GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft
Cybersecurity researchers have attributed the April 2026 DigiCert security incident to a threat activity cluster dubbed CylindricalCanine
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Cybersecurity researchers have attributed the April 2026 DigiCert security incident to a threat activity cluster dubbed CylindricalCanine
China’s UNC6508 hid in North American medical research networks for 2 years, stealing credentials and forwarding emails to Gmail Google’s Threat Intelligence Group published a report this week on UNC6508, a China-linked cyberespionage group that breached North American medical and military research organizations and stayed hidden for more than two years. The earliest confirmed intrusion […]
A China-linked espionage campaign targeted exposed REDCap servers to deploy the InfiniteRed malware and steal sensitive data from a medical institution in North America. [...]
Officials admit 'there certainly has been a hack,' but refuse to confirm China link or data theft The UK's Foreign Office is investigating a confirmed cyberattack it learned about in October, senior ministers say.…
Chinese Developer Formerly Employed by Company Suspected of Data TheftSouth Korea's biggest online retailer, Coupang, said a five-month breach exposed personal data pertaining to 34 million customers, and only came to light after it received an extortion demand. Police said a former developer at the company, a Chinese national who fled the country, is a suspect.
Concerns Grow Over F5 Hacking Amid Stalled Government ShutdownFederal officials are scrambling to contain nation-state hackers exploiting stolen source code from networking devices and software maker F5 amid staffing pressures created by the ongoing government shutdown. Stolen files reportedly include undisclosed vulnerabilities F5 had been researching.
Williams & Connolly Hit in Zero-Day Campaign Impacting Client EmailsA zero-day vulnerability was used to breach email accounts at the elite D.C. law firm Williams & Connolly, with officials reportedly suspecting the hack is part of a China-linked campaign targeting the U.S. legal sector to support espionage, steal intelligence and establish long-term access routes.
The Chinese state-sponsored hacking group known as Salt Typhoon breached and remained undetected in a U.S. Army National Guard network for nine months in 2024, stealing network configuration files and administrator credentials that could be used to compromise other government networks. [...]
Also, Stolen Cookies for Sale, LexisNexis Breach and an FBI WarningThis week, Alcasec back in a Spanish jail, billions of stolen cookies and Chinese hackers used Google Calendar. LexisNexis and Adidas had breaches, a vishing warning from the FBI. ClickFix scammers used fake Google Meet pages, Victoria's Secret went offline. Microsoft will update all your software.
In what's being called a 'major cybersecurity incident,' Beijing-backed adversaries broke into cyber vendor BeyondTrust to access US Department of Treasury workstations and steal unclassified data, according to a letter sent to lawmakers.
Telco Giant's Probe Finds 'No Evidence' of Customer or Sensitive Data BreachThe world's largest telecommunications carrier, T-Mobile U.S., said it was targeted as part of a wide-ranging cyberespionage operation the U.S. government attributes to China but has found no sign of data access or theft. Other known victims of the campaign include AT&T, Verizon and Lumen.
Also: Payment Card Theft Trends, Internet Archive UpdateThis week, bulk data transfers to China, credit card theft, the Internet Archive still recovering and the Change Healthcare tally is now 100M. Ukraine fought phishers, civil society against the UN cybercrime treaty, TA866 and virtual hard drives spread malware. Google verified Sir Isaac Newton.
New attacks attributed to China-based cyber espionage group Mustang Panda show that the threat actor switched to new strategies and malware called FDMTP and PTSOCKET to download payloads and steal information from breached networks. [...]
The Chinese state-backed hacking group Volt Typhoon is behind attacks that exploited a zero-day flaw in Versa Director to upload a custom webshell to steal credentials and breach corporate networks. [...]
Stolen data from Chunghwa Telecom — including government-related details — are up for sale on the Dark Web, the Taiwanese defense ministry confirms.
Also, Kansas Courts Say Ongoing Outage Traces to Attack; Confidential Data StolenThis week's data breach roundup: Chinese-affiliated hackers target the Philippine government; Kansas Courts confirm data theft, officials warn of exploited flaws in Sophos, Oracle and Microsoft software; AutoZone discloses a Clop ransomware attack; Optus' CEO resigns after network outage.
Chinese hackers stole tens of thousands of emails from U.S. State Department accounts after breaching Microsoft's cloud-based Exchange email platform in May. [...]
The threat actor used the stolen key to breach 25 organizations, including US government agencies
Microsoft on Wednesday revealed that a China-based threat actor known as Storm-0558 acquired the inactive consumer signing key to forging tokens to access Outlook by compromising an engineer’s corporate account
Chinese state-sponsored hackers have been targeting industrial organizations with new malware that can steal data from air-gapped systems. [...]