Security researchers uncovered a North Korean operation that lures engineers into renting their identities for fraudulent activities. The group uses tactics like deep fakes and deception to secure jobs at major companies while the compromised engineers take on the risks. The operation exploits both legitimate and fake identities to carry out espionage and revenue generation.

Anthropic CEO Dario Amodei has been called to testify before the House Homeland Security Committee on December 17 regarding a Chinese cyber-espionage campaign involving AI. This marks the first congressional appearance by an Anthropic executive related to this AI-driven attack. Lawmakers are seeking insights on the implications of AI in cybersecurity.

Australia’s spy chief, Mike Burgess, highlighted the growing risk of cyber-attacks from authoritarian regimes aimed at critical infrastructure. He emphasized that these threats are no longer hypothetical, with foreign teams actively exploring options for sabotage, especially as technology advances. Burgess urged organizations to take proactive measures to manage these foreseeable risks.

German security experts warn that state-backed hackers are using social engineering tactics to infiltrate the Signal messaging app of military leaders and journalists. They trick victims into revealing security codes or scanning malicious QR codes, allowing the attackers to access private conversations without detection.

An Iranian activist exposed a phishing campaign targeting high-profile users in the Middle East, aiming to steal Gmail and WhatsApp credentials. The hackers used a fake website to capture sensitive information and potentially conduct surveillance on victims. The campaign's timing suggests possible ties to government-backed espionage efforts.

Threat actors are using phishing emails with weaponized attachments to deploy malware aimed at Russia and Belarus' defense sector. The malware establishes a backdoor via OpenSSH and a customized Tor service, facilitating remote access while avoiding detection. Environmental checks ensure it only activates on genuine user systems.

The article criticizes Anthropic's recent report on a Chinese state-sponsored cyber espionage operation, arguing it lacks verifiable details and fails to provide essential indicators for threat detection. It highlights the report's shortcomings in transparency and accountability, questioning the motivations behind its release and the credibility of the claims made.

A cyberespionage group, identified as TGR-STA-1030, has compromised government and critical infrastructure systems in 37 countries, with evidence suggesting links to China. The group has targeted law enforcement, finance ministries, and telecommunications, raising serious national security concerns.

A significant data breach at Knownsec, a Chinese cybersecurity firm, leaked over 12,000 classified documents detailing advanced state-sponsored cyber tools and a list of global surveillance targets. The breach, which occurred in November 2025, revealed extensive cyber espionage activities and sophisticated attack methods.

Iranian hacking group APT42 has been conducting a sophisticated campaign against senior defense and government officials, using social engineering tactics and even targeting their families to apply pressure. The malware they deploy operates stealthily, blending with normal activity and employing various techniques to maintain persistence and exfiltrate sensitive data.

Google Threat Intelligence Group reported a novel phishing campaign attributed to a suspected Russian espionage actor, UNC5837, targeting European government and military organizations. Attackers used signed .rdp files to establish Remote Desktop Protocol connections, enabling them to access victim systems and potentially exfiltrate sensitive information, highlighting the risks associated with lesser-known RDP functionalities.

The International Criminal Court (ICC) has reported a sophisticated cyberattack targeting its systems, detected and contained shortly after the intrusion occurred. This incident follows a previous attack by an espionage group two years prior, highlighting ongoing cybersecurity threats faced by the ICC.

Chinese hackers are suspected of infiltrating a law firm, raising concerns about cybersecurity and international espionage. The incident highlights ongoing tensions between the U.S. and China regarding cyberattacks and state-sponsored hacking efforts. Investigations are underway to determine the extent of the breach and its implications for sensitive legal information.

The article discusses the emergence of ScarCruft, a sophisticated threat actor that employs RokRat malware to conduct cyber espionage and data theft. It details the malware's capabilities and its targeted attacks against high-profile organizations. Additionally, the article emphasizes the importance of cybersecurity measures to counter such threats.

The article discusses a new malware identified as "Sparrow," attributed to a Chinese cyber espionage group known as FamousSparrow. This malware poses a significant threat to organizations in the Americas by exploiting vulnerabilities in various systems to conduct surveillance and data theft.

Canadian telecommunications companies have reported being victims of cyberattacks linked to espionage activities orchestrated by China. The breaches have raised significant security concerns and prompted discussions about national defense and the integrity of communication infrastructures. Authorities are investigating the extent of the impact and potential vulnerabilities exposed by these incidents.

Two Dutch teenagers, aged 17, were arrested for attempting to spy on Europol and Eurojust for Russia using WiFi sniffer devices. They were recruited via Telegram and apprehended following a tip from the Dutch intelligence service, with no compromise to Europol's systems reported. The case highlights a concerning trend of young individuals being targeted for espionage activities in Europe.

Google Threat Intelligence Group is monitoring the BRICKSTORM malware campaign, attributed to the UNC5221 threat actor, which targets the tech and legal sectors to maintain stealthy access to victim organizations. The malware exploits zero-day vulnerabilities and employs sophisticated techniques for lateral movement and data theft, remaining undetected for an average of 393 days. Organizations are urged to reassess their security measures, particularly concerning network appliances that may lack traditional security monitoring.

China's Salt Typhoon cyber espionage campaign has compromised information from millions of Americans and targeted over 80 countries since its inception in 2019, according to an FBI official. The campaign has affected around 200 American organizations, including major telecommunications companies, and highlights a drastic shift in the scale of indiscriminate targeting compared to previous espionage activities. Victims include high-profile officials, with concerns raised about the reckless nature of these cyber operations.

North Korean workers have been infiltrating Fortune 500 companies, posing as legitimate employees to gain access to sensitive information and technology. This infiltration raises concerns about cybersecurity and the potential for espionage against major corporations.

Sonatype has identified a global espionage campaign targeting open-source ecosystems, revealing sophisticated tactics used by threat actors to infiltrate software supply chains. The findings highlight vulnerabilities within popular open-source libraries, emphasizing the need for enhanced security measures in software development practices.

A critical security vulnerability (CVE-2025-22457) in Ivanti Connect Secure VPN appliances is being actively exploited by a suspected China-nexus threat actor, UNC5221, leading to remote code execution and the deployment of various malware families. Organizations are urged to upgrade their systems immediately to mitigate potential risks associated with this vulnerability.