UNC6395 Expands Data Theft Campaign to Email OAuth Tokens
Google researchers discovered the new attacks and are advising all customers to treat any authentication tokens for those integrations as compromised.
All topics
Intrusions
24 Posts
US Gov Links Private Chinese Firms to Salt Typhoon Hacks
Salt Typhoon has not been observed exploiting zero-day flaws, but instead targeting known bugs in exposed network edge devices - some of which are years old.
Attacks Hit Possible SonicWall Zero Day
Attackers are exploiting a likely zero day vulnerability in some versions of SonicWall Firewall devices with the SSL VPN functionality enabled, and in some cases are able to bypass MFA protections. The intrusions have been ongoing since at least the end of last week, and researchers have observed some attackers deploying the Akira ransomware after […]
New PXA Stealer Campaign Hits Victims Worldwide
A group of attackers with ties to the Vietnamese cybercrime underground ecosystem are running a significant campaign across many different countries that is delivering the PXA Stealer malware and uses novel sideloading and anti-analysis techniques to slip past defensive measures. The campaign has targeted victims in more than 60 countries and the attackers have harvested […]
Microsoft Finds Secret Blizzard Targeting Foreign Diplomats
Microsoft has uncovered a long-running campaign by a threat group affiliated with Russian intelligence that has targeted diplomats working in Russia with a custom tool called ApolloShadow that enables the group to maintain persistence on victims’ devices as part of a cyberespionage operation. The group is known as Secret Blizzard and Microsoft’s researchers found that […]
Chinese Attackers Target SharePoint CVE-2025-53770
Three separate Chinese threat groups are exploiting a set of recently disclosed vulnerabilities in on-premises Microsoft SharePoint installations, and Microsoft and CISA are urging companies that haven’t yet updated their installations to do so as quickly as possible. Microsoft first published information about the two flaws (CVE-2025-53770 and CVE-2025-53771) on July 19 after seeing active […]