Chinese Threat Actors

Vertical server rack with a small open back door, a Caesar cipher wheel with concentric circles and a pivot arrow in the center, six calendar pages curling away.

Application Security

cPanel Update: Mr_Rot13 Has Been Backdooring Servers Through CVE-2026-41940 For Six Years

The cPanel CVE-2026-41940 story continues. A new threat actor has been named, the backdoor it deploys has been documented, and the most operationally relevant fact is that this group has been operating since 2020 with detection rates close to zero. BEIJING, CHINA — A new threat actor designated Mr_Rot13 has

11 May 2026

Globe with circuit traces connecting a government building, microphone, and protest sign, overlaid by a shadowed figure.

Trending

Shadow-Earth-053: Trend Micro Confirms China Spy Group Targets Journalists and Activists Alongside Governments and Defense

Trend Micro publishes full technical attribution of Shadow-Earth-053 — confirming the China-linked group targets journalists and civil society activists alongside governments and defense sectors across Asia and one NATO member state.

01 May 2026

Silver Fox deployed new ABCDoor Python backdoor via fake tax authority emails targeting organizations across India, Russia, Indonesia and Japan with ValleyRAT malware.

Trending

Silver Fox Uses New ABCDoor Backdoor to Target Organizations in Russia and India via Tax Impersonation

Silver Fox has launched a tax-themed phishing campaign across India, Russia, Indonesia, and Japan — deploying ValleyRAT and the newly documented ABCDoor Python backdoor via fake tax authority notifications.

30 Apr 2026

Novel China-linked threat group Shadow-Earth-053 infiltrated 12+ critical networks across Poland and Asian nations targeting defense contractors and government agencies.

Trending

Novel China-Linked Group Shadow-Earth-053 Found Lurking in Critical Networks Across Poland and Asia

A previously undocumented China-linked threat group tracked as Shadow-Earth-053 has infiltrated 12+ critical networks across Poland and Asian nations — targeting defense contractors, government agencies, and transport infrastructure.

30 Apr 2026

Minimalist vector on Charcoal Grey: A white gavel icon overlaid with a red digital network map representing the U.S. and Italy connection.

Trending

Chinese Silk-Typhoon-Linked Hacker Extradited to U.S. Over COVID-19 Research Theft and Microsoft Exchange Attacks

A Chinese state-linked contract hacker, Xu Zewei, has been extradited from Italy to the United States and charged for his alleged role in the Silk-Typhoon (Hafnium) campaigns that targeted U.S. universities conducting COVID-19 vaccine research and later thousands of Microsoft Exchange email servers worldwide. WASHINGTON, D.C. — In a

28 Apr 2026

A white stylized panda silhouette overlaid with a digital world map focused on the Indo-Pacific.

Cyber Attacks

Mustang Panda Expands Espionage to India’s Banking Sector and Korea-Themed Diplomacy

China-linked Mustang Panda (TA416 / RedDelta) has broadened its targeting from predominantly government and policy entities in the West to India’s banking sector and Korean peninsula policy actors. Using an updated LOTUSLITE backdoor delivered via CHM files and DLL sideloading of legitimate Microsoft-signed executables, the campaign marks a strategic shift

28 Apr 2026

A stylized router silhouette with a white Japanese rising sun icon overlaid on a solid crimson red background.

Nation-State Cyber Threats

Tropic Trooper APT Targets Japanese Networks via Router Exploits

China-aligned espionage group G0081 evolves beyond traditional spear-phishing with SOHO router firmware attacks and domain-trust pivoting. TOKYO, JP — The persistent China-aligned threat actor known as Tropic Trooper (G0081) has significantly shifted its operational focus, moving beyond traditional spear-phishing to target Japanese government and critical infrastructure via router exploitation. Recent telemetry

23 Apr 2026

Nation-State Cyber Threats

China-Linked GopherWhisper APT Hits 12 Mongolian Gov Systems Using Slack/Discord C2

ESET discovers a new espionage group abusing legitimate cloud services for command-and-control against strategically sensitive Mongolian targets. ULAN BATOR, MN — Researchers at ESET have uncovered a sophisticated, China-aligned espionage campaign targeting the Mongolian government. The threat actor, dubbed GopherWhisper, has successfully infected at least 12 government systems since late 2023,

23 Apr 2026

A DNA double helix entwined with a digital shopping bag.

Data Breaches

500K UK Citizens' Health Data Breached, Listed for Sale on Chinese Alibaba

UK Biobank's complete dataset exposed via three Chinese research institutions; listings removed after UK-China government intervention. LONDON, UK — In what is being described as a geopolitical health data security scandal, the UK government has confirmed that confidential medical and genomic data belonging to all 500,000 UK Biobank

23 Apr 2026

A minimalist white line art globe composed of thousands of tiny white dots being encircled by a glowing neon red circuit path on a solid midnight navy background.

Nation-State Cyber Threats

NSA, FBI, NCSC: China-Nexus Botnets of 200K+ Devices Now Power Global Cyber Operations

17 international agencies issue a joint advisory revealing a strategic shift by Chinese actors toward commercially-maintained covert networks, enabling full cyber kill chains against global critical infrastructure. WASHINGTON, D.C. — In a massive display of intelligence community consensus, the National Security Agency (NSA), the FBI’s IC3, and the Cybersecurity

23 Apr 2026

A Medusa head emerging from a server rack next to a cracked zero-day symbol, representing the Storm-1175 campaign and the rapid deployment of Medusa ransomware.

Zero Day Exploit

Microsoft Links High-Velocity Zero-Day Exploits to Medusa Ransomware Affiliate

Microsoft’s threat intelligence team has issued a high-priority warning regarding a sophisticated cyber-criminal actor, designated as Storm-1175, which is utilizing zero-day vulnerabilities to deploy the Medusa ransomware. The group, identified as an affiliate of the broader Medusa-as-a-Service operation, has demonstrated an unprecedented speed in its attack lifecycle, often moving

07 Apr 2026

A panda silhouette examining a map of Europe and the Middle East with a magnifying glass, representing the TA416 (Mustang Panda) cyber-espionage campaign expansion.

Chinese Threat Actors

China-Linked TA416 Intensifies Espionage Operations Across Europe and Middle East

Security researchers have identified a significant resurgence in cyber-espionage activity by the China-aligned threat actor TA416. The group, also known as Mustang Panda or RedDelta, has expanded its targeting to include European government entities, diplomatic missions, and organizations in the Middle East, signaling a strategic shift aligned with evolving global

07 Apr 2026