Seashell Blizzard Attack Detection: A Long-Running Cyber-Espionage “BadPilot” Campaign by russian-linked Hacking Group
A nefarious russia’s APT group Seashell Blizzard also known as APT44 has been waging global cyber campaigns since at least…
Threats
UAC-0219 Attack Detection: A New Cyber-Espionage Campaign Using a PowerShell Stealer WRECKSTEEL
In late March 2025, CERT-UA observed a surge in cyber-espionage operations targeting Ukraine, orchestrated by the UAC-0200 hacking group using…
CVE-2025-1449: Rockwell Automation Verve Asset Manager Vulnerability Enables Adversaries to Gain Access to Run Arbitrary Commands
Hard on the heels of the disclosure of CVE-2025-24813, a RCE flaw in Apache Tomcat actively leveraged in the wild…
Gamaredon Campaign Detection: russia-backed APT Group Targets Ukraine Using LNK Files to Spread Remcos Backdoor
The russia-linked Gamaredon APT notorious for a wealth of cyber-offensive operations against Ukraine resurfaces in the cyber threat arena. The…
CoffeeLoader Detection: A New Sophisticated Malware Family Spread via SmokeLoader
Defenders have observed CoffeeLoader, a new stealthy malware that evades security protection using advanced evasion techniques and takes advantage of…
Weaver Ant Attack Detection: China-Linked Group Targets a Telecom Provider in Asia Using Multiple Web Shells, Including China Chopper
APT groups from China were ranked among the top global cyber threats alongside North Korea, russia, and Iran, showcasing heightened…
CVE-2025-1974: Critical Set of Vulnerabilities in Ingress NGINX Controller for Kubernetes Leading to Unauthenticated RCE
Heads-up for Kubernetes admins! A batch of five critical vulnerabilities called “IngressNightmare” (CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, and CVE-2025-1974) affecting Ingress…
CVE-2025-29927 Next.js Middleware Authorization Bypass Vulnerability
Hot on the heels of the disclosure of CVE-2025-24813, a newly uncovered RCE vulnerability in Apache Tomcat—actively exploited just 30…
CVE-2025-24813 Detection: Apache Tomcat RCE Vulnerability Actively Exploited in the Wild
A newly revealed RCE vulnerability in Apache Tomcat is under active exploitation, just 30 hours after its public disclosure and…
Operation AkaiRyū Attacks Detection: MirrorFace China-Backed APT Group Targets Central European Diplomatic Institute Using ANEL Backdoor
According to ESET APT Activity Report Q2 2024-Q3 2024, China-linked threat groups dominate global APT campaigns, with MustangPanda responsible for…