Suspected Chinese Threat Group Targets Universities via Vulnerable Roundcube Servers
A suspected Chinese threat cluster is exploiting Roundcube vulnerabilities to compromise university networks in the US and Canada and harvest user credentials
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
A suspected Chinese threat cluster is exploiting Roundcube vulnerabilities to compromise university networks in the US and Canada and harvest user credentials
Security Service Says China-Linked Actor Compromised Vulnerable Network DevicesNorway's security service confirmed it was targeted by the China-linked Salt Typhoon campaign, marking one of Europe’s clearest public acknowledgements that the cyberespionage operation extended beyond U.S. telecom and federal networks into allied infrastructure.
Hacked Infrastructure Delivered Chinese Nation-State Group's Backdoor, Experts WarnThe widely used, open source text-editing software Notepad++ for Windows said attackers exploited a vulnerability to redirect some users to sites that pushed a backdoor onto their system. Security experts have tied the attack to a broader campaign perpetrated by Chinese nation-state actors.
Chinese-speaking threat actors used a compromised SonicWall VPN appliance to deliver a VMware ESXi exploit toolkit that seems to have been developed more than a year before the targeted vulnerabilities became publicly known. [...]
Chinese Hackers Target European Diplomats with LNK File FlawChinese nation-state hackers are exploiting a Windows vulnerability to hack European diplomatic outposts, say security researchers - but operating system giant Microsoft says the flaw doesn't merit a patch. Hackers used a flaw already compromised by North Korea and Russia.
145 Organizations Compromised by China-Linked Ransomware Hackers and OthersNearly 150 different organizations' on-premises SharePoint servers have been exploited by attackers targeting the zero-day vulnerabilities now tracked as ToolShell, researchers warn. Early attacks have been attributed to China-linked groups, in some cases leading to Warlock ransomware infections.
Microsoft said Chinese actor Storm-2603 is deploying Warlock ransomware following the exploitation of vulnerabilities in on-prem SharePoint systems
Networks in US and beyond compromised by Beijing's super-snoops pulling off priv-esc attacks China's Salt Typhoon spy crew exploited vulnerabilities in Cisco devices to compromise at least seven devices linked to global telecom providers and other orgs, in addition to its previous victim count.…
Hackers exploiting the critical Ivanti Connect Secure zero-day vulnerability disclosed yesterday installed on compromised VPN appliances new malware called 'Dryhook' and 'Phasejam' that is not currently associated with any threat group. [...]
The APT group uses spear-phishing and a vulnerability in a geospatial data-sharing server to compromise organizations in Taiwan, Japan, the Philippines, and South Korea.
Chinese Botnet Targets US Critical Infrastructure and TaiwanA Chinese state-sponsored botnet called Raptor Train has infected more than 260,000 IoT and office network devices to target critical infrastructure globally. The hackers used zero-days and known vulnerabilities to compromise more than 20 different types of devices to expand their botnet.
So far, the threat actor has compromised at least five organizations using CVE-2024-39717; CISA has added bug to its Known Exploited Vulnerability database.
Cisco has patched a zero-day vulnerability exploited by a Chinese APT group to compromise Nexus switches
The U.S. Federal Bureau of Investigation (FBI) is warning that Barracuda Networks Email Security Gateway (ESG) appliances patched against a recently disclosed critical flaw continue to be at risk of potential compromise from suspected Chinese hacking groups
Chinese hackers used a zero-day exploit for a critical-severity vulnerability in Sophos Firewall to compromise a company and breach cloud-hosted web servers operated by the victim. [...]
NSA, FBI and CISA issue joint advisory that suggests China hardly has to work for this – flaws revealed in 2017 are among their entry points State-sponsored Chinese attackers are actively exploiting old vulnerabilities to "establish a broad network of compromised infrastructure" then using it to attack telcos and network services providers.…
And Dropbox-meddling PlugX RAT crew haven't been sitting still, either Beijing's spies compromised government computer networks in six US states by exploiting, among other flaws, a vulnerability in a cattle-counting system, according to Mandiant.…