Advertisement
Turla's STOCKSTAY Backdoor: Analysis of Campaigns & WinRAR Exploit
Google Threat Intelligence details STOCKSTAY, Turla's .NET backdoor for espionage targeting Ukraine and Europe, leveraging RDP & CVE-2025-8088.
Iranian Handala Group Claims Cal Water Hack, Exposing PII
Iranian cyber group Handala claims responsibility for breaching Cal Water, exposing 5GB of customer PII and RTKBase platform credentials. Analysis and mitigation

OceanLotus Targets Vietnam with SPECTRALVIPER Backdoor in FireAnt Attack
OceanLotus APT targets Vietnamese infrastructure and stock investors with SPECTRALVIPER backdoor in multi-year cyber espionage and supply chain campaigns.
Iranian APT33 Targets Aviation with Updated MimicC2 and PowerLess
Iranian APT Nimbus Manticore (APT33) targets aviation and software firms using new MimicC2 framework and updated PowerLess tools for stealthy operations.

China-Linked UAT-8302 Targets Governments with Custom APT Malware
UAT-8302, a China-linked threat group, targets government entities in South America and SE Europe using custom malware and shared APT toolsets.

Chinese State-Backed Actors Industrialize Botnets for Covert Ops
Chinese state-backed groups are adopting industrialized botnets, utilizing compromised devices for low-cost, low-risk, and deniable cyber operations.

APT28 Forest Blizzard DNS Manipulation Targets SOHO Routers
Russian APT28, or Forest Blizzard, is conducting malwareless cyber espionage by manipulating DNS settings on vulnerable SOHO routers to steal credentials from global

APT28 Exploits MikroTik & TP-Link Routers in DNS Hijacking
Russian state-linked APT28 (Forest Blizzard) is compromising insecure SOHO routers globally, employing DNS hijacking for cyber espionage since May 2025.
Pro-Iranian Group Claims Hack of FBI Director's Personal Account
A pro-Iranian hacking group claims to have compromised the personal account of FBI Director Kash Patel, exfiltrating emails and documents.
Nation-State Cyber Operation: Israel's Compromise of Iranian Traffic Cameras
Analysis of the reported Israeli cyber operation targeting Iranian traffic cameras, detailing implications for critical infrastructure security and cyber-physical

Chinese Police Use ChatGPT in Influence Operations Against Japan
Chinese police reportedly used ChatGPT for politically motivated influence operations to smear Japan's PM Takaichi, highlighting AI's role in disinformation campaigns.
GRIDTIDE Espionage: PRC-Nexus UNC2814 Targets Telecoms Globally
Google disrupts GRIDTIDE, a novel backdoor used by PRC-nexus UNC2814 for global cyber espionage against telecommunications and government entities.