All CosmicBytez Labs articles tagged #Nation-State, across news, security advisories, how-to guides, and projects.
This week's security roundup covers Iranian threat actors tracking US military personnel's phones, the newly discovered CrashStealer macOS infostealer, a coordinated vulnerability disclosure blueprint, ransomware targeting naval defense firm TKMS, and more.
The Apache Airflow Git provider runs git-over-SSH with StrictHostKeyChecking=no by default, allowing a network-position attacker to silently impersonate the Git server and steal SSH credentials or inject malicious code.
SentinelOne researchers discovered that threat actors linked to both China and India independently targeted the Balochistan Police force in Pakistan for...
SentinelOne researchers have uncovered two years of sustained cyberespionage against Pakistani law enforcement — with China-nexus and India-nexus threat...
SentinelOne Labs uncovered parallel nation-state espionage operations by China-linked and India-linked threat actors targeting Pakistani law enforcement,...
Kaspersky researchers have detailed a new campaign by Armored Likho — a threat actor overlapping with Eagle Werewolf — deploying modular RATs and the...
Canada's Communications Security Establishment publicly disclosed offensive cyber operations against a ransomware-as-a-service gang, a foreign online...
A Microsoft Defender zero-day fuels ransomware before any patch exists; researchers dissect how syndicate groups run HR departments and tiered pricing;...
Nation-state attackers from Iran, Russia, and China are breaching water utility systems through weak passwords, exposed PLCs, and poor network...
Mandiant has detailed an incident in which threat actors exploited a Cisco SD-WAN zero-day vulnerability to gain the highest possible access level at a...
A Chinese-speaking advanced persistent threat actor has launched targeted attacks against government entities and critical infrastructure in Southeast...
Turla, a prolific Russian state-sponsored threat actor, has deployed a previously undocumented backdoor dubbed 'StockStay' in espionage operations...
A Russian-speaking initial access broker has compromised 86,644 verified credentials from over 430,000 internet-facing Fortinet FortiGate devices across...
Google's Threat Intelligence Group discovered and disrupted a sprawling China-nexus espionage campaign that stole RedCAP credentials to silently breach...
Google's Threat Intelligence Group has unmasked UNC6508, a China-linked espionage actor that silently maintained access to critical infrastructure and...
UK NCSC CEO Richard Horne delivered a stark warning at the RUSI Annual Security Lecture: nation-state adversaries are pre-positioning inside British...
Sygnia researchers uncovered Velvet Ant, a China-nexus APT that spent close to a decade hidden inside Linux authentication infrastructure by backdooring...
Chinese state-sponsored hackers seized complete control of a target organization's authentication infrastructure and maintained undetected access for ten...
Security researchers warn that adaptive agentic AI worms — described as 'viruses with wings and brains' — will likely strike enterprise environments within a…
Security researchers at Seqrite Labs have uncovered Operation Dragon Weave, a new China-aligned cyber espionage campaign targeting government, research…
Nation-states are racing to dominate the embodied AI and humanoid robotics market, but as governments and militaries integrate these systems, the…
Anne Keast-Butler, head of the UK's GCHQ signals intelligence agency, has warned that artificial intelligence represents an unstoppable force in cyberspace…
Western intelligence officials warn that Moscow's espionage apparatus is deploying cyber spies, hackers, and recruited middlemen to steal dual-use...
UK signals-intel chief warns AI is reshaping threats as an unstoppable force while Russia escalates hostile gray-zone activity below open conflict.
Nimbus Manticore, an Iranian advanced persistent threat group, has continued operations targeting aviation and software companies during and after the US.
The FBI has published an advisory on Kali365, a Telegram-based phishing-as-a-service platform that captures legitimate OAuth tokens to gain persistent...
A Belarusian nation-state threat group dubbed FrostyNeighbor is conducting a precise espionage campaign against government organizations in Poland and...
The China-linked threat group FamousSparrow has expanded its targeting to an Azerbaijani oil and gas company, marking a shift beyond its traditional...
Two U.S. men have been sentenced for operating laptop farms that helped North Korean IT workers fraudulently obtain employment at nearly 70 American...
AI-powered voice cloning requires just three seconds of audio to convincingly impersonate executives and employees. Adaptive Security's new research...
Researchers at Infoblox and Confiant have uncovered a dual-threat fraud operation active since 2020: fake CAPTCHA pages secretly send up to 50...
A Microsoft Windows vulnerability originally patched in a prior Patch Tuesday was incompletely remediated, leaving a residual attack surface that...
