Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1941+ Articles
150+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
64 articles

#Nation-State

All CosmicBytez Labs articles tagged #Nation-State, across news, security advisories, how-to guides, and projects.

  • NewsJul 17, 2026

    In Other News: Iran Tracks US Military Phones, CrashStealer macOS Malware, CVD Blueprint

    This week's security roundup covers Iranian threat actors tracking US military personnel's phones, the newly discovered CrashStealer macOS infostealer, a coordinated vulnerability disclosure blueprint, ransomware targeting naval defense firm TKMS, and more.

  • SecurityJul 14, 2026

    CVE-2026-58065: Apache Airflow Git Provider Disables SSH Host Key Verification

    The Apache Airflow Git provider runs git-over-SSH with StrictHostKeyChecking=no by default, allowing a network-position attacker to silently impersonate the Git server and steal SSH credentials or inject malicious code.

  • NewsJul 11, 2026

    China and India-Linked Hackers Both Targeted the Same Pakistani Police Force

    SentinelOne researchers discovered that threat actors linked to both China and India independently targeted the Balochistan Police force in Pakistan for...

  • NewsJul 11, 2026

    Hackers Weaponize Balochistan Police Portal in Multi-Group Espionage Campaigns

    SentinelOne researchers have uncovered two years of sustained cyberespionage against Pakistani law enforcement — with China-nexus and India-nexus threat...

  • NewsJul 10, 2026

    China and India Ran Separate Spying Campaigns Against the Same Pakistani Police Force

    SentinelOne Labs uncovered parallel nation-state espionage operations by China-linked and India-linked threat actors targeting Pakistani law enforcement,...

  • NewsJul 6, 2026

    Armored Likho APT Targeting Government and Electric Power Entities

    Kaspersky researchers have detailed a new campaign by Armored Likho — a threat actor overlapping with Eagle Werewolf — deploying modular RATs and the...

  • NewsJul 6, 2026

    Canada's Spy Agency Reports Hacking Three Criminal Groups in 2025

    Canada's Communications Security Establishment publicly disclosed offensive cyber operations against a ransomware-as-a-service gang, a foreign online...

  • NewsletterJun 30, 2026

    June 30 Digest: BlueHammer Zero-Day, Ransomware Goes Corporate, AI Supply Chain Risks & Nation-State ICS Threats

    A Microsoft Defender zero-day fuels ransomware before any patch exists; researchers dissect how syndicate groups run HR departments and tiered pricing;...

  • NewsJun 29, 2026

    Iran, Russia, and China Target Water Systems for Sabotage

    Nation-state attackers from Iran, Russia, and China are breaching water utility systems through weak passwords, exposed PLCs, and poor network...

  • NewsJun 28, 2026

    Hackers Exploit Cisco SD-WAN Zero-Day for Root Access at Telecom Provider

    Mandiant has detailed an incident in which threat actors exploited a Cisco SD-WAN zero-day vulnerability to gain the highest possible access level at a...

  • NewsJun 27, 2026

    Chinese-Speaking APT Deploys New TinyRCT Backdoor in Southeast Asia Campaign

    A Chinese-speaking advanced persistent threat actor has launched targeted attacks against government entities and critical infrastructure in Southeast...

  • NewsJun 26, 2026

    Russian APT Deploys 'StockStay' Backdoor Against Ukrainian Targets

    Turla, a prolific Russian state-sponsored threat actor, has deployed a previously undocumented backdoor dubbed 'StockStay' in espionage operations...

  • NewsJun 23, 2026

    Russian Initial Access Broker Behind FortiBleed Campaign

    A Russian-speaking initial access broker has compromised 86,644 verified credentials from over 430,000 internet-facing Fortinet FortiGate devices across...

  • NewsJun 21, 2026

    China-Nexus Actor Spies on US Researchers Undetected for a Year

    Google's Threat Intelligence Group discovered and disrupted a sprawling China-nexus espionage campaign that stole RedCAP credentials to silently breach...

  • NewsJun 21, 2026

    Google Exposes China Espionage Group UNC6508 Lurking in Networks Since 2023

    Google's Threat Intelligence Group has unmasked UNC6508, a China-linked espionage actor that silently maintained access to critical infrastructure and...

