Skip to main content

Tag: supply chain attacks

32 articles

Laptop screen displays innocuous webpage with subtle hidden code in background.

Web Content Conceals Hidden Instructions Targeting AI Agents

As AI agents increasingly interact with the web, hidden instructions embedded in online content can be manipulated to perform unintended actions, posing a new threat to users. Researchers have uncovered real-world campaigns that use indirect prompt injection to steer AI agents into carrying out malicious tasks.

Analyst 207
Ukrainian government building interior with a computer workstation and hints of cyberattack disruption.

Gamaredon Intensifies Ukraine Cyberattacks with Novel Malware Tools

Gamaredon ramped up its cyberattack efforts in Ukraine last year, unleashing 35 targeted spear-phishing campaigns that zeroed in on government and military targets. The group's goal was to siphon off sensitive information to fuel Russian interests in the ongoing conflict.

Analyst 207
Southeast Asian cityscape with industrial control system hinted in background.

China-Linked Hackers Deploy TinyRCT Backdoor in Southeast Asian Infrastructure Attacks

For years, a stealthy China-linked hacking group has been quietly targeting critical infrastructure in Southeast Asia, with a clear strategic interest in disrupting or monitoring key regional industries. Their sophisticated attacks have zeroed in on state-owned energy and government sectors, using a potent tool called the TinyRCT backdoor.

Analyst 207
Blurred network equipment and generic devices in a brightly-lit tech infrastructure setting.

CISA Warns of Widespread FortiBleed Attacks on 86,644 Devices

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning after a massive cyberattack, dubbed FortiBleed, compromised a staggering 86,644 FortiGate devices, putting countless networks at risk. Take immediate action to protect yourself: shut down active SSL VPN and admin sessions, reset passwords, and enforce strong password policies.

Analyst 207
Security analysts work at a large workstation surrounded by screens displaying data visualizations and threat maps.

Wazuh Cloud Tackles Security Ops Complexity With AI-Driven Analysis

Tired of drowning in security ops complexity? Wazuh Cloud simplifies threat detection and response with AI-driven analysis, freeing you from infrastructure headaches and empowering you to stay ahead of evolving threats like ransomware and supply chain attacks.

Analyst 207
European city street with tech hints and blurred laptop in foreground.

Chinese Hackers Deploy Atlas RAT in Europe With Heightened Cyberattacks

Chinese hackers have significantly ramped up cyberattacks in Europe, with a financially motivated group, tracked as TA4922, launching a high volume of unique campaigns targeting countries including Germany, Italy, and the UK. This surge in activity, which began in March, has been marked by unprecedented diversity in tactics and objectives, including fraud, data theft, and network breaches.

Analyst 207
Laptop on a cluttered wooden desk in a small Ukrainian office with blurred screen.

Russia-Linked GREYVIBE Exploits AI in Ukraine Cyberattacks

Discover how the Russia-linked group GREYVIBE is using AI to launch sophisticated cyberattacks on Ukraine, leveraging tactics like spear-phishing emails and fake websites to spread malware. WithSecure researchers have tracked GREYVIBE's activities back to August 2025, revealing a pattern of attacks targeting Ukraine's military, government, and civilian sectors.

Analyst 207
Formal government building exterior with architectural columns and facade details.

China-Linked UAT-8302 Exploits Shared Malware to Target Global Governments

Meet UAT-8302, a sophisticated China-linked threat group that's been secretly targeting governments worldwide, deploying custom malware to infiltrate and gather intel. Its recent attacks have hit government entities in South America and southeastern Europe, raising global cybersecurity concerns.

Analyst 207
A cluttered office workspace with laptop and papers on a desk in a brightly-lit room.

Silver Fox APT Targets Russia, India with ABCDoor Backdoor

Over 1,600 malicious emails, disguised as tax-audit notices, were sent to targets in India and Russia between January and February 2026, aiming to trick recipients into downloading a backdoor or clicking on a malicious link. The cleverly crafted phishing campaign unfolded in two waves, using PDFs and archives to spread the ABCDoor backdoor.

Analyst 207
Worker looks concerned at laptop screen displaying fake Zoom meeting in modern office.

North Korean Hackers Exploit Crypto Firms with AI-Driven Zoom Lures

North Korean hackers launched a massive spear-phishing campaign, targeting over 100 crypto organizations worldwide with cleverly crafted Zoom lures and AI-generated deepfakes. They used fake calendar invites and typosquatted meeting links to gain access and exfiltrate sensitive data in a matter of minutes.

Analyst 207
Laptop screen shows an open email message in a brightly-lit office setting.

Zimbra Servers Targeted in Ongoing XSS Attacks

Beware of sneaky phishing emails that can hijack your Zimbra server with just a glance - no clicks or downloads required. A single malicious email can trigger a cross-site scripting attack, thanks to a recently patched vulnerability, CVE-2025-48700.

Analyst 207
A factory production line with a glowing red infection point on a circuit board amidst ominous shadows.

