Threat Research

Seedworm (also known as MuddyWater) has been observed conducting cyber espionage activities against multiple organizations in the United States and Canada since early 2026. Targeted entities include a U.S. bank, airport, defense-related software company, and non-profit organizations....

Two critical zero-day vulnerabilities, CVE-2026-1281 and CVE-2026-1340, are impacting Ivanti Endpoint Manager Mobile (EPMM). They are actively exploited in the wild, targeting enterprise mobile fleets and corporate networks. The flaws allow unauthenticated remote code execution on affected servers....

A phishing campaign is leveraging SEO poisoning to push fake traffic ticket search portals to the top of search engine results. The fraudulent sites impersonate the Government of Canada and multiple provincial agencies to lure victims into searching for and paying supposed outstanding traffic violations....

Since early 2025, China’s presence in the Indo-Pacific has become increasingly assertive. Activities have ranged from heightened maritime tensions to acting as a peacebroker for Myanmar’s junta. More recently, espionage efforts have targeted joint Philippine naval exercises with the US, Australia, Canada, and New Zealand....

The Agenda ransomware group (Qilin) has been observed deploying Linux-based binaries on Windows hosts using legitimate remote management and file transfer tools. This cross-platform technique evades traditional Windows-focused detections, including many EDR solutions....

UAT-8099 is a Chinese-speaking cybercrime group targeting high-value IIS servers in countries like India, Thailand, Vietnam, Canada, and Brazil to conduct SEO fraud and steal credentials, config files, and certificates. They use web shells, Cobalt Strike, and BadIIS malware to manipulate search rankings and maintain persistence....

Chinese state-sponsored APT (Advanced Persistent Threat) actors are conducting global cyber espionage operations targeting key infrastructure sectors such as telecommunications, government, transportation, and military networks....

On May 15th, email security tools detected a sophisticated spear-phishing campaign targeting CFOs and finance executives at banks, energy firms, insurance companies, and investment groups across Europe, Africa, Canada, the Middle East, and South Asia. This multi-stage attack aimed to deliver NetBird, a legitimate WireGuard-based remote access tool, onto victims’ systems....

Our team has observed a surge in large-scale phishing campaigns written in Japanese, primarily targeting organizations in Japan using a phishing kit known as CoGUI. These campaigns often impersonate well-known consumer and payment brands like Amazon, PayPay, and Rakuten. CoGUI is a stealthy phishing framework designed to evade detection, with Japan being its main focus....

A threat actor has registered over 10,000 domains with the "com-" prefix for SMS phishing (smishing) scams. These domains impersonate toll and package delivery services across 10 U.S. states (CA, FL, IL, KS, MA, PA, NJ, NY, TX, VA) and Ontario, Canada....