A previously undocumented China-aligned APT group tracked as GopherWhisper has targeted Mongolian governmental institutions, deploying a wide array of...
A newly identified Chinese advanced persistent threat group dubbed GopherWhisper has been deploying multiple Go-based backdoors alongside custom loaders...
CISA and the UK's NCSC have revealed that a US federal civilian agency's Cisco Firepower device running ASA software was compromised in September 2025...
SentinelOne has discovered 'fast16', a 2005-era Lua-based cyber sabotage implant that predates Stuxnet by five years and targeted high-precision...
US and UK cybersecurity agencies are warning about Firestarter, a custom implant that persists on Cisco Firepower and Secure Firewall devices running ASA...
Two New Jersey men received prison sentences of nine and nearly eight years respectively for operating IT laptop farms that funneled over $5 million to...
Ukraine's CERT-UA has confirmed a suspected APT28 espionage campaign targeting Ukrainian prosecutors and anti-corruption agencies, exploiting Roundcube...
A weekly roundup of notable cybersecurity stories: Iran-linked hackers wipe 200,000 Stryker devices, the BlueHammer Windows zero-day PoC goes public,...
Russia's APT28 (Forest Blizzard) is conducting a malwareless espionage campaign by modifying a single DNS setting in vulnerable SOHO routers to silently...
Russian state-sponsored threat actor APT28 (Forest Blizzard / Pawn Storm) has launched a targeted spear-phishing campaign deploying a newly documented...
An international law enforcement operation has dismantled FrostArmada, an APT28 campaign that hijacked DNS on compromised MikroTik and TP-Link routers to...
The TeamPCP threat actor's March 2026 supply chain attack against LiteLLM exposed a dangerous blind spot: developer workstations running local AI agents...
Iranian APT groups are increasingly blurring the lines between state-sponsored cyber espionage and financially motivated cybercrime, deploying destructive...
Hours after the FBI confirmed that Iranian hackers gained access to Director Kash Patel's personal email account, the U.S. State Department reissued a $10...
A new report reveals how industrialized credential theft has become the common thread connecting ransomware campaigns, SaaS platform breaches, and...
Three threat activity clusters aligned with China jointly targeted a Southeast Asian government organization in a complex, well-resourced espionage...
Iran-linked Handala hackers have breached the personal email account of FBI Director Kash Patel, publishing stolen photos and documents in a high-profile...
Iran's Handala Hack Team breached the personal email of FBI Director Kash Patel, leaking photos and documents online, while simultaneously launching a...
Proofpoint has attributed a targeted email campaign to Russian state-sponsored threat actor TA446, which is leveraging the recently disclosed DarkSword...
Researchers say the GitHub leak of the DarkSword iOS exploit chain — six chained vulnerabilities targeting iOS 18.4 through 18.7 — threatens to...
FBI and CISA alert warns Russian state actors have compromised thousands of messaging accounts belonging to US government officials, military personnel,...
A newly discovered .NET infostealer dubbed Speagle repurposes compromised Cobra DocGuard servers for C2 and data exfiltration, targeting organizations...
Google's Threat Intelligence Group tracked 90 zero-day vulnerabilities actively exploited in 2025, with enterprise software and appliances accounting for...
Cloudflare's inaugural threat intelligence report reveals its network blocks 230 billion cyber threats daily, with DDoS attacks doubling to 47.1 million...
Following the joint U.S.-Israeli military operation against Iran, Palo Alto Networks Unit 42 reports an unprecedented surge in cyber retaliation with...
Singapore discloses that APT group UNC3886 compromised all four major telecom providers using zero-day exploits and rootkits, triggering the nation's...
Singapore discloses that APT group UNC3886 conducted a targeted espionage campaign against M1, SIMBA, Singtel, and StarHub using a previously unknown...
Palo Alto Unit 42 reveals a state-aligned group designated TGR-STA-1030 compromised government and critical infrastructure targets in 37 countries using...
Dragos and Mandiant report a 112% increase in cyberattacks targeting energy, water, and transportation systems in the first quarter of 2026, with...
Cisco Talos uncovers a seven-component Linux framework called DKnife that compromises routers to intercept credentials, replace downloads with trojans,...
Senate Commerce Committee Chair Maria Cantwell accuses AT&T and Verizon of blocking Mandiant security reports related to the Salt Typhoon campaign,...
The US Treasury Department has confirmed a significant cybersecurity incident, attributing the breach to state-sponsored threat actors who accessed...