Nation-State Cyber Threats

Fake video call window with one glitching AI-generated participant tile and a clipboard payload icon, representing BlueNoroff's deepfake Zoom lure targeting Web3 cryptocurrency firms.

Threat Intelligence

BlueNoroff Used AI-Generated Zoom Deepfakes to Hide a 66-Day Fileless Implant in a Web3 Firm

BlueNoroff compromised a North American Web3 company using a fake Zoom meeting interface populated with AI-generated deepfakes, deploying a fileless PowerShell implant that maintained persistent access for 66 days while stealing cryptocurrency wallet credentials, browser data, and live webcam footage repurposed to lure future victims. GLOBAL — Arctic Wolf Labs has

29 Apr 2026

Vulnerabilities

APT28's Zero-Day Got a Patch — Then Researchers Found It Left a Zero-Click Hole Open

Microsoft's February patch for a Windows zero-day actively exploited by Russia's APT28 blocked the remote code execution path — but left behind a zero-click authentication coercion flaw. Akamai researchers found it while testing the fix. That flaw is now CVE-2026-32202, confirmed exploited in the wild, and added

29 Apr 2026

Minimalist vector on Charcoal Grey: A white gavel icon overlaid with a red digital network map representing the U.S. and Italy connection.

Trending

Chinese Silk-Typhoon-Linked Hacker Extradited to U.S. Over COVID-19 Research Theft and Microsoft Exchange Attacks

A Chinese state-linked contract hacker, Xu Zewei, has been extradited from Italy to the United States and charged for his alleged role in the Silk-Typhoon (Hafnium) campaigns that targeted U.S. universities conducting COVID-19 vaccine research and later thousands of Microsoft Exchange email servers worldwide. WASHINGTON, D.C. — In a

28 Apr 2026

Minimalist vector on Midnight Blue background: A white stylized panda silhouette overlaid with a digital world map focused on the Indo-Pacific.

Cyber Attacks

Mustang Panda Expands Espionage to India’s Banking Sector and Korea-Themed Diplomacy

China-linked Mustang Panda (TA416 / RedDelta) has broadened its targeting from predominantly government and policy entities in the West to India’s banking sector and Korean peninsula policy actors. Using an updated LOTUSLITE backdoor delivered via CHM files and DLL sideloading of legitimate Microsoft-signed executables, the campaign marks a strategic shift

28 Apr 2026

White line art on golden yellow: a cloud icon merged with a fortress wall, symbolizing tactical hardening and active defense of macOS infrastructure against nation-state scripting attacks.

Threat Intelligence

North Korean Hackers Use AppleScript and ClickFix on macOS

An update on the macOS ClickFix threat: North Korean actors Sapphire Sleet and UNC1069 are now deploying AppleScript-based delivery chains and "Terminal-paste" lures to steal crypto-wallets and credentials from enterprise targets. SEOUL, SOUTH KOREA — The "ClickFix" social engineering phenomenon has officially evolved into a targeted nation-state

27 Apr 2026

Minimalist white line art on a gray background showing a speech bubble containing a padlock and a stylized magnifying glass, symbolizing the espionage probe into secure messaging.

Trending

Germany Blames Russia for Signal Phishing Attacks on MPs

German authorities say a wave of phishing attacks targeting lawmakers and senior officials via Signal was “presumably run from Russia,” marking a major escalation in a broader campaign against European political figures. BERLIN, GERMANY — What began as a targeted intrusion has evolved into a full-scale diplomatic and espionage crisis. German

27 Apr 2026

Minimalist white line art of a chain link bridge breaking in the center with multiple smaller nodes falling away, overlaid on a solid Dark Violet background.

Decentralized Finance (DeFi)

$13B DeFi Collapse: Kelp DAO Exploit Triggers Largest Sector Panic Since 2022

Original $293M LayerZero bridge attack caused 43x larger $13B TVL crash across Aave (-43%) + 26 protocols. North Korea's Lazarus hits $578M in 18 days as bridges become primary attack vector. GLOBAL — The fallout from the Kelp DAO exploit has officially mutated from a singular protocol theft into a

24 Apr 2026

Minimalist white line art of a central circuit node expanding into dozens of smaller, chaotic autonomous nodes, overlaid on a solid Navy Blue background.

AI Security

Government AI Agents Outpace Private Sector: 3,600+ Use Cases Create Massive Attack Surface

Federal adoption hits 82% vs 41% private sector as FedRAMP 20x accelerates unvetted agents into classified networks. WASHINGTON, D.C. — While the commercial world cautiously debates the ROI of agentic AI, the federal government has quietly surged ahead, creating a massive, unmanaged attack surface. According to recent IDC and Salesforce

24 Apr 2026

Minimalist white line art of a rocket ship silhouette being "pulled" by a fishing hook, overlaid on a solid forest green background.

Spearphishing

NASA Employees Duped: Chinese Engineer Stole Defense Software Via 5-Year Phishing

Chinese AVIC engineer Song Wu impersonated U.S. researchers for five years to steal export-controlled aerospace software from NASA, the Air Force, Navy, and top universities. Here's how the IP theft pipeline worked — and why it went undetected for so long.

24 Apr 2026

Minimalist white line art of two interlocking flags (US and South Korea) with a digital "shatter" effect in the center, overlaid on a solid Deep Red background.

Data Breaches

Coupang Breach Escalates: US Congress Subpoenas Korea as Alliance Frays

33.7M user leak → US investor lawsuits → Congressional intervention → Delayed security consultations. How a consumer data breach became a national security crisis. SEOUL — What began as a corporate data leak has spiraled into an unprecedented diplomatic standoff between Washington and Seoul. The Coupang data breach, which exposed the personal information

24 Apr 2026

Minimalist white line art of a mathematical formula where the "equals" sign is being replaced by a white "glitch" effect, overlaid on a solid Dark Grey background.

Cyber Warfare

FAST16 Discovered: 2005 Sabotage Malware Predates Stuxnet by Five Years

SentinelOne uncovers ShadowBrokers-referenced cyberweapon that silently corrupted engineering math; likely US/Israel operation against Iranian nuclear program. SINGAPORE — Everything we knew about the origins of state-sponsored cyber-sabotage was just rewritten. Today, at Black Hat Asia 2026, SentinelOne researchers Vitaly Kamluk and Juan Andrés Guerrero-Saade unveiled FAST16, a precision-engineered malware sample

24 Apr 2026

Minimalist white line art of a stylized computer chip with a white "No Entry" symbol overlaid on a solid charcoal grey background.

AI Security

Trump Vows Crackdown on Chinese Firms Stealing US AI Via Model Distillation

White House OSTP accuses DeepSeek and Moonshot AI of industrial-scale extraction attacks; bipartisan sanctions bill advances to protect American frontier models. WASHINGTON, D.C. — The Trump administration has officially signaled a major escalation in the AI arms race, shifting focus from hardware export controls to the protection of the software

24 Apr 2026

See all