  • NewsJun 17, 2026

    Hostile States Behind Three-Quarters of Attacks on Britain's Critical Infrastructure, Cyber Chief Warns

    UK NCSC CEO Richard Horne delivered a stark warning at the RUSI Annual Security Lecture: nation-state adversaries are pre-positioning inside British...

  • NewsJun 13, 2026

    China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade

    Sygnia researchers uncovered Velvet Ant, a China-nexus APT that spent close to a decade hidden inside Linux authentication infrastructure by backdooring...

  • NewsJun 13, 2026

    Chinese Hackers Hijack Auth Flow, Spy on Isolated Network for a Decade

    Chinese state-sponsored hackers seized complete control of a target organization's authentication infrastructure and maintained undetected access for ten...

  • NewsJun 5, 2026

    Adaptive, Agentic AI Worms Loom as the Next Major Enterprise Threat

    Security researchers warn that adaptive agentic AI worms — described as 'viruses with wings and brains' — will likely strike enterprise environments within a…

  • NewsJun 1, 2026

    China-Aligned Groups Ramp Up Attacks: Operation Dragon Weave Hits Czech Republic and Taiwan

    Security researchers at Seqrite Labs have uncovered Operation Dragon Weave, a new China-aligned cyber espionage campaign targeting government, research…

  • NewsMay 31, 2026

    As Global Powers Explore Humanoid Robots, Cyber-Risk Looms

    Nation-states are racing to dominate the embodied AI and humanoid robotics market, but as governments and militaries integrate these systems, the…

  • NewsMay 31, 2026

    GCHQ Chief: AI Is an 'Unstoppable Force' with Offensive and Defensive Cyber Ramifications

    Anne Keast-Butler, head of the UK's GCHQ signals intelligence agency, has warned that artificial intelligence represents an unstoppable force in cyberspace…

  • NewsMay 30, 2026

    Russian Spies Aggressively Targeting Western Technology as Sanctions Bite

    Western intelligence officials warn that Moscow's espionage apparatus is deploying cyber spies, hackers, and recruited middlemen to steal dual-use...

  • NewsMay 28, 2026

    UK Cyberspying Chief Calls AI 'an Unstoppable Force' and Warns About Russia

    UK signals-intel chief warns AI is reshaping threats as an unstoppable force while Russia escalates hostile gray-zone activity below open conflict.

  • NewsMay 26, 2026

    Iranian APT Targets Aviation, Software Companies With

    Nimbus Manticore, an Iranian advanced persistent threat group, has continued operations targeting aviation and software companies during and after the US.

  • NewsMay 22, 2026

    FBI Warns of Kali365 Phishing-as-a-Service Targeting

    The FBI has published an advisory on Kali365, a Telegram-based phishing-as-a-service platform that captures legitimate OAuth tokens to gain persistent...

  • NewsMay 14, 2026

    ''FrostyNeighbor'' APT Carefully Targets Govt Orgs in Poland, Ukraine

    A Belarusian nation-state threat group dubbed FrostyNeighbor is conducting a precise espionage campaign against government organizations in Poland and...

  • NewsMay 13, 2026

    China's 'FamousSparrow' APT Nests in South Caucasus Energy

    The China-linked threat group FamousSparrow has expanded its targeting to an Azerbaijani oil and gas company, marking a shift beyond its traditional...

  • NewsMay 10, 2026

    American Duo Sentenced for Hosting Laptop Farms for North

    Two U.S. men have been sentenced for operating laptop farms that helped North Korean IT workers fraudulently obtain employment at nearly 70 American...

  • NewsApr 27, 2026

    Deepfake Voice Attacks Are Outpacing Defenses: What

    AI-powered voice cloning requires just three seconds of audio to convincingly impersonate executives and employees. Adaptive Security's new research...

  • NewsApr 27, 2026

    Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive

    Researchers at Infoblox and Confiant have uncovered a dual-threat fraud operation active since 2020: fake CAPTCHA pages secretly send up to 50...

