espionage

Check Point Research documents a new threat cluster weaponizing CVE-2025-8088 within days of disclosure to target government and law enforcement agencies across Cambodia, Thailand, Philippines, and neighboring countries.

Russia's APT28 weaponized CVE-2026-21509 within three days of Microsoft's disclosure, deploying MiniDoor email stealers and PixyNetLoader against Ukraine, Slovakia, and Romania.

HarfangLab uncovered an Iran-linked campaign using AI-generated Office macros and the SloppyMIO backdoor to target activists documenting human rights violations during Iran's 2025-2026 protests.

APT group targets government entities across Southeast Asia with enhanced malware featuring clipboard monitoring, browser credential theft, and kernel-mode rootkit capabilities.

Chinese state-sponsored hackers compromised nine major US telecommunications carriers throughout 2024, accessing wiretap systems, call metadata for over a million users, and communications of presidential campaign staff.

APT28 targets energy, defense, and policy organizations in Turkey, the Balkans, and Central Asia with phishing campaigns using legitimate PDFs from real think tanks and free hosting infrastructure.

CloudSEK analysis reveals MuddyWater's upgraded toolkit targeting diplomatic, maritime, financial, and telecom entities across the Middle East with Rust-based malware featuring advanced evasion techniques.

A threat actor using the alias '888' exfiltrated 200GB+ from ESA systems including Bitbucket repositories, API tokens, and contractor data from SpaceX, Airbus, and Thales. Criminal probe initiated.

The Salt Typhoon campaign by Chinese state-sponsored actors compromised major US telecom providers including AT&T, Verizon, and T-Mobile, accessing lawful intercept systems and call metadata in what officials called the worst telecom hack in US history.