Region: apac
All items tagged apac.
- Unit 42: Chinese-speaking cluster CL-STA-1062 deploys the new TinyRCT .NET backdoor against SE-Asian government and energy targets via AppDomainManager injection
- Microsoft: "Photo ZIP" phishing laundered through Calendly drops Node.js TonRAT against European hospitality front desks
- WhatsApp-borne VBScript silently installs a ManageEngine RMM agent for living-off-the-land remote control
- Energy, water & OT — perimeter and process failures, with an OT-adjacent halt
- Law-enforcement momentum — Operation Endgame expands, Silver Fox mass-arrest, Conti loader plea
- ScarCruft (APT37) delivers NarwhalRAT behind fake Microsoft OTP "security alert" lures
- China arrests 67 members of the Silver Fox (Winos/ValleyRAT) cybercrime network
- FishMonger (I-SOON) ports its SprySOCKS backdoor to Windows with a kernel-driver rootkit
- Sekoia: ErrTraffic — a ClickFix Malware-as-a-Service framework resolving C2 through the Polygon blockchain
- Healthcare & energy — large-scale personal-data exposure from theft and from mishandling
- South Korea fines Coupang a record ₩624.7 bn over an unrevoked signing key
- Kyushu Electric subsidiary loses an unencrypted SSD with 10.9 million customer records — reportedly Japan's largest personal-data breach
- South Korea fines Coupang a record ₩624.7 bn over an unrevoked signing key held by a former employee
- [SINGLE-SOURCE] ESET: OceanLotus (APT32) compromises a stock-trading platform's update server — selective SPECTRALVIPER delivery, no integrity checks to defeat
- Hijacked polyfill[.]io domain reactivates, surfacing native browser credential prompts on sites that never removed legacy script tags
- Operation XENOFISCAL: SideCopy (APT36) hits provincial treasury officials with XenoRAT via an mshta/HTA chain
- Kimsuky (Velvet Chollima) deploys HTTPSpy RAT and Rust-based HelloDoor via VS Code Remote Tunnel and Cloudflare Quick Tunnel C2
- MuddyWater / Seedworm — Symantec and Carbon Black document new DLL-side-loading pair via signed Fortemedia and SentinelOne binaries, ChromElevator for Chromium App-Bound Encryption bypass, Node.js orchestration
- CVE-2026-5426 — Digital Knowledge KnowledgeDeliver LMS: pre-shared ASP.NET `machineKey` enables ViewState deserialization RCE, exploited as a zero-day
- CVE-2026-5426 — Digital Knowledge KnowledgeDeliver LMS: ViewState deserialization RCE exploited as a zero-day
- Calypso/Red Lamassu (Bronze Medley) deploys Showboat (Linux) and JFMBackdoor (Windows) against telecoms — new implant pair disclosed by Lumen Black Lotus Labs and PwC Threat Intelligence
- B1ack's Stash carding marketplace publicly releases 4.6M card records — SOCRadar attributes collection to e-skimming and phishing; not confirmed by issuing banks
- Cisco Talos: "demo.pdb" BadIIS variant now a commodity MaaS IIS ISAPI backdoor; lwxat developer alias, builder tool recovered
- Calypso / Red Lamassu (Bronze Medley, China-aligned) — Showboat and JFMBackdoor against telecoms
- Kaspersky GReAT documents Kimsuky's Rust-based HelloDoor and TryCloudflare-tunnel C2 added to the PebbleDash toolkit [SINGLE-SOURCE]