12 articles tagged with "China".
Check Point Research documents a new threat cluster weaponizing CVE-2025-8088 within days of disclosure to target government and law enforcement agencies across Cambodia, Thailand, Philippines, and neighboring countries.
Lotus Blossom APT compromised Notepad++'s hosting provider to intercept update traffic and deliver the Chrysalis backdoor to targeted government and financial organizations over a six-month period.
CVE-2025-8088 (CVSS 8.8), a path traversal flaw abusing Windows Alternate Data Streams, continues to be exploited by Russian APTs, Chinese actors, and cybercriminals to achieve persistence via Startup folder drops.
Two VS Code extensions masquerading as AI coding assistants—ChatMoss and ChatGPT中文版—exfiltrated source code, API keys, and proprietary algorithms from 1.5 million developers to servers in China.
Google Threat Intelligence dismantles a Chinese-operated proxy network spanning 9 million Android devices and 13 proxy brands, used by 550+ threat groups including nation-state actors from China, Russia, Iran, and North Korea.
Cisco Talos identified Chinese-speaking threat actor UAT-8099 compromising IIS servers in Asia with BadIIS malware variants, hijacking legitimate websites for SEO poisoning and credential theft.
APT group targets government entities across Southeast Asia with enhanced malware featuring clipboard monitoring, browser credential theft, and kernel-mode rootkit capabilities.
Cybernews researchers discovered a massive Elasticsearch cluster containing national IDs, passwords, and personal data of hundreds of millions of Chinese citizens, hosted on bulletproof infrastructure and accessible for three weeks.
Chinese state-sponsored hackers compromised nine major US telecommunications carriers throughout 2024, accessing wiretap systems, call metadata for over a million users, and communications of presidential campaign staff.
Joint CISA/NSA/FBI advisory reveals Chinese state-sponsored group Volt Typhoon has expanded persistent access into US water, energy, and transportation infrastructure, maintaining dormant footholds for 12-18 months undetected.
Huntress discovered a Chinese-linked exploit toolkit (MAESTRO) targeting VMware ESXi that was built in February 2024—a year before VMware disclosed CVE-2025-22224. Over 30,000 instances remain exposed.
The Salt Typhoon campaign by Chinese state-sponsored actors compromised major US telecom providers including AT&T, Verizon, and T-Mobile, accessing lawful intercept systems and call metadata in what officials called the worst telecom hack in US history.