Threat Research

UAT-8302 is a sophisticated China-linked APT group targeting South American government entities since late 2024 and southeastern European agencies in 2025. After gaining access, the group deploys several custom malware families previously associated with other China-nexus threat actors....

VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731) details active exploitation of a pre-authentication RCE flaw in BeyondTrust Remote Support software that enables attackers to execute OS-level commands and fully compromise affected systems....

Linux is trusted for its security, stability, and control, often seen as safer than Windows. But this trust can create blind spots, as attackers innovate beyond software exploits. New threats use behaviors, scripts, and even filenames to breach systems stealthily. We’ll explore a real Linux malware case where a filename alone triggers infection....

A recent campaign has been uncovered targeting the Chinese telecom sector, with a specific focus on China Mobile Tietong Co., Ltd., a major subsidiary of China Mobile. The attack leverages a malware ecosystem built around VELETRIX and VShell malware....

A Chinese-speaking threat group, tracked as UAT-6382, is exploiting a zero-day vulnerability (CVE-2025-0994) in Cityworks, a popular asset management system, to gain remote code execution. The attackers deploy web shells such as AntSword and Chopper on IIS servers....