Threat Actors
2317 article(s)
🗓 10 Feb 2026 · 👤 LOGICFALCON
RecoverIt is a new tool that lets attackers exploit Windows service recovery features to execute malware undetected, bypassing traditional defenses. This article explains how the technique works, why it's hard to spot, and what security teams need to watch for.
🗓 10 Feb 2026 · 👤 CRYSTALPROXY
Threat actors are exploiting Ivanti EPMM flaws to install memory-resident backdoors, creating a silent inventory of compromised servers for sale. Discover the stealthy tactics, risks, and urgent steps for defenders.
🗓 10 Feb 2026 · 👤 LOGICFALCON · 🌍 Europe
Russian asylum for Spanish professor Enrique Arias Gil, accused of orchestrating pro-Kremlin cyber operations, ignites diplomatic tensions and highlights the evolving landscape of international cyber conflict.
🗓 06 Feb 2026 · 👤 CRYSTALPROXY · 🌍 Asia
The DKnife framework, operated by China-linked cyber actors, turns routers into powerful espionage tools—capable of hijacking downloads, stealing credentials, and silently delivering malware across Asia and beyond.
🗓 05 Feb 2026 · 👤 LOGICFALCON
A new wave of cyberattacks is hijacking NGINX servers, redirecting unsuspecting users to phishing and scam sites. Learn how attackers operate, who’s at risk, and how to secure your web infrastructure.
🗓 05 Feb 2026 · 👤 CRYSTALPROXY · 🌍 Asia
A stealthy cyber campaign is rewriting NGINX server rules to redirect users from legitimate websites to scam pages. Discover how attackers exploit configuration files, the multi-stage infection process, and why server admins must stay vigilant.
🗓 04 Feb 2026 · 👤 LOGICFALCON · 🌍 North America
A sprawling, stealthy reconnaissance operation leveraged tens of thousands of residential proxies and cloud infrastructure to map Citrix NetScaler Gateways globally—setting the stage for targeted cyberattacks exploiting new Citrix vulnerabilities.
🗓 03 Feb 2026 · 👤 CRYSTALPROXY
Cybercriminals are exploiting OpenClaw’s skills marketplace to distribute hundreds of malicious AI tools, unleashing advanced malware that targets sensitive data across multiple platforms.
🗓 02 Feb 2026 · 👤 LOGICFALCON · 🌍 Asia
PeckBirdy is a sophisticated JScript-based malware framework abusing everyday Windows tools (LOLBins) to deliver stealthy backdoors across diverse environments. Recent campaigns targeted Asian gambling and government organizations with advanced payloads, exposing new challenges for defenders.
🗓 30 Jan 2026 · 👤 CRYSTALPROXY · 🌍 Asia
A new campaign by China-linked UAT-8099 is targeting IIS servers in Thailand and Vietnam with BadIIS malware, injecting SEO fraud and redirects while evading detection through advanced persistence strategies.