APT Blog- 2026 2025 2024 2023 2022 2021 2020 2019 2018
APT blog Attack blog BigBrother blog BotNet blog Cyber blog Cryptocurrency blog Exploit blog Hacking blog ICS blog Incident blog IoT blog Malware blog OS Blog Phishing blog Ransom blog Safety blog Security blog Social blog Spam blog Vulnerebility blog
DATE | NAME | Info | CATEG. | WEB |
| 1.2.26 | Dissecting UAT-8099: New persistence mechanisms and regional focus | Cisco Talos has identified a new, regionally targeted campaign by UAT-8099 that leverages advanced persistence techniques and custom BadIIS malware variants to compromise IIS servers, particularly in Thailand and Vietnam. | APT blog | CISCO TALOS |
| 24.1.26 | The Invisible Insider: Why AML and KYC Compliance Fail Against Digital Deception | North Korean operatives and professional money launderers have been drawing six-figure salaries from Fortune Global 500 companies by exploiting a fundamental flaw in identity verification. | APT blog | Silent Push |
| 24.1.26 | From the Shadows to the Headlines: A Decade of State-Sponsored Cyber Leaks | Analysis of a decade of major state-sponsored cyber leaks (Shadow Brokers, Vault 7, i-Soon, KittenBusters): patterns, impact, and the centrality of human vulnerability. | APT blog | Trelix |
| 17.1.26 | Unmasking the DPRK Remote Worker Problem | The DPRK remote worker program functions as a high-volume revenue engine for the North Korean regime. These state-sponsored operatives use stolen identities to secure remote roles within Western enterprises. They establish long-term persistence inside corporate infrastructure before their first meeting. These actors bypass standard IAM and EDR by mimicking the behavior, location, and hardware signatures of a domestic employee. | APT blog | Silent Push |
| 17.1.26 | APT PROFILE – KIMSUKI | Kimsuki, an advanced persistent threat (APT) group active since at least 2012, is suspected to be operating out of North Korea in direct support of the regime’s strategic objectives. The… | APT blog | |
| 17.1.26 | Inside RedVDS: How a single virtual desktop provider fueled worldwide cybercriminal operations | Microsoft’s investigation into RedVDS services and infrastructure uncovered a global network of disparate cybercriminals purchasing and using to target multiple sectors. | APT blog | Microsoft blog |
| 17.1.26 | UAT-8837 targets critical infrastructure sectors in North America | Cisco Talos is closely tracking UAT-8837, a threat actor we assess with medium confidence is a China-nexus advanced persistent threat (APT) actor. | APT blog | CISCO TALOS |
| 10.1.26 | Initial Access Sales Accelerated Across Australia and New Zealand in 2025 | Cyble’s 2025 report analyzes Initial Access sales, ransomware operations, and data breaches shaping the cyber threat landscape in Australia and New Zealand. | APT blog | |
| 10.1.26 | Resurgence of Scattered Lapsus$ hunters | Executive Summary: Recent monitoring of underground forums and Telegram communities has identified the resurgence of the Scattered Lapsus$ collective. The actors appear to be | APT blog | Cyfirma |
| 10.1.26 | UAT-7290 targets high value telecommunications infrastructure in South Asia | Talos assesses with high confidence that UAT-7290 is a sophisticated threat actor falling under the China-nexus of advanced persistent threat actors (APTs). UAT-7290 primarily targets telecommunications providers in South Asia. | APT blog | |
| 10.1.26 | Resolutions, shmesolutions (and what’s actually worked for me) | Talos' editor ditches the pressure of traditional New Year’s resolutions in favor of practical, in-the-moment changes, and finds more success by letting go of perfection. Plus, we break down the latest on UAT-7290, a newly disclosed threat actor targeting critical infrastructure. | APT blog |