Microsoft warns that Chinese threat actors are using the "Quad7" botnet, built with hacked Small Office/Home Office (SOHO) routers, to steal credentials in password-spray attacks. A security researcher named "Gi7w0rm" first discovered the Quad7 botnet. According to later reports by researchers at Sekoia and Team Cymru, the threat actors behind the botnet are targeting devices from TP-Link, ASUS, and more. When the devices are compromised, the threat actors launch custom malware that enables remote access to the devices over Telnet.

Sophos has detailed a years-long battle with Chinese government-backed hacking teams and admitted to using its own custom implants to track the hackers' tools, movements, and tactics. The company said it has fought multiple zero-day attacks on its enterprise products since 2018, with each attack growing more sophisticated and aggressive. This article continues to discuss Sophos' years-long "cat-and-mouse" game with sophisticated Chinese government-backed hackers.

Since at least September 2024, users in the US, UK, Spain, Australia, and Japan have been targeted by a new phishing kit named "Xiu Gou," which was designed to deploy phishing attacks globally. The kit, discovered by the cybersecurity firm Netcraft, features a "doggo" mascot and has over 2,000 phishing websites targeting individuals in the public sector, postal services, digital services, and banking. This article continues to discuss findings regarding the Xiu Gou phishing kit.

Hackers are targeting two zero-day vulnerabilities in PTZOptics pan-tilt-zoom (PTZ) live streaming cameras used in industrial, healthcare, government, and courtroom settings. Researchers at GreyNoise discovered the flaws in April 2024 after its Artificial Intelligence (AI)-powered threat detection tool called "Sift" detected unusual honeypot network activity that did not match established threats. This article continues to discuss the targeting of zero-day vulnerabilities in PTZ cameras.

According to researchers at ThreatFabric, "LightSpy," an Apple iOS spyware, now has an improved version with destructive capabilities to prevent the compromised device from booting up. LightSpy, which was first documented in 2020 as targeting users in Hong Kong, is a modular implant that uses a plugin-based architecture to capture a wide range of sensitive from infected devices. This article continues to discuss findings regarding the new version of LightSpy.

Researchers at Bitdefender Labs have discovered a malvertising campaign that abuses Meta's advertising platform and hijacks Facebook accounts to distribute the "SYS01stealer" infostealer. According to the researchers, the campaign uses about 100 malicious domains to distribute the malware and conduct live Command-and-Control (C2) operations. This article continues to discuss findings regarding the malvertising campaign aimed at spreading SYS01stealer.

An operation named "EmeraldWhale" has led to the theft of over 15,000 cloud account credentials from thousands of private repositories by scanning for exposed Git configuration files. The campaign, discovered by researchers at Sysdig, uses automated tools to scan IP ranges for exposed Git configuration files, which may contain authentication tokens. Hackers behind the operation then use the tokens to download repositories stored on GitHub, GitLab, and BitBucket, which are scanned for additional credentials.

According to the Canadian Centre for Cyber Security's 2025-2026 "National Cyber Threat Assessment," Chinese state-sponsored threat actors have maintained access to at least 20 Canadian government networks for four years to steal valuable data. The Cyber Centre reported that the threat actors targeted information to advance the Chinese Communist Party's (CCP) strategic, economic, and diplomatic interests as well as gain an advantage in China-Canada bilateral relations and commercial matters.

Since 2019, a phishing campaign named "Phish n' Ships" has infected over 1,000 legitimate online stores to promote fake product listings for rare items. Those who click on those products are redirected to a network consisting of hundreds of fake web stores that steal their personal information and money. HUMAN's Satori Threat Intelligence discovered that the malicious campaign has affected hundreds of thousands of consumers and cost tens of millions of dollars. This article continues to discuss findings regarding the Phish n' Ships campaign.

A threat actor has targeted about 22,000 vulnerable CyberPanel instances and encrypted files on the servers that run it using PSAUX and other ransomware. CyberPanel is a popular open source control panel for managing servers used to host websites. This article continues to discuss findings regarding the massive ransomware attack targeting vulnerable CyberPanel instances.

Help Net Security reports "Ransomware Hits Web Hosting Servers via Vulnerable CyberPanel Instances"