Russia's APT28 Exploits Zimbra Flaw in Ukrainian Gov Attacks (1 minute read)
GRU-linked APT28 is actively exploiting a Zimbra Collaboration Suite vulnerability against Ukrainian government targets.
GRU-linked APT28 is actively exploiting a Zimbra Collaboration Suite vulnerability against Ukrainian government targets.
DOD and CISA officials report no visible surge in Iranian cyber activity following recent tensions, while responding to a Stryker breach.
The IC's latest global threat assessment heavily emphasizes Iran as a top priority. The focus reflects how the Iran conflict has reshuffled U.S. intelligence priorities.
Iran spent six months pre-positioning cyber infrastructure, including US-based shell companies, to survive kinetic strikes and sustain hacking operations.
Defense industry leaders warn the U.S. military's procurement processes are too slow to match rapidly evolving drone and counter-drone threats. Acquisition reform is now a battlefield necessity.
Seoul's arms exports are being used in the Iran conflict, exposing political risks the defense industry ignored. South Korea now faces diplomatic fallout from its weapons' battlefield use.
Iran-linked hackers breached Stryker using Microsoft Intune—no malware, just legitimate device management tools used to wipe data. FBI and CISA warn Intune is an under-secured attack vector.
Iran-linked attackers wiped Stryker employee devices by abusing Microsoft Intune's legitimate management capabilities. CISA and FBI urge organizations to harden Intune configurations immediately.
Trump-era interventionism in Iran and Venezuela, plus Greenland threats, are forcing Beijing to recalibrate economic statecraft ahead of a US-China summit. Europe is hedging by deepening China ties.
Trump lauded Japan's Takaichi for 'stepping up' on the Iran conflict, but Tokyo resists direct military involvement in the Strait of Hormuz.
Trump praised Takaichi's support for the Iran war, but Japan remains reluctant to commit forces near the Strait of Hormuz.
The Iran-Israel-US conflict is testing whether Japan can legally deploy the SDF to the Strait of Hormuz. Tokyo's classification of the conflict is complicated by the U.S. having struck first.
Bitrefill attributes a recent cyberattack to North Korea's Bluenoroff subgroup of Lazarus. Lazarus continues targeting crypto platforms to fund regime operations.
Amazon reports Interlock ransomware used a Cisco firewall zero-day weeks before public disclosure. Pre-patch exploitation highlights the danger of undisclosed flaws in perimeter security hardware.
Microsoft Threat Intelligence documents threat actors exploiting tax deadlines via refund lures, fake payroll forms, and QR codes to deliver malware.
Multiple threat actors, including commercial spyware vendors and state-sponsored groups, have deployed the DarkSword iOS exploit kit using three zero-days since November 2025.
Analysis finds 54 EDR-killing tools use BYOVD techniques exploiting 35 signed vulnerable drivers to disable endpoint security before ransomware deployment.
CISA warns unidentified threat actors are actively exploiting a critical SharePoint vulnerability to compromise servers.
Schneider Electric Modicon M241, M251, and M262 controllers contain a flaw enabling denial-of-service attacks. Unpatched industrial controllers remain high-value targets for infrastructure disruption.
CISA added CVE-2026-20131, a deserialization vulnerability in Cisco's Secure Firewall Management Center, to its KEV catalog. Federal agencies must patch immediately under BOD 22-01.