  • NewsApr 27, 2026

    Incomplete Windows Patch Opens Door to Zero-Click Attacks

    A Microsoft Windows vulnerability originally patched in a prior Patch Tuesday was incompletely remediated, leaving a residual attack surface that...

  • NewsApr 26, 2026

    China-Linked GopherWhisper Infects 12 Mongolian Government

    A previously undocumented China-aligned APT group tracked as GopherWhisper has targeted Mongolian governmental institutions, deploying a wide array of...

  • NewsApr 25, 2026

    China-Linked APT GopherWhisper Abuses Legitimate Services

    A newly identified Chinese advanced persistent threat group dubbed GopherWhisper has been deploying multiple Go-based backdoors alongside custom loaders...

  • NewsApr 25, 2026

    FIRESTARTER Backdoor Hit Federal Cisco Firepower Device

    CISA and the UK's NCSC have revealed that a US federal civilian agency's Cisco Firepower device running ASA software was compromised in September 2025...

  • NewsApr 25, 2026

    Researchers Uncover Pre-Stuxnet 'fast16' Malware Targeting

    SentinelOne has discovered 'fast16', a 2005-era Lua-based cyber sabotage implant that predates Stuxnet by five years and targeted high-precision...

  • NewsApr 24, 2026

    Firestarter Malware Survives Cisco Firewall Updates and Security Patches

    US and UK cybersecurity agencies are warning about Firestarter, a custom implant that persists on Cisco Firepower and Secure Firewall devices running ASA...

  • NewsApr 18, 2026

    New Jersey Men Sentenced to Combined 17 Years for Running

    Two New Jersey men received prison sentences of nine and nearly eight years respectively for operating IT laptop farms that funneled over $5 million to...

  • NewsApr 17, 2026

    Ukraine Confirms APT28 Campaign Targeting Prosecutors and Anti-Corruption Agencies

    Ukraine's CERT-UA has confirmed a suspected APT28 espionage campaign targeting Ukrainian prosecutors and anti-corruption agencies, exploiting Roundcube...

  • NewsApr 11, 2026

    In Other News: Cyberattack Stings Stryker, Windows

    A weekly roundup of notable cybersecurity stories: Iran-linked hackers wipe 200,000 Stryker devices, the BlueHammer Windows zero-day PoC goes public,...

  • NewsApr 9, 2026

    Russia's Forest Blizzard Harvests Logins via SOHO Router

    Russia's APT28 (Forest Blizzard) is conducting a malwareless espionage campaign by modifying a single DNS setting in vulnerable SOHO routers to silently...

  • NewsApr 8, 2026

    APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine

    Russian state-sponsored threat actor APT28 (Forest Blizzard / Pawn Storm) has launched a targeted spear-phishing campaign deploying a newly documented...

  • NewsApr 7, 2026

    Authorities Disrupt APT28 Router DNS Hijacks Targeting

    An international law enforcement operation has dismantled FrostArmada, an APT28 campaign that hijacked DNS on compromised MikroTik and TP-Link routers to...

  • NewsApr 6, 2026

    How LiteLLM Turned Developer Machines Into Credential

    The TeamPCP threat actor's March 2026 supply chain attack against LiteLLM exposed a dangerous blind spot: developer workstations running local AI agents...

  • NewsMar 31, 2026

    Iran Deploys 'Pseudo-Ransomware,' Revives Pay2Key Operations

    Iranian APT groups are increasingly blurring the lines between state-sponsored cyber espionage and financially motivated cybercrime, deploying destructive...

  • NewsMar 31, 2026

    State Department Reissues $10 Million Reward for Info on Iranian Hackers

    Hours after the FBI confirmed that Iranian hackers gained access to Director Kash Patel's personal email account, the U.S. State Department reissued a $10...

  • NewsMar 31, 2026

    Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks

    A new report reveals how industrialized credential theft has become the common thread connecting ransomware campaigns, SaaS platform breaches, and...

  • NewsMar 30, 2026

    Three China-Linked Clusters Target Southeast Asian

    Three threat activity clusters aligned with China jointly targeted a Southeast Asian government organization in a complex, well-resourced espionage...

  • NewsMar 29, 2026

    FBI Confirms Hack of Director Patel's Personal Email Inbox

    Iran-linked Handala hackers have breached the personal email account of FBI Director Kash Patel, publishing stolen photos and documents in a high-profile...

  • NewsMar 28, 2026

    Iran-Linked Hackers Breach FBI Director's Personal Email

    Iran's Handala Hack Team breached the personal email of FBI Director Kash Patel, leaking photos and documents online, while simultaneously launching a...

  • NewsMar 28, 2026

    TA446 Deploys DarkSword iOS Exploit Kit in Targeted

    Proofpoint has attributed a targeted email campaign to Russian state-sponsored threat actor TA446, which is leveraging the recently disclosed DarkSword...

  • NewsMar 25, 2026

    DarkSword GitHub Leak Threatens to Turn Elite iPhone

    Researchers say the GitHub leak of the DarkSword iOS exploit chain — six chained vulnerabilities targeting iOS 18.4 through 18.7 — threatens to...

  • NewsMar 22, 2026

    FBI Warns Russian Intelligence Targeting Signal and WhatsApp in Mass Phishing Campaign

    FBI and CISA alert warns Russian state actors have compromised thousands of messaging accounts belonging to US government officials, military personnel,...

  • NewsMar 21, 2026

    New Speagle Malware Hijacks Cobra DocGuard for State-Sponsored Espionage

    A newly discovered .NET infostealer dubbed Speagle repurposes compromised Cobra DocGuard servers for C2 and data exfiltration, targeting organizations...

  • NewsMar 6, 2026

    Google: 90 Zero-Days Exploited in 2025 — Enterprise Tech

    Google's Threat Intelligence Group tracked 90 zero-day vulnerabilities actively exploited in 2025, with enterprise software and appliances accounting for...

  • NewsMar 4, 2026

    Cloudflare 2026 Threat Report: 230 Billion Daily Threats as

    Cloudflare's inaugural threat intelligence report reveals its network blocks 230 billion cyber threats daily, with DDoS attacks doubling to 47.1 million...

  • NewsMar 2, 2026

    Operation Epic Fury Triggers Unprecedented Cyber Escalation

    Following the joint U.S.-Israeli military operation against Iran, Palo Alto Networks Unit 42 reports an unprecedented surge in cyber retaliation with...

  • NewsFeb 10, 2026

    China-Linked UNC3886 Breaches All Four Singapore Telecom

    Singapore discloses that APT group UNC3886 compromised all four major telecom providers using zero-day exploits and rootkits, triggering the nation's...

  • SecurityFeb 10, 2026

    UNC3886 Zero-Day Campaign: Singapore Telecom Operators

    Singapore discloses that APT group UNC3886 conducted a targeted espionage campaign against M1, SIMBA, Singtel, and StarHub using a previously unknown...

  • NewsFeb 7, 2026

    Shadow Campaigns: State-Backed Espionage Group Breaches 70+

    Palo Alto Unit 42 reveals a state-aligned group designated TGR-STA-1030 compromised government and critical infrastructure targets in 37 countries using...

  • NewsFeb 6, 2026

    Cyberattacks on Critical Infrastructure Double in Q1 2026

    Dragos and Mandiant report a 112% increase in cyberattacks targeting energy, water, and transportation systems in the first quarter of 2026, with...

  • NewsFeb 6, 2026

    DKnife: China-Linked AitM Framework Hijacks Router Traffic

    Cisco Talos uncovers a seven-component Linux framework called DKnife that compromises routers to intercept credentials, replace downloads with trojans,...

  • NewsFeb 3, 2026

    Senator Demands AT&T, Verizon CEOs Testify Over Salt

    Senate Commerce Committee Chair Maria Cantwell accuses AT&T and Verizon of blocking Mandiant security reports related to the Salt Typhoon campaign,...

  • NewsJan 8, 2026

    US Treasury Department Confirms Network Breach by State Actors

    The US Treasury Department has confirmed a significant cybersecurity incident, attributing the breach to state-sponsored threat actors who accessed...