APT29, also known as Cozy Bear, is a Russian hacker group believed to be affiliated with one or more Russian intelligence agencies. The group has been operating for the Russian…
1. Executive Summary APT28 is a long-running Russian state-aligned cyber espionage actor widely attributed to the GRU’s 85th Main Special Service Center (GTsSS), military unit 26165, active since at least…
At-a-glance Attribute Assessment Primary tracking name APT31 (widely used in government and industry reporting) (Department of Justice) Notable aliases Violet Typhoon / ZIRCONIUM (Microsoft), JUDGMENT PANDA (CrowdStrike) (Microsoft Learn) Suspected…
1. Executive Summary Cl0p (often written “CL0P”) is a financially motivated extortion operation best known for high-scale data theft campaigns that disproportionately impact organisations running internet-facing Managed File Transfer (MFT)…
1. Executive Summary LAPSUS$ is an extortion-focused cybercriminal collective best known for high-tempo intrusions against large enterprises and service providers, frequently leveraging social engineering and identity compromise rather than exploiting…
Mandiant and Google Threat Intelligence Group (GTIG) have released critical findings regarding UNC6201, a suspected PRC-nexus threat cluster. This group has been actively exploiting a Dell RecoverPoint for Virtual Machines…
1. Executive Summary CVE-2026-20841 is a high-severity command injection flaw in the modern Windows Notepad (Microsoft Store) application that can result in arbitrary code execution in the context of the…
Microsoft’s February 2026 Patch Tuesday shipped fixes for 58 vulnerabilities, including six zero-days confirmed as actively exploited and three publicly disclosed issues. Microsoft also fixed five “Critical” flaws in this…
1. Executive Summary A widespread data-theft and extortion campaign has targeted organisations’ Salesforce environments by abusing trusted third-party integrations and malicious OAuth “Connected Apps”—rather than exploiting a core Salesforce software…
1. Executive Summary Notepad++’s update mechanism (WinGUp) was abused in a targeted supply-chain compromise in 2025, where certain users’ update traffic was selectively redirected to attacker-controlled infrastructure and served trojanised…