Latest news

Russia’s Turla APT Deploys STOCKSTAY Backdoor Against Ukrainian Government and Military Targets
Cybercrime

Russia’s Turla APT Deploys STOCKSTAY Backdoor Against Ukrainian Government and Military Targets

30 June 2026 dark6

Russia-linked Turla (FSB Center 16) has been running a long-running espionage campaign deploying a new .NET backdoor called STOCKSTAY against...
HazyBeacon APT Campaign Weaponizes AWS Lambda to Hide Command-and-Control Traffic
Cybercrime

HazyBeacon APT Campaign Weaponizes AWS Lambda to Hide Command-and-Control Traffic

22 June 2026 dark6

Qualys researchers have exposed HazyBeacon, a stealthy APT campaign targeting Southeast Asian governments that uses AWS Lambda Function URLs as...
Chinese Hackers (UNC6508) Spent Over a Year Spying on US Medical Research Institutions via REDCap
Malware

Chinese Hackers (UNC6508) Spent Over a Year Spying on US Medical Research Institutions via REDCap

17 June 2026 dark6

Google GTIG has attributed a 2+ year Chinese cyber-espionage campaign to UNC6508, which exploited REDCap medical research servers across North...
China-Linked OP-512 Uses Cryptographically Unique Web Shells in Patient IIS Server Espionage Campaign
Cybercrime

China-Linked OP-512 Uses Cryptographically Unique Web Shells in Patient IIS Server Espionage Campaign

9 June 2026 dark6

ReliaQuest has uncovered OP-512, a new China-linked threat cluster targeting IIS servers with a custom web shell framework that generates...
JINX-0164: Crypto-Targeting APT Uses LinkedIn Job Lures and Fake Meeting Apps to Deploy macOS Malware and Poison npm Supply Chain
Malware

JINX-0164: Crypto-Targeting APT Uses LinkedIn Job Lures and Fake Meeting Apps to Deploy macOS Malware and Poison npm Supply Chain

30 May 2026 dark6

Threat actor JINX-0164 is targeting cryptocurrency developers via fake LinkedIn profiles, luring them into downloading custom macOS malware (AUDIOFIX and...
GREYVIBE: Russian-Aligned Hackers Use ChatGPT and Google Gemini to Build Cyberweapons Targeting Ukraine
Cybercrime

GREYVIBE: Russian-Aligned Hackers Use ChatGPT and Google Gemini to Build Cyberweapons Targeting Ukraine

30 May 2026 dark6

A newly tracked threat actor called GREYVIBE is using generative AI tools including ChatGPT and Google Gemini to develop malware,...
Seedworm (MuddyWater) APT Abuses Signed Security Binaries in Global Espionage Campaign Across 9 Countries
Cybercrime

Seedworm (MuddyWater) APT Abuses Signed Security Binaries in Global Espionage Campaign Across 9 Countries

28 May 2026 dark6

Iran-linked Seedworm (MuddyWater) APT has been caught running a broad espionage campaign against at least 9 organizations across 9 countries...
Cloud Atlas APT Patches termsrv.dll to Enable Silent Dual RDP Sessions — Targets Government and Diplomatic Organizations
Malware

Cloud Atlas APT Patches termsrv.dll to Enable Silent Dual RDP Sessions — Targets Government and Diplomatic Organizations

26 May 2026 dark6

The Cloud Atlas APT group has adopted a stealthy new technique: modifying Windows termsrv.dll to enable multiple simultaneous RDP sessions,...
Ukrainian Intelligence Report: Russian APT Groups Intensify Cyber Operations — 5,927 Incidents, 37% Rise in 2025
Cybercrime

Ukrainian Intelligence Report: Russian APT Groups Intensify Cyber Operations — 5,927 Incidents, 37% Rise in 2025

23 May 2026 dark6

A new intelligence report from Ukraine's National Security and Defense Council reveals Russian state-sponsored threat groups dramatically escalated cyber operations...
Kimsuky APT Runs Four Simultaneous Spear-Phishing Campaigns Targeting Recruiters, Crypto Users, and Defense Officials
Phishing

Kimsuky APT Runs Four Simultaneous Spear-Phishing Campaigns Targeting Recruiters, Crypto Users, and Defense Officials

20 May 2026 dark6

North Korea's Kimsuky threat group has been operating four parallel spear-phishing campaigns targeting corporate recruiters, cryptocurrency developers, defense sector officials,...
Hackers Deploy AI-Generated Zero-Day Exploit to Bypass 2FA — Google GTIG Q2 2026 Report
Vulnerability

Hackers Deploy AI-Generated Zero-Day Exploit to Bypass 2FA — Google GTIG Q2 2026 Report

12 May 2026 dark6

Google's Threat Intelligence Group reveals that cybercriminals have used AI to develop a working zero-day exploit targeting a web administration...
APT Campaign Exploits cPanel CVE-2026-41940 to Breach Government and Military Servers Across South-East Asia
Vulnerability

APT Campaign Exploits cPanel CVE-2026-41940 to Breach Government and Military Servers Across South-East Asia

3 May 2026 dark6

A sophisticated threat actor has exploited the critical cPanel authentication bypass CVE-2026-41940 to compromise government and military servers across South-East...