China-aligned Mustang Panda is running active espionage campaigns inside Indian government networks, including machines used by senior officials, using Zoho WorkDrive as a covert command-and-control channel.
The Hacker News
· 17h ago
· Read full article →
The US State Department is offering $10 million for information identifying members of Russia-linked UNC5792 and UNC4221, which socially engineered access to Signal and WhatsApp accounts of government officials.
The Record
· 16h ago
· Read full article →
UNC5792 and UNC4221, tied to Russian intelligence and military services, targeted officials' WhatsApp and Signal accounts; the State Department is offering up to $10 million for identifying or locating members.
BleepingComputer
· 17h ago
· Read full article →
UNC5792 and UNC4221 have compromised Signal and WhatsApp accounts belonging to US government officials, military leaders, and allied personnel, prompting a $10 million State Department reward.
SecurityWeek
· 22h ago
· Read full article →
The U.S. is offering $10 million for information on a Russian state operation—active since at least March—that has hacked Signal and WhatsApp accounts. Targeting encrypted messaging platforms used by officials and journalists marks a deliberate escalation in Russia's communications-intelligence collection.
Ars Technica Security
· 10h ago
· Read full article →
ESET documented 35 distinct Gamaredon spear-phishing campaigns against Ukrainian targets throughout 2025, featuring new malware variants and abuse of legitimate cloud services for command-and-control.
The Hacker News
· 20h ago
· Read full article →
Russia has systematically issued Russian passports to residents of occupied Ukrainian territories, using citizenship policy to entrench annexation and complicate future legal reintegration. The campaign sets a replicable precedent for using civilian documentation as a reversibility-denial weapon in hybrid conflict.
Just Security
· 19h ago
· Read full article →
Nation-state actors from Iran, Russia, and China are breaching water utility control systems via exposed PLCs, default credentials, and poor network segmentation. The attacks confirm critical infrastructure remains vulnerable to low-sophistication intrusions, not just advanced malware.
Dark Reading
· 13h ago
· Read full article →
Google Threat Intelligence documents how Russia's influence operations, built to support Ukraine invasion objectives, have expanded into a global covert IO infrastructure spanning multiple coordinated campaigns.
Google Threat Intelligence
· 18h ago
· Read full article →
A Wall Street Journal analysis of military quadcopter supply chains exposed China's dominance in drone component manufacturing, prompting pushback from the Defense Innovation Unit over omitted US producers.
War on the Rocks
· just now
· Read full article →
China's premier state-linked think tank CICIR published a coexistence framework for US-China relations on the morning of Trump's May 2026 Beijing state visit, receiving almost no Western media coverage.
War on the Rocks
· just now
· Read full article →
Author Audrye Wong argues China's economic statecraft—'subversive carrots'—is harder to execute and less effective than both Beijing and Washington assume. The finding complicates threat assessments that treat Chinese economic leverage as a reliable geopolitical weapon.
The Diplomat
· 17h ago
· Read full article →
China's Decree No. 837 legally subordinates private Chinese companies' overseas investments to state authority, restricting strategic technology transfer to recipient countries. Any nation hosting Chinese private capital now faces embedded regulatory reach from Beijing.
The Diplomat
· 19h ago
· Read full article →
Iran claims sole authority over the Strait of Hormuz; the U.S. rejects that assertion as both sides prepare direct negotiations. Control of the strait, through which roughly 20% of global oil transits, makes the dispute an acute energy-security flashpoint.
Foreign Policy
· 10h ago
· Read full article →
Nissan confirmed a breach exposing current and former employee data after ShinyHunters exploited an unpatched Oracle PeopleSoft vulnerability. The same zero-day is linked to multiple ShinyHunters extortion operations, signaling an active exploitation campaign across PeopleSoft deployments.
BleepingComputer
· 11h ago
· Read full article →
Infoblox identified 236,000 websites using DCloud Uni-App templates to run pig-butchering scams, fake crypto exchanges, WhatsApp phishing, and wallet-draining operations across multiple languages.
The Hacker News
· 20h ago
· Read full article →
ShinyHunters exploited a zero-day in NAIC's Oracle PeopleSoft server, exfiltrating publicly available data, outdated logs, and configuration files. Access to configuration data from an insurance regulatory body opens reconnaissance vectors into member insurers even if no private records were taken.
BleepingComputer
· 11h ago
· Read full article →
Active exploitation of CVE-2026-46817 in Oracle E-Business Suite has been confirmed by Defused threat intelligence, putting financial and ERP data at immediate risk.
BleepingComputer
· 18h ago
· Read full article →
This week's threat landscape featured a new local-privilege Linux kernel flaw, a Turla backdoor resurgence, and AI-assisted malware techniques alongside active infostealer campaigns. The convergence of old access paths and novel evasion signals defenders face simultaneous patching and detection backlogs.
The Hacker News
· 17h ago
· Read full article →
Attackers are actively exploiting critical SimpleHelp flaw CVE-2026-48558 to deploy Djinn Stealer, a previously undocumented infostealer targeting Windows, macOS, and Linux simultaneously. A remote-management tool turned attack vector expands the blast radius to any organization running unpatched SimpleHelp instances.
BleepingComputer
· 18h ago
· Read full article →
Get this in your inbox
Free daily briefing. No spam. Unsubscribe anytime.
Subscribe Now