Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Backdoor found in two healthcare patient monitors, linked to IP in China
Description: The US Cybersecurity and Infrastructure Security Agency (CISA) is warning that Contec CMS8000 devices, a widely used healthcare patient monitoring device, include a backdoor that quietly sends patient data to a remote IP address and downloads and executes files on the device. [...]
Source: BleepingComputer
January 30th, 2025 (3 months ago)
Google: Over 57 Nation-State Threat Groups Using AI for Cyber Operations
Description: Over 57 distinct threat actors with ties to China, