網路安全資訊

Ukraine's Security Service (SSU), working alongside the U.S. Federal Bureau of Investigation (FBI), has uncovered a long-running cyber espionage campaign attributed to Russian inte...

The FBI and CISA have updated their March advisory (PSA I-062626-PSA) warning that Russian intelligence services are now actively phishing Signal users into surrendering their Back...

The FBI and CISA have issued an updated warning that Russian Intelligence Services (RIS) have evolved their phishing tactics to steal Signal Backup Recovery Keys, granting attacker...

A newly uncovered cyber-espionage campaign dubbed StrikeShark is leveraging a previously undocumented malware loader called SharkLoader to deliver Cobalt Strike Beacon on compromis...

A Chinese-speaking advanced persistent threat (APT) actor tracked as CL-STA-1062 has been linked to a newly discovered custom backdoor called TinyRCT, deployed in a sustained cyber...

Security researchers at SentinelOne have uncovered a previously undocumented Rust-based macOS implant dubbed Gaslight, attributed with high confidence to North Korea-aligned threat...

Canada's Security Intelligence Service (CSIS) executed a first-of-its-kind threat reduction warrant to neutralize two foreign-run botnets operating from infected servers, SOHO rout...

Microsoft has attributed the recent Mastra AI supply chain attack—which compromised more than 140 npm packages—to Sapphire Sleet, a North Korean state-sponsored threat group also t...

F5 has issued out-of-band security updates to remediate two critical-severity vulnerabilities in its NGINX web server software that could allow unauthenticated remote attackers to ...

Cybersecurity researchers at ESET have uncovered two previously undocumented Windows variants of SprySOCKS, a backdoor long believed to operate exclusively on Linux systems. Intern...

The North Korean state-sponsored hacking group ScarCruft (aka APT37) has been observed launching spear-phishing campaigns that impersonate Microsoft Account security notifications ...

A China-linked espionage group tracked as UNC6508 maintained undetected access to North American medical, academic, and military research networks for over a year, quietly siphonin...

Proofpoint researchers Saher Naumaan and Carlos Rubio have documented a new wave of activity from the North Korean state-aligned threat cluster tracked as Contagious Interview (als...

The Chinese state-linked espionage group "Velvet Ant" maintained undetected access to a large organization's critical infrastructure for an extraordinary 10 years, according to res...

A China-nexus advanced persistent threat tracked as Velvet Ant by incident response firm Sygnia maintained covert access to a target network for nearly a decade by compromising the...

The latest threat intelligence roundup reveals a staggering expansion of the identity-based attack economy, with Flashpoint reporting that infostealer infections on more than 11.1 ...

Vietnam-aligned threat actor OceanLotus has been linked to two parallel cyber-espionage campaigns targeting domestic entities, leveraging its signature SPECTRALVIPER backdoor in a ...

State-sponsored threat actors from China and North Korea are scaling up cyber operations across the Asia-Pacific region, leveraging tactical gains to pursue higher-value targets in...

Cybersecurity researchers at Lumen's Black Lotus Labs have identified a significant resurgence of JDY, a covert China-linked botnet that has expanded to over 1,500 compromised smal...

Two Russia-aligned cyber-espionage campaigns have continued weaponizing CVE-2025-8088, a path-traversal vulnerability in WinRAR patched in July 2025, to compromise Ukrainian organi...

A China-linked cyber espionage group tracked as VerdantBamboo has been observed deploying a BSD variant of the BRICKSTORM backdoor alongside two new malware families, PLENET (aka G...

Google Mandiant and the Google Threat Intelligence Group (GTIG) have detailed a financially motivated data theft extortion campaign by threat actor UNC3753—also tracked as Chatty S...

Unknown attackers maintained undetected access to the Outlook mailbox of a senior executive at a major global stock exchange for at least five months, systematically exfiltrating c...

A state-sponsored cyber-espionage campaign attributed to Pakistan-linked threat actors has been uncovered targeting Afghanistan's Ministry of Finance, leveraging the open-source Xe...

Russian state-sponsored hacking group Gamaredon, officially linked to the Federal Security Service (FSB), has been exploiting a WinRAR path traversal vulnerability (CVE-2025-8088) ...

Researchers at Seqrite Labs have uncovered a spear-phishing campaign dubbed Operation XENOFISCAL, attributed to the Pakistan-aligned SideCopy threat group, which is targeting Afgha...

Seqrite Labs has uncovered a sophisticated cyber espionage operation dubbed Operation Dragon Weave, targeting government officials, research institutions, and financial services in...

The Iranian threat actor MuddyWater has been linked to a sophisticated cyber espionage campaign that compromised at least nine organizations across nine countries on four continent...

The Belarus-aligned threat actor Ghostwriter, also tracked as UAC-0057 and UNC1151, has been observed conducting sophisticated phishing campaigns against Ukrainian government entit...

