Cyber Intelligence
Tracked APT activity
- ACTIVEAPT29 (Cozy Bear)Cloud-tenant compromise · targets: NATO foreign ministries
- ACTIVEVolt TyphoonLiving-off-the-land · targets: US critical infrastructure
- ACTIVESandwormWiper variants · targets: Ukraine energy & telco
- ACTIVELazarusSupply-chain · targets: Crypto exchanges
- WATCHAPT41Dual-use espionage · targets: Global telco
- WATCHAPT10MSP intrusion · targets: Aerospace / defense
Cyber news
CISA: Hackers now exploit SolarWinds Serv-U flaw to crash servers
CISA warned today that hackers are now actively exploiting a recently patched high-severity SolarWinds Serv-U flaw to crash servers. [...]
Chinese APT deploys new malware to keep access to hacked networks
A Chinese espionage group tracked as UNC5221 has been accessing Microsoft 365 environments using the Brickstorm backdoor and previously undocumented malware named Plenet and AgentPSD. [...]
Dark web Nemesis Market vendor gets 26 years for selling drugs
A California man was sentenced to more than 26 years in federal prison for trafficking fentanyl and methamphetamine through Nemesis Market, one of the world's largest dark web marketplaces. [...]
Over 900 US gas station tank gauge systems exposed to attacks
Over 900 automatic tank gauge (ATG) systems across the United States, used to monitor fuel and chemical storage tanks across various critical infrastructure sectors, have been found exposed online and are vulnerable to ongoing attacks. [...]
Adaptive, Agentic AI Worms Loom as Next Enterprise Threat
AI worms, or "viruses with wings and brains," adapt to new environments, seek out vulnerabilities, and will likely strike within a year, researchers say.
What 2026 DBIR Confirms: Attacks Are Living in the Browser
Phishing, shadow AI, malicious extensions, and credential theft increasingly happen inside the browser. Keep Aware explains what the 2026 Verizon DBIR reveals about browser-layer security gaps and modern attacks. [...]
Trump AI Order Seeks Voluntary Frontier Model Testing
The White House's executive order establishes voluntary framework for early government access to frontier models while investing in federal security.
Cisco warns of unpatched SD-WAN zero-day exploited in attacks
On Thursday, Cisco warned of a high-severity, unpatched zero-day in the Cisco Catalyst SD-WAN Manager (tracked as CVE-2026-20245) actively exploited in attacks enabling root privilege escalation. [...]
Rust-Written IronWorm Hits NPM Supply Chain
Like Shai-Hulud, the campaign targets developers to steal credentials and reuses them to propagate across the software supply channel.
Brave Software releases Origin for a paid, bloat-free browsing experience
Brave has announced the public release of Brave Origin, a paid minimalist version of its browser that strips out cryptocurrency, AI, rewards, and other monetization-focused features. [...]
Hola Browser for Windows compromised to deliver cryptominer
The Windows version of the Hola Browser has been compromised in a supply chain attack that delivered an undeclared executable identified by researchers as a cryptocurrency miner. [...]
China's TA4922 Expands Cybercrime Attacks Globally
One of the world's most diverse, least-focused cybercrime groups is enlarging its footprint beyond East Asia.