Google’s Threat Intelligence Group found Coruna, a complex iOS exploit kit with 23 exploits in five chains, affecting thousands of iPhones on iOS 13.0 to 17.2.1 in 2025. The Coruna exploit kit is a sophisticated iOS attack tool by GTIG that targets iPhones from iOS 13.0 (September 2019) to iOS 17.2.1 …
Read More »
An India-nexus threat actor operated an extensive cyber espionage campaign deploying BurrowShell and Rust-Based RAT, targeting government entities and critical infrastructure operators in Pakistan and Bangladesh. Arctic Wolf has been tacking the campaign conducted by “SloppyLemming” over the last 12 month. Arctic Wolf said, the campaign impersonated Pakistani and Bangladeshi …
Read More »
Google’s Threat Intelligence Group, Mandiant, and their partners disrupted a global espionage campaign linked to a suspected Chinese threat actor UNC2814. This group used SaaS API calls to disguise malicious traffic in attacks against telecom and government networks. The campaign has been ongoing since 2023 and has affected 53 organizations …
Read More »
Amazon Threat Intelligence observed that a Russian-speaking hacker used generative AI services to compromise over 600 FortiGate devices in 55 countries between January 11 and February 18, 2026. The attack did not exploit FortiGate vulnerabilities but targeted exposed management ports and weak, single-factor authentication, enabling a less-skilled attacker to exploit …
Read More »
The French national bank account registry was breached in late January 2026, with a potential exposure of 1.2 million accounts, according to a press release. A threat actor stole credentials from an official to access a database of bank accounts at French banks. The compromised data might include: Bank account …
Read More »
A China-linked cyberespionage group has exploited a zero-day vulnerability in Dell’s RecoverPoint for Virtual Machines since at least mid-2024, according to Google’s Threat Intelligence Group and Mandiant. GTIG and Mandiant attributed the exploitation of CVE-2026-22769 to a group called UNC6201, who used the vulnerability for lateral movement, persistence, and deploying …
Read More »
ZeroDayRAT is a new mobile spyware toolkit that allows remote access to Android and iOS devices, offering features like live camera feeds, keylogging, and theft of bank and crypto information. It is currently available via Telegram, and was first observed on February 2, 2026, and since analyzed by iVerify. It …
Read More »
UNC3886 got accessed Singapore’s four main telecommunication providers—Singtel, StarHub, M1, and Simba—at least once last year. On 18 July 2025, Minister Mr. K Shanmugam announced that the APT group UNC3886 was found targeting our critical infrastructure, but no further details were provided for security reasons then. Recent investigations by the Cyber …
Read More »
Researchers have discovered a large botnet made up of compromised devices that has infiltrated networks worldwide, including sensitive government systems. A report from Silent Push has identified over 10,000 unique IP addresses infected with SystemBC, a proxy malware used by cybercriminals to conceal their actions and deploy ransomware. The discovery …
Read More »
Attackers are quickly exploiting a remote code execution vulnerability in SolarWinds Web Help Desk, using compromised systems to deploy legitimate but misused administrative tools. Huntress observed that 84 endpoints in 78 partner organizations are using SolarWinds Web Help Desk, highlighting significant vulnerability. Huntress observed post-exploitation activity originating from a compromised …
Read More »
InfoSecBulletin Cybersecurity for mankind