Cybersecurity researchers from Lumen Technologies Black Lotus Labs have uncovered a sophisticated Linux malware campaign targeting a telecommunications provider in the Middle East ...

The Belarus-aligned threat group Ghostwriter, also tracked as FrostyNeighbor, PUSHCHA, Storm-0257, TA445, UAC-0057, Umbral Bison, UNC1151, and White Lynx, has launched a fresh wave...

Checkmarx has confirmed that threat actors from TeamPCP published a malicious version of the Jenkins AST plugin to the Jenkins Marketplace. The compromised version, 2.0.13-829.vc72...

Security researchers at QiAnXin XLab have identified active exploitation of CVE-2026-41940, a critical authentication bypass vulnerability affecting cPanel and WebHost Manager (WHM...

A sophisticated phishing operation dubbed "Operation HookedWing" has been systematically targeting organizations across critical sectors for over four years, according to threat in...

Ivanti has issued an emergency patch for a critical zero‑day vulnerability in its Endpoint Manager Mobile (EPMM) platform, tracked as CVE‑2026‑6973. The flaw, rated 9.1 on the CVSS...

Kaspersky researchers have uncovered a convergence between the pro‑Ukraine hacktivist group BO Team and the advanced threat actor Head Mare, revealing that the two have begun shari...

Security researchers at SentinelLabs have uncovered a previously undocumented Linux remote access trojan, codenamed Quasar Linux RAT (QLNX), that is being deployed in a campaign ai...

ShinyHunters, the notorious threat group behind a string of high‑profile data thefts, announced on March 5 that it had executed a second intrusion into Instructure, the education‑t...

Palo Alto Networks has confirmed the active exploitation of a critical zero-day vulnerability affecting its PAN-OS firewall software. The flaw, tracked as CVE-2024-3400 and rated c...

Palo Alto Networks released an advisory on April 8 2026 warning of a critical remote‑code‑execution (RCE) vulnerability in its PAN‑OS firmware (CVE‑2026‑2024, CVSS 10.0). The flaw ...

Two U.S. nationals were sentenced to 18 months in federal prison each for managing laptop farms that facilitated North Korean IT workers in securing remote positions at nearly 70 A...

Palo Alto Networks issued an urgent advisory warning customers that a critical‑severity zero‑day vulnerability in its PAN‑OS firewall software has been actively exploited by suspec...

The Iranian state-sponsored threat actor MuddyWater, also tracked as Mango Sandstorm, Seedworm, and Static Kitten, has been linked to a sophisticated cyberattack that leveraged Mic...

Security analysts have uncovered a sophisticated intrusion campaign leveraging the CloudZ remote access trojan (RAT) alongside a previously undocumented plugin called Pheno to targ...

As the conflict with Iran intensifies, cyber operatives have turned their focus on the United Arab Emirates, with breach attempts spiking threefold over the past few weeks. Securit...

MuddyWater, the Iranian advanced persistent threat (APT) group also tracked as Static Kitten, has been observed disguising its espionage operations behind a non‑functional Chaos ra...

Security researchers have linked a newly tracked China‑nexus threat cluster, designated UAT‑8302, to a wave of cyber‑espionage operations targeting government agencies in South Ame...

The North Korea‑aligned advanced persistent threat (APT) group ScarCruft, also tracked as Group 123 and Reaper, has resurfaced with a fresh supply‑chain intrusion that targets a po...

Microsoft’s Threat Intelligence Center (MSTIC) has released details of a large‑scale credential‑harvesting operation that successfully targeted roughly 35,000 users in 26 countries...

Security researchers have uncovered a previously undocumented Linux implant, dubbed Quasar Linux (QLNX), that is actively targeting software developers. Discovered during an invest...

The North Korean threat group APT37, also tracked as ScarCruft, has been observed delivering an Android variant of its BirdCall backdoor through a supply‑chain compromise of a popu...

The China-based advanced persistent threat (APT) group Silver Fox, also tracked as Monarch, SwimSnake, The Great Thief of Valley, UTG-Q-1000, and Void Arachne, has launched a sophi...

Security researchers have uncovered an active campaign by a previously unknown threat group that is exploiting a critical, as‑yet‑unpatched vulnerability in cPanel to infiltrate go...

Physical cargo theft is no longer the domain of opportunistic street gangs; it has morphed into a high‑tech enterprise orchestrated by transnational cybercriminal syndicates. Accor...

Security researchers have uncovered a sophisticated campaign by the China-backed advanced persistent threat (APT) group Silver Fox, targeting organizations in India and Russia with...

A newly uncovered Vietnamese‑linked phishing campaign has compromised roughly 30,000 Facebook accounts by abusing Google’s low‑code AppSheet platform as a covert relay. Researchers...

