWiper malware against Polish power plants in late December 2025. The attack was thwarted, but highlights ongoing threats to critical infrastructure from state-sponsored actors.
