All CosmicBytez Labs articles tagged #Espionage, across news, security advisories, how-to guides, and projects.
SentinelOne researchers discovered that threat actors linked to both China and India independently targeted the Balochistan Police force in Pakistan for...
SentinelOne Labs uncovered parallel nation-state espionage operations by China-linked and India-linked threat actors targeting Pakistani law enforcement,...
Cisco Talos researchers have identified new LONGLEASH malware deployed by Chinese APT group UAT-7810 to expand its Operational Relay Box network,...
A Chinese-speaking advanced persistent threat actor has launched targeted attacks against government entities and critical infrastructure in Southeast...
Turla, a prolific Russian state-sponsored threat actor, has deployed a previously undocumented backdoor dubbed 'StockStay' in espionage operations...
Google's Threat Intelligence Group discovered and disrupted a sprawling China-nexus espionage campaign that stole RedCAP credentials to silently breach...
Google's Threat Intelligence Group has unmasked UNC6508, a China-linked espionage actor that silently maintained access to critical infrastructure and...
A China-linked espionage campaign targeted exposed REDCap servers, deploying the InfiniteRed malware to steal sensitive medical research data from a North...
Sygnia researchers uncovered Velvet Ant, a China-nexus APT that spent close to a decade hidden inside Linux authentication infrastructure by backdooring...
Chinese state-sponsored hackers seized complete control of a target organization's authentication infrastructure and maintained undetected access for ten...
Chinese espionage group UNC5221 is actively using the Brickstorm backdoor alongside two newly discovered malware families — Plenet and AgentPSD — to maintain…
Security researchers at Seqrite Labs have uncovered Operation Dragon Weave, a new China-aligned cyber espionage campaign targeting government, research…
Western intelligence officials warn that Moscow's espionage apparatus is deploying cyber spies, hackers, and recruited middlemen to steal dual-use...
Nimbus Manticore, an Iranian advanced persistent threat group, has continued operations targeting aviation and software companies during and after the US.
Russia's Turla APT has transformed its long-running Kazuar backdoor into a modular peer-to-peer botnet architecture engineered for stealth and deep...
Secret Blizzard, a Russian state-sponsored threat group, has evolved its long-running Kazuar backdoor into a sophisticated modular peer-to-peer botnet...
A Belarusian nation-state threat group dubbed FrostyNeighbor is conducting a precise espionage campaign against government organizations in Poland and...
The China-linked threat group FamousSparrow has expanded its targeting to an Azerbaijani oil and gas company, marking a shift beyond its traditional...
Palo Alto Networks has disclosed that CVE-2026-0300, a critical CVSS 9.3 buffer overflow in the PAN-OS User-ID Authentication service, is being actively...
A Microsoft Windows vulnerability originally patched in a prior Patch Tuesday was incompletely remediated, leaving a residual attack surface that...
A previously undocumented China-aligned APT group tracked as GopherWhisper has targeted Mongolian governmental institutions, deploying a wide array of...
A newly identified Chinese advanced persistent threat group dubbed GopherWhisper has been deploying multiple Go-based backdoors alongside custom loaders...
Ukraine's CERT-UA has confirmed a suspected APT28 espionage campaign targeting Ukrainian prosecutors and anti-corruption agencies, exploiting Roundcube...
Threat actors have been exploiting an unpatched zero-day in Adobe Reader since at least November 2025, using specially crafted PDFs to fingerprint victims...
Russia's APT28 (Forest Blizzard) is conducting a malwareless espionage campaign by modifying a single DNS setting in vulnerable SOHO routers to silently...
Hours after the FBI confirmed that Iranian hackers gained access to Director Kash Patel's personal email account, the U.S. State Department reissued a $10...
Three threat activity clusters aligned with China jointly targeted a Southeast Asian government organization in a complex, well-resourced espionage...
Iran-linked Handala hackers have breached the personal email account of FBI Director Kash Patel, publishing stolen photos and documents in a high-profile...
Google's Threat Intelligence Group dismantles UNC2814, a China-linked operation that deployed a novel backdoor called GRIDTIDE abusing Google Sheets API...
Technical documents leaked from a malware-infected developer device expose a Chinese military-linked training platform that replicates the critical...
Russia-linked APT28 targeted government, diplomatic, and defense-adjacent entities across Western and Central Europe from September 2025 to January 2026...
A maximum-severity CVSS 10.0 hardcoded credentials vulnerability in Dell RecoverPoint for VMs has been under active exploitation by China-nexus threat...
Russia-linked APT28 (Fancy Bear) weaponized Microsoft Office CVE-2026-21509 within days of disclosure, deploying espionage implants against Ukrainian...
Google reports that APT groups from China, Russia, Iran, and North Korea are all actively using Gemini AI for cyber operations including target...
Google Threat Intelligence Group attributes a previously undocumented JavaScript malware called CANFAIL to a Russian-linked threat actor targeting...
Apple releases emergency patches across all platforms for a memory corruption vulnerability in the Dynamic Link Editor (dyld) that was exploited in...
Peter Williams, former GM of L3Harris's cyber subsidiary Trenchant, admits to selling eight zero-day exploit kits to a Russian broker for $1.3M in...
Singapore discloses that APT group UNC3886 compromised all four major telecom providers using zero-day exploits and rootkits, triggering the nation's...
Singapore discloses that APT group UNC3886 conducted a targeted espionage campaign against M1, SIMBA, Singtel, and StarHub using a previously unknown...
This week: state-backed espionage campaigns across 155 countries, China-linked router hijacking, ransomware surge, new security tools, and site updates.
Google has released an emergency Chrome update to fix a zero-day vulnerability being actively exploited in targeted attacks against journalists and activists.
The US Treasury Department has confirmed a significant cybersecurity incident, attributing the breach to state-sponsored threat actors who accessed...