Malware Poisons Open Source Tools in Dual Supply Chain Attacks

Imagine trusting a tool, only to have it secretly turned against you - that's what happened in March when two massive supply chain attacks infected popular open source tools with malware, putting tens of thousands of organizations at risk. The full extent of the damage may not be known for months, but one thing is clear: the threat is real and far-reaching.

Analyst 207
Person in dark room surrounded by papers, laptop and phone glow with eerie light.

Adobe Reader Zero-Day Exploits PDFs to Profile Targets

Malicious PDFs are being used to secretly profile targets, leveraging legitimate features to harvest system data and decide which victims are worthy of a second, more invasive attack. This sneaky tactic uses booby-trapped PDFs to quietly gather intel and determine if you're a high-value target.

Analyst 207
Cybersecurity Demands Critical Unified Defense Against Alarming Threats

Cybersecurity Demands Critical Unified Defense Against Alarming Threats

As our digital dependence grows, so do the alarming cyber threats that can cripple even the strongest organizations - making a unified defense strategy more crucial than ever. With ransomware, AI-driven threats, and supply chain attacks on the rise, it's time to fortify your defenses and safeguard your future.

Analyst 207
North Korean Lazarus Group Exclusive: Dangerous Medusa Surge

North Korean Lazarus Group Exclusive: Dangerous Medusa Surge

When hospitals open their doors, their networks shouldnt open to extortion — but a surge in Medusa ransomware tied to North Koreas Lazarus Group is forcing technologists, health‑care leaders and policymakers to decide how to lock them. These attacks — a blend of state‑grade tools and criminal tactics — risk disrupted care, delayed diagnoses and real harm to patients.

Analyst 207
DISA’s New Mobile Device STIGs: Must-Have Best Practices

DISA’s New Mobile Device STIGs: Must-Have Best Practices

Phones now carry mission plans — and adversaries know it. DISA’s new mobile device STIGs offer a practical, modern playbook — enforced encryption, hardware-backed MFA, stricter app controls, and mandatory Mobile Threat Defense — to secure smartphones without sacrificing soldier mobility.

Analyst 207
Ransomware Exclusive: Stunning Worst Surge of 2025

Ransomware Exclusive: Stunning Worst Surge of 2025

Think ransomware was fading? The 2025 ransomware surge proves otherwise—smarter, faster attacks (retail incidents jumped 58% in Q2) are crippling stores, exposing data and stretching insurers and regulators to the breaking point.

Analyst 207
FCC Ends Telecom Cyber Rules in Stunning Security Setback

FCC Ends Telecom Cyber Rules in Stunning Security Setback

The FCC’s sudden rollback of the telecom cyber rules born from the Salt Typhoon crisis has industry and security experts asking whether we just pulled the rug out from under a critical line of defense. Can voluntary standards and federal guidance really fill the gap, or did we trade stronger protections for regulatory convenience?

Analyst 207
State-Sponsored Cyber Attacks: Exclusive Critical Threat

State-Sponsored Cyber Attacks: Exclusive Critical Threat

State-sponsored cyber attacks are escalating — learn how nation-backed hackers target organizations and practical steps you can take to stay one step ahead.

Analyst 207
Fraud Fears: Exclusive Reassuring Outlook for Holidays

Fraud Fears: Exclusive Reassuring Outlook for Holidays

Worried about holiday fraud? ICO data shows no Q4 2024 spike in reported data breaches — a reassuring sign, but one that forces us to ask whether criminals have gone stealthier or our reporting systems are missing the real threat.

Analyst 207
ThreatsDay Exclusive: Critical Cyber Threats Unveiled

ThreatsDay Exclusive: Critical Cyber Threats Unveiled

Think clicking a browser add-on or plugging in a smart camera is harmless? This ThreatsDay roundup exposes how weaponized everyday tools — from extensions and smart gadgets to satellite feeds and SMS — turn convenience into a covert battleground of surveillance, social engineering, and supply‑chain attacks.

Analyst 207
New Attacks Against Secure Enclaves: Stunning, Severe Flaws

New Attacks Against Secure Enclaves: Stunning, Severe Flaws

Think your data’s safe while it’s being processed? New, surprisingly low-cost attacks against secure enclaves prove otherwise, exposing severe weaknesses that demand urgent fixes like authenticated memory and continuous attestation.

Analyst 207
Google Forecasts Stunning 2026 EU Cyber-Physical Threats

Google Forecasts Stunning 2026 EU Cyber-Physical Threats

Google warns Europe is likely to face a surge of cyber-physical attacks in 2026 — digital intrusions paired with disinformation that could disrupt power, transport and industry. With legacy control systems, rushed digitization and weak third-party security widening the attack surface, now’s the time to shore up defenses.

Analyst 207
Collaboration and AI: Exclusive Best Defense for Agencies

Collaboration and AI: Exclusive Best Defense for Agencies

Federal agencies face a stark choice: embrace collaboration and AI to outpace adversaries, or watch attackers scale their impact with automation. Sharing telemetry, interoperable tools, and AI-driven detection lets agencies multiply scarce resources and turn fragmented defenses into a resilient, machine-speed shield.

Analyst 207