Threat Research

Researchers uncovered multiple cyber-espionage campaigns targeting a Southeast Asian government organization. The investigation traced Stately Taurus activity (June–Aug 2025), involving USB-spread USBFect (HIUPAN) malware deploying a PUBLOAD backdoor....

Pawn Storm, a Russia-aligned APT group, is targeting Ukraine’s defense supply chain and allied nations. It deploys PRISMEX, a modular malware suite using steganography, COM hijacking, and cloud-based C2. The group exploited multiple flaws, including a Windows zero-day (CVE-2026-21513). Malicious .lnk files via CVE-2026-21509 may chain with CVE-2026-21513, per Akamai findings....

UNC2814 is a PRC-aligned cyber espionage group active since at least 2017. It targets telecom and government sectors to steal communications intelligence and PII. The group has operated in 42 confirmed countries and over 70 suspected across multiple regions Africa, Asia, and the Americas....

Since late December 2025, the team has handled multiple incidents involving voice-based phishing (vishing) leading to data theft and extortion. These attacks have targeted organizations across Financial Services, Manufacturing, Professional & Legal Services, and Wholesale & Retail sectors....

Pakistan-linked threat actor APT36 (Transparent Tribe) has shifted to an AI-assisted malware development model known as “vibeware,” generating large volumes of disposable implants using niche programming languages such as Nim, Zig, and Crystal to evade traditional detection....

Rising tensions between the United States, Israel, and Iran have increased the likelihood of cyber operations accompanying military activity. Iranian state-aligned threat actors have historically targeted sectors such as energy, financial services, government, and defense to weaken response capabilities before or during conflict....

In January 2026, ThreatLabz identified activity by a suspected Iran-linked threat actor targeting Iraqi government officials. The team uncovered previously undocumented malware: SPLITDROP, TWINTASK, TWINTALK, and GHOSTFORM. Analysis revealed strong overlap in tools, techniques, procedures (TTPs), and victimology with known Iran-nexus APT operations. Based on this evidence,...

UNC2814, a suspected PRC-linked cyber espionage group active since 2017, conducted a large-scale global campaign targeting telecommunications and government organizations across 42 countries, impacting at least 53 confirmed victims....

Two critical zero-day vulnerabilities, CVE-2026-1281 and CVE-2026-1340, are impacting Ivanti Endpoint Manager Mobile (EPMM). They are actively exploited in the wild, targeting enterprise mobile fleets and corporate networks. The flaws allow unauthenticated remote code execution on affected servers....

A large-scale spam campaign abused Atlassian Cloud’s trusted domain to distribute multilingual phishing emails targeting government and corporate entities....