Cybersecurity researchers have uncovered a sophisticated espionage operation linked to Chinese state actors, targeting a broad spectrum of victims across Asia and a NATO member sta...

North Korean advanced persistent threat (APT) groups have consolidated their dominance over the cryptocurrency threat landscape in 2026, accounting for an estimated 76 % of all dig...

Atos Threat Research Center (TRC) uncovered in March 2026 a highly resilient malicious operation that distributes a remote‑access trojan called EtherRAT. The campaign abuses GitHub...

A coordinated cyberattack leveraging a newly identified wiper malware, named Lotus Wiper, has struck several energy companies and utility providers in Venezuela, according to a rep...

Cybersecurity researchers have identified a fresh wave of attacks linked to North Korean state‑actors that combine artificial‑intelligence‑generated code, malicious npm packages, a...

BlueNoroff, the North Korean threat group tracked as an advanced persistent threat (APT), has refined its attack playbook by weaponizing fake Zoom calls to snare cryptocurrency exe...

The ransomware ecosystem was rocked in early 2026 when two prominent ransomware‑as‑a‑service (RaaS) operations, 0APT and KryBit, turned on each other, spilling a treasure trove of ...

A Chinese national linked to the Silk Typhoon advanced persistent threat (APT) group has been handed over to U.S. authorities after being arrested in Italy in July 2025. Xu Zewei, ...

Cybersecurity researchers have identified a sophisticated campaign conducted by the threat actor UNC6692, who is combining social engineering, custom malware, and cloud infrastruct...

Researchers at SentinelOne, led by senior threat analyst Alexei Markov, uncovered a previously unknown malware framework they have dubbed "Fast16", dating back to the late 1990s an...

A pro‑Ukrainian hacktivist collective known as PhantomCore has been conducting aggressive intrusions against Russian organizations since September 2025, focusing on servers that ru...

Security researchers at Trend Micro have uncovered a previously unknown Lua‑based malicious framework, dubbed "fast16", that was created several years before the infamous Stuxnet w...

Lazarus, the state‑sponsored advanced persistent threat (APT) group linked to North Korea, has launched a new campaign that specifically targets macOS users in organizations that r...

Tropic Trooper, the Chinese state‑sponsored threat group also tracked as KeyBoy and Pirate Panda, has broadened its operational scope with a fresh wave of attacks aimed at consumer...

Security researchers at Secureworks’ Counter Threat Unit (CTU) have uncovered a sophisticated espionage operation conducted by a Chinese state‑sponsored APT that targeted Mongolian...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed that an unidentified federal civilian executive branch agency fell victim to the FIRESTARTER backdoor...

NASA's Office of Inspector General (OIG) has disclosed a sophisticated spear‑phishing campaign orchestrated by a Chinese national who masqueraded as a U.S. defense researcher. The ...

Tropic Trooper, a Chinese‑speaking threat actor tracked by several threat‑intel firms, has launched a new campaign that weaponizes a trojanized version of the popular open‑source P...

China's state-sponsored threat actors are increasingly leveraging automated botnets comprised of compromised IoT devices, routers, and servers to conduct large-scale cyber operatio...

According to the latest Dark Reading analysis, the weekly number of cyberattacks directed at African organizations dropped by 22 % over the past year, falling from roughly 5,400 in...

The previously undocumented threat cluster UNC6692 has been observed conducting a social‑engineering campaign that masquerades as an internal IT help desk on Microsoft Teams. The a...

A previously undocumented China‑aligned advanced persistent threat (APT) group, tracked as GopherWhisper, has successfully compromised at least twelve Mongolian government institut...

Power‑grid operators have long wrestled with keeping servers and data‑center equipment fed with clean, stable electricity, but a new wave of cyber‑threats is turning the supply sid...

Tyler Robert Buchanan, a 24‑year‑old British national known in the cybercrime underground as “Tylerb,” pleaded guilty on June 5 2024 in a U.S. District Court to one count of wire‑f...

A newly identified Chinese advanced persistent threat (APT) group has launched a coordinated cyber‑espionage campaign against major Indian financial institutions and South Korean p...

Security researchers have identified a sophisticated campaign by North Korean threat actor Sapphire Sleet targeting macOS users through ClickFix attack vectors. The group, tracked ...

Security researchers have linked a new wave of cyber‑attacks to Russia’s military intelligence, specifically the APT groups tied to the GRU, which are actively exploiting known vul...

Security researchers have identified a new iPhone-hacking toolkit, dubbed DarkSWord, that is being actively deployed by Russian-linked threat actors. The toolkit exploits a previou...

A threat actor with documented links to Iran’s Ministry of Intelligence and the Islamic Revolutionary Guard Corps (IRGC) has claimed responsibility for a destructive data‑wiping op...

Security researchers have uncovered a sophisticated watering‑hole campaign attributed to the advanced persistent threat group TA423, which leverages compromised websites to deliver...