China-linked CL-STA-1087 targets Southeast Asian militaries since 2020 using AppleChris and MemFun for espionage and ...

A group of cybercriminals tracked as Storm-2561 is using fake enterprise VPN clients from CheckPoint, Cisco, Fortinet, Ivanti ...

Storm-2561 uses SEO poisoning to push fake VPN downloads that install signed trojans and steal VPN credentials. Active since 2025, Storm-2561 mimics trusted brands and abuses legitimate services. This ...

IntroductionOn March 1, 2026, ThreatLabz observed new activity from a China-nexus threat actor targeting countries in the Persian Gulf region. The activity took place within the first 24 hours of the ...

BlackSanta is a malware module that kills EDR and AV at the kernel level prior to unleashing the malware’s final purpose.

Russian hackers target HR departments with BlackSanta malware Infection chain uses phishing emails and malicious ISO files BlackSanta disables EDR tools to enable deeper compromise Russian hackers ...

Two attacks on Qatari entities signal a shift in focus for China-backed actors and demonstrate how quickly they can pivot in response to geopolitics.

Security researchers have uncovered a complex cyber operation targeting telecommunications infrastructure with newly identified malware tools. The campaign, active since 2024, focuses on telecom ...

Distributed through over 100 GitHub repositories, the BoryptGrab stealer targets browser, wallet, system, and other user data ...

China-linked UAT-9244 targets South American telecom networks with TernDoor, PeerTime, and BruteEntry malware on Windows, Linux, and edge devices.

A China-linked advanced persistent threat actor tracked as UAT-9244 has been targeting telecommunication service providers in South America since 2024, compromising Windows, Linux, and network-edge ...

In recently spotted attacks, the crooks would send phishing emails to government and public sector organizations, usually ...