All CosmicBytez Labs articles tagged #Nation-State, across news, security advisories, how-to guides, and projects.
Security researchers at Seqrite Labs have uncovered Operation Dragon Weave, a new China-aligned cyber espionage campaign targeting government, research, academic, and financial organizations in the Czech Republic and Taiwan using the AdaptixC2 post-exploitation framework.
Nation-states are racing to dominate the embodied AI and humanoid robotics market, but as governments and militaries integrate these systems, the cyber-physical attack surface is expanding in ways security experts warn could have severe consequences.
Anne Keast-Butler, head of the UK's GCHQ signals intelligence agency, has warned that artificial intelligence represents an unstoppable force in cyberspace — with nations including Russia already deploying AI in warfare, while GCHQ develops its own AI-powered cyber shield.
Western intelligence officials warn that Moscow's espionage apparatus is deploying cyber spies, hackers, and recruited middlemen to steal dual-use...
UK signals-intel chief warns AI is reshaping threats as an unstoppable force while Russia escalates hostile gray-zone activity below open conflict.
Nimbus Manticore, an Iranian advanced persistent threat group, has continued operations targeting aviation and software companies during and after the US.
The FBI has published an advisory on Kali365, a Telegram-based phishing-as-a-service platform that captures legitimate OAuth tokens to gain persistent...
A Belarusian nation-state threat group dubbed FrostyNeighbor is conducting a precise espionage campaign against government organizations in Poland and...
The China-linked threat group FamousSparrow has expanded its targeting to an Azerbaijani oil and gas company, marking a shift beyond its traditional...
Two U.S. men have been sentenced for operating laptop farms that helped North Korean IT workers fraudulently obtain employment at nearly 70 American...
AI-powered voice cloning requires just three seconds of audio to convincingly impersonate executives and employees. Adaptive Security's new research...
Researchers at Infoblox and Confiant have uncovered a dual-threat fraud operation active since 2020: fake CAPTCHA pages secretly send up to 50...
A Microsoft Windows vulnerability originally patched in a prior Patch Tuesday was incompletely remediated, leaving a residual attack surface that...
A previously undocumented China-aligned APT group tracked as GopherWhisper has targeted Mongolian governmental institutions, deploying a wide array of...
A newly identified Chinese advanced persistent threat group dubbed GopherWhisper has been deploying multiple Go-based backdoors alongside custom loaders...
CISA and the UK's NCSC have revealed that a US federal civilian agency's Cisco Firepower device running ASA software was compromised in September 2025...
SentinelOne has discovered 'fast16', a 2005-era Lua-based cyber sabotage implant that predates Stuxnet by five years and targeted high-precision...
US and UK cybersecurity agencies are warning about Firestarter, a custom implant that persists on Cisco Firepower and Secure Firewall devices running ASA...
Two New Jersey men received prison sentences of nine and nearly eight years respectively for operating IT laptop farms that funneled over $5 million to...
Ukraine's CERT-UA has confirmed a suspected APT28 espionage campaign targeting Ukrainian prosecutors and anti-corruption agencies, exploiting Roundcube...
A weekly roundup of notable cybersecurity stories: Iran-linked hackers wipe 200,000 Stryker devices, the BlueHammer Windows zero-day PoC goes public,...
Russia's APT28 (Forest Blizzard) is conducting a malwareless espionage campaign by modifying a single DNS setting in vulnerable SOHO routers to silently...
Russian state-sponsored threat actor APT28 (Forest Blizzard / Pawn Storm) has launched a targeted spear-phishing campaign deploying a newly documented...
An international law enforcement operation has dismantled FrostArmada, an APT28 campaign that hijacked DNS on compromised MikroTik and TP-Link routers to...
The TeamPCP threat actor's March 2026 supply chain attack against LiteLLM exposed a dangerous blind spot: developer workstations running local AI agents...
Iranian APT groups are increasingly blurring the lines between state-sponsored cyber espionage and financially motivated cybercrime, deploying destructive...
Hours after the FBI confirmed that Iranian hackers gained access to Director Kash Patel's personal email account, the U.S. State Department reissued a $10...
A new report reveals how industrialized credential theft has become the common thread connecting ransomware campaigns, SaaS platform breaches, and...
Three threat activity clusters aligned with China jointly targeted a Southeast Asian government organization in a complex, well-resourced espionage...
Iran-linked Handala hackers have breached the personal email account of FBI Director Kash Patel, publishing stolen photos and documents in a high-profile...
Iran's Handala Hack Team breached the personal email of FBI Director Kash Patel, leaking photos and documents online, while simultaneously launching a...
Proofpoint has attributed a targeted email campaign to Russian state-sponsored threat actor TA446, which is leveraging the recently disclosed DarkSword...
Researchers say the GitHub leak of the DarkSword iOS exploit chain — six chained vulnerabilities targeting iOS 18.4 through 18.7 — threatens to...
FBI and CISA alert warns Russian state actors have compromised thousands of messaging accounts belonging to US government officials, military personnel,...
A newly discovered .NET infostealer dubbed Speagle repurposes compromised Cobra DocGuard servers for C2 and data exfiltration, targeting organizations...
Google's Threat Intelligence Group tracked 90 zero-day vulnerabilities actively exploited in 2025, with enterprise software and appliances accounting for...
Cloudflare's inaugural threat intelligence report reveals its network blocks 230 billion cyber threats daily, with DDoS attacks doubling to 47.1 million...
Following the joint U.S.-Israeli military operation against Iran, Palo Alto Networks Unit 42 reports an unprecedented surge in cyber retaliation with...
Singapore discloses that APT group UNC3886 compromised all four major telecom providers using zero-day exploits and rootkits, triggering the nation's...
Singapore discloses that APT group UNC3886 conducted a targeted espionage campaign against M1, SIMBA, Singtel, and StarHub using a previously unknown...
Palo Alto Unit 42 reveals a state-aligned group designated TGR-STA-1030 compromised government and critical infrastructure targets in 37 countries using...
Dragos and Mandiant report a 112% increase in cyberattacks targeting energy, water, and transportation systems in the first quarter of 2026, with...
Cisco Talos uncovers a seven-component Linux framework called DKnife that compromises routers to intercept credentials, replace downloads with trojans,...
Senate Commerce Committee Chair Maria Cantwell accuses AT&T and Verizon of blocking Mandiant security reports related to the Salt Typhoon campaign,...
The US Treasury Department has confirmed a significant cybersecurity incident, attributing the breach to state-sponsored threat actors who accessed...