Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
🏴‍☠️ J has just published a new victim : laticrete.com.cn
Description: [AI generated] Laticrete is a leading international manufacturer specializing in the construction industry. They offer innovative solutions in tile and stone installation systems, masonry installation and reinforcement, concrete construction chemicals, restoration, and care of tile/stone products. The company's China branch at "laticrete.com.cn" brings these products and services to the Chinese market.
Source: Ransomware.live
May 2nd, 2025 (12 days ago)
Chinese Hackers Use IPv6 SLAAC Spoofing to Deliver WizardNet Backdoor
Description: A sophisticated adversary-in-the-middle (AitM) attack campaign by a China-linked threat actor dubbed TheWizards, leverages IPv6 SLAAC spoofing to redirect legitimate software updates and infect victims with a modular backdoor known as WizardNet. The campaign, active since at least 2022 and still ongoing as of 2024, centers around a custom-built tool named Spellbinder. This utility facilitates … The post Chinese Hackers Use IPv6 SLAAC Spoofing to Deliver WizardNet Backdoor appeared first on CyberInsider.
Source: CyberInsider
May 1st, 2025 (13 days ago)
Billbug Expands Cyber-Espionage Campaign in Southeast Asia
Description: The China-linked cyber-operations group, better known as Lotus Panda, uses its own custom malware to focus on government agencies and private companies in Hong Kong, the Philippines, Taiwan, and Vietnam.
Source: Dark Reading
May 1st, 2025 (13 days ago)
Hackers abuse IPv6 networking feature to hijack software updates
Description: A China-aligned APT threat actor named "TheWizards" abuses an IPv6 networking feature to launch adversary-in-the-middle (AitM) attacks that hijack software updates to install Windows malware. [...]
Source: BleepingComputer
May 1st, 2025 (13 days ago)
Maryland man pleads guilty to outsourcing US gov work to North Korean dev in China
Source: TheRegister
April 30th, 2025 (14 days ago)
The FBI's Brett Leatherman gives the latest ‘Typhoon’ forecast
Description: Recorded Future News sat down with the deputy assistant director of the FBI’s cyber division at the RSA Conference to talk about the latest updates in countering China-linked hackers.
Source: The Record
April 30th, 2025 (14 days ago)
Chinese Hackers Abuse IPv6 SLAAC for AitM Attacks via Spellbinder Lateral Movement Tool
Description: A China-aligned advanced persistent threat (APT) group called TheWizards has been linked to a lateral movement tool called Spellbinder that can facilitate adversary-in-the-middle (AitM) attacks. "Spellbinder enables adversary-in-the-middle (AitM) attacks, through IPv6 stateless address autoconfiguration (SLAAC) spoofing, to move laterally in the compromised network, intercepting packets and
Source: TheHackerNews
April 30th, 2025 (14 days ago)
China now America's number one cyber threat – US must get up to speed
Source: TheRegister
April 29th, 2025 (15 days ago)
SentinelOne Uncovers Chinese Espionage Campaign Targeting Its Infrastructure and Clients
Description: Cybersecurity company SentinelOne has revealed that a China-nexus threat cluster dubbed PurpleHaze conducted reconnaissance attempts against its infrastructure and some of its high-value customers. "We first became aware of this threat cluster during a 2024 intrusion conducted against an organization previously providing hardware logistics services for SentinelOne employees," security
Source: TheHackerNews
April 29th, 2025 (15 days ago)
Windows Backdoor Targets Members of Exiled Uyghur Community
Description: A spear-phishing campaign sent Trojanized versions of legitimate word-processing software to members of the World Uyghur Congress as part of China's continued cyber-espionage activity against the ethnic minority.
Source: Dark Reading
April 29th, 2025 (15 days ago)