Latest coverage for Threat Actor

Attackers spent five months silently stealing emails from a stock exchange executive’s Outlook account in a suspected espionage operation. A threat actor quietly sat inside a senior executive’s Outlook account at a major global stock exchange for roughly 150 days, from October 2025 to March 2026. Broadcom’s Symantec and Carbon Black threat-hunting team investigated the […]

A threat actor got a near-continuous view into an influential finance executive's email inbox, thanks to clever use of legitimate, native Windows tools.

A threat actor is using an AI-built ransomware attack toolkit that automates Active Directory discovery and helps evade endpoint detection and response (EDR) solutions. [...]

A threat actor used AI coding tools to build and test EDR evasion malware, Sophos finds

Password manager Dashlane has disclosed that "fewer than" 20 users on the personal subscription plan had their encrypted vaults downloaded following a brute-force attack launched by an unknown party

A threat actor tracked as DriveSurge has been operating large-scale malware distribution campaigns using ClickFix and FakeUpdates techniques on compromised sites. [...]

The Centre for Cybersecurity Belgium (CCB), the country's national authority for cybersecurity, warned on Friday that threat actors are now exploiting a recently patched critical Windows Netlogon vulnerability in attacks. [...]

Push Security says threat actors are delivering malware hosted on chatgpt.com/s/ domain

Threat actors are attempting to actively exploit a critical security flaw impacting WP Maps Pro, a WordPress plugin that has had over 15,000 sales on the Envato Market, to create malicious administrator accounts on susceptible sites

Threat actors are abusing ChatGPT's content-sharing feature to display fake OpenAI outage pages that direct users to download malware disguised as the ChatGPT desktop application. [...]

An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo network using a recently disclosed vulnerability

Threat actors from the Silent Ransom Group, aka Luna Moth, are escalating attacks by impersonating IT staff in phone calls and even showing up in person to gain direct access to victim systems

A previously undocumented threat actor dubbed GREYVIBE has been attributed to ongoing and persistent attacks targeting Ukraine and Ukraine-related entities since at least August 2025

The North Korean state-sponsored threat actor known as Kimsuky (aka Velvet Chollima) has been attributed to a fresh set of cyber attacks targeting South Korean military and corporate entities through March and April 2026

Threat actors are exploiting a critical FortiClient EMS flaw, tracked as CVE-2026-35616, to deploy malware on unpatched systems. Threat actors are exploiting a critical FortiClient EMS vulnerability, tracked as CVE-2026-35616 (CVSS score of 9.1), that allows remote code execution without authentication. Fortinet released fixes in April after confirming zero-day attacks in the wild and urged […]

Microsoft and Resecurity disrupted Fox Tempest, a malware-signing service that used fake Microsoft certificates to make malware look legitimate. Resecurity supported Microsoft’s Digital Crimes Unit (DCU) in its disruption of Fox Tempest, a financially motivated threat actor operating a malware-signing-as-a-service (MSaaS) capability used by cybercriminals to make malicious files appear legitimate. On May 19, 2026, […]

Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server (EMS) deployments to deliver a credential-stealing malware family dubbed EKZ Infostealer

New actor Jinx-0164 hit crypto developers with fake recruiter lures and macOS malware

A new campaign orchestrated by a previously undocumented threat actor has targeted cryptocurrency organizations with an aim to facilitate digital asset theft using recruitment-themed social engineering and bespoke macOS malware

Threat actors are targeting systems with high-performance computers in an ongoing cryptojacking campaign spread through a coordinated SEO poisoning operation that also manipulated AI chatbot recommendations. [...]