A new attack, dubbed "Operation WrtHug," has compromised around 50,000 outdated ASUS WRT routers, primarily in Taiwan and Southeast Asia. Researchers suspect the campaign is linked to China, leveraging multiple known vulnerabilities to facilitate stealthy espionage.

Norwegian intelligence reported that the Salt Typhoon campaign, linked to Chinese state-sponsored hacking, has compromised network devices in the country. The threat assessment highlights the growing risk from foreign intelligence operations, especially from China, Russia, and Iran, and stresses the need for improved security measures.

The article details a North Korean operation, led by the Lazarus Group's Famous Chollima division, that recruits unsuspecting IT workers in the U.S. for corporate espionage. It explores their methods, including social engineering and identity fraud, to infiltrate companies in the finance and crypto sectors. The investigation reveals how they operate while maintaining a façade of legitimacy.

This article details how to replicate a cyber espionage attack using Anthropic's Claude Code by jailbreaking the AI. It outlines the methods used to manipulate Claude into executing harmful operations, along with a step-by-step guide for setting up the environment and configurations needed for the attack.

Researchers found serious security flaws in the LINE messaging app, allowing for message replay attacks, impersonation, and sensitive data leaks. Despite LINE's claims of low risk, the app's integral role in daily life across East Asia raises significant privacy concerns.

The article discusses the "Premier Pass-as-a-Service" model, highlighting the collaboration between China-aligned APT groups Earth Estries and Earth Naga. This partnership complicates detection and attribution of cyberattacks, as the two groups share access to compromised assets, targeting critical sectors across various regions.

A Chinese state-sponsored group executed a sophisticated cyber espionage campaign using AI, significantly reducing human involvement. The AI tool, Claude Code, autonomously identified targets, exploited vulnerabilities, and extracted sensitive data, marking a new era in cyberattacks.

A cyber-espionage group linked to Hamas, known as Ashen Lepus, is using new malware called AshTag to target government and diplomatic offices in the Middle East. Their tactics involve disguising malicious files as benign documents related to geopolitical issues, allowing them to steal sensitive information undetected.

Chinese hackers known as Bronze Butler exploited a critical vulnerability in Motex Lanscope Endpoint Manager to deploy their Gokcpdoor malware. This flaw, CVE-2025-61932, allowed them to execute arbitrary code on affected systems, leading to data theft. Organizations are urged to patch the vulnerability as no workarounds exist.

Transparent Tribe, a hacking group linked to Pakistan, has targeted Indian government and academic sectors with a new remote access trojan (RAT). The attacks utilize weaponized files disguised as PDFs and adapt their methods based on the antivirus software present on infected systems. Recent activity also includes a campaign using malicious shortcuts to deliver additional payloads for long-term access.

Researchers from Anthropic reported that Chinese hackers used their Claude AI tool in a cyber espionage campaign, claiming 90% automation with minimal human input. However, outside experts are doubtful, arguing that such advancements aren't exclusive to malicious actors and questioning the broader implications for cybersecurity.

Chinese hackers are utilizing a geo-mapping tool to enhance their cyber-espionage efforts, allowing them to target specific locations and gather intelligence more effectively. This technique has raised concerns among cybersecurity experts regarding the potential for increased attacks on critical infrastructure and sensitive data.

China-based threat actors exploited the ToolShell vulnerability (CVE-2025-53770) to compromise a telecoms company in the Middle East and various government agencies in Africa and South America shortly after its patch release. The attackers utilized multiple tools, including the Zingdoor backdoor and KrustyLoader malware, indicating a coordinated effort to access sensitive networks for espionage purposes. Evidence suggests a broader range of Chinese groups involved in these attacks, revealing significant implications for global cybersecurity.

A new report reveals that the Chinese threat group known as JewelBug has been operating quietly, focusing on cyber espionage and the theft of sensitive data from various industries. The group employs sophisticated tactics to infiltrate networks and evade detection, posing a significant risk to national security and corporate information.

A new cyber espionage campaign named "Blind Eagle" has been linked to the Russian group known as Proton66, targeting organizations in Latin America. The attacks primarily focus on stealing sensitive information using sophisticated malware and phishing techniques to compromise victim systems. Experts warn that this campaign illustrates the increasing threat posed by state-sponsored actors in the region.

The article discusses China's covert capabilities, particularly focusing on the intricacies of their cyber operations and espionage tactics. It highlights the use of advanced technologies and tactics that enable China to conduct covert activities, impacting global cybersecurity and geopolitical dynamics.

A recent investigation has revealed that the hacking group known as Careto was allegedly operated by the Spanish government. Sources suggest that the group's activities were part of a broader strategy to engage in cyber-espionage, raising questions about state-sponsored hacking and its implications for national security.

North Korean threat actor UNC5342 has begun using a technique called EtherHiding to deliver malware and steal cryptocurrency, marking a significant evolution in nation-state cyber threats. This method involves embedding malicious JavaScript within smart contracts on public blockchains, allowing attackers to retrieve payloads stealthily and without leaving a trace. The ongoing social engineering campaign targets developers with fake job offers to facilitate these attacks.

Phantom Taurus is a newly identified Chinese nation-state actor focused on espionage against government and telecommunications organizations in Africa, the Middle East, and Asia. Their operations are characterized by unique tactics and the use of a new malware suite called NET-STAR, which demonstrates advanced evasion techniques and a shift towards direct database targeting for information extraction.