Hackers exploit Roundcube flaw to spy on academic researchers
A China-linked threat cluster has been exploiting vulnerable Roundcube servers at U.S. and Canadian universities to steal credentials and deploy backdoor malware. [...]
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
A China-linked threat cluster has been exploiting vulnerable Roundcube servers at U.S. and Canadian universities to steal credentials and deploy backdoor malware. [...]
A suspected China-aligned threat activity cluster has been observed exploiting Roundcube webmail software belonging to physics and engineering departments of U.S. and Canadian universities as part of a new campaign
Proofpoint researchers said attackers targeted physics and engineering departments, and warn that the campaign is likely ongoing. The post Suspected Chinese espionage group used a Roundcube exploit chain to burrow into universities appeared first on CyberScoop.
Several versions of firmware released by Chinese network device manufacturer Tenda have been found to embed an undocumented authentication backdoor that enables administrative access to the devices' web management interfaces, the CERT Coordination Center (CERT/CC) warned Monday
ESET’s 2026 APT Activity Report suggests China-backed APTs are using instability in the region to target victims, as well as continuing activity against organizations around the globe
A China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of zero-day and N-day vulnerabilities to orchestrate "high-velocity" attacks and break into susceptible internet-facing systems
Microsoft says that Storm-1175, a China-based financially motivated cybercriminal group known for deploying Medusa ransomware payloads, has been deploying n-day and zero-day exploits in high-velocity attacks. [...]
Also: Chinese Firms Indicted in Crypto-Linked Fentanyl Supply CaseThis week, charges filed in Uranium Finance hack, indictment of Chinese firms in fentanyl supply case, a class action lawsuit against Nvidia, Drift Protocol exploit, KuCoin operational barriers in the United States and a U.K. sanction filed against Xinbi.
Also, Telus Breach, Microsoft Hotpatching, Interpol Malicious IP TakedownThis week, Russian hacker OpSec failure, Interpol helped disrupt 45,000 malicious IPs, the FBI is looking for an ATM jackpotting suspect and Telus disclosed a breach. Windows hotpatching, an FTP exploit, a foiled attack on a nuclear research center and China-linked espionage.
High-value organizations located in South, Southeast, and East Asia have been targeted by a Chinese threat actor as part of a years-long campaign
UNC2814 historically targets governments and telcos A China-linked crew found a unique formula for attacking telcos and government orgs across the Americas, Asia, and Africa in its latest round of intrusions. Google's threat intelligence, along with unnamed industry partners, disrupted the gang, which used the Chocolate Factory's own spreadsheet tools as part of its exploits.…
Texas sued networking giant TP-Link Systems, accusing the company of deceptively marketing its routers as secure while allowing Chinese state-backed hackers to exploit firmware vulnerabilities and access users' devices. [...]
Mandiant reveals campaign featuring exploit of a CVSS 10.0 CVE in Dell RecoverPoint for Virtual Machines
China, Iran, North Korea Hackers Exploit Gemini Across Attack Life CycleState-backed hackers weaponized Google's artificial intelligence model Gemini to accelerate cyberattacks, using the productivity tool as an offensive asset for reconnaissance, social engineering and malware development. Google said it has disabled accounts and strengthened defenses.
Researchers at Check Point link ‘Amarath-Dragon’ attacks to prolific Chinese cyber-espionage operation
Threat actors affiliated with China have been attributed to a fresh set of cyber espionage campaigns targeting government and law enforcement agencies across Southeast Asia throughout 2025
A new threat actor called Amaranth Dragon, linked to APT41 state-sponsored Chinese operations, exploited the CVE-2025-8088 vulnerability in WinRAR in espionage attacks on government and law enforcement agencies. [...]
PeckBirdy is a sophisticated JScript-based C&C framework used by China-aligned APT groups to exploit LOLBins across multiple environments, delivering advanced backdoors to target gambling industries and Asian government entities.
Chinese Attackers Among Those Tied to Attempted Exploits of FortiSIEM AppliancesCritical vulnerabilities in edge devices are continuing to be discovered by security researchers and rapidly targeted by attackers. Lately, this includes a critical vulnerability in Fortinet's FortiSIEM appliances, which Chinese and other hackers began targeting just two days post-patch.
A threat actor likely aligned with China has been observed targeting critical infrastructure sectors in North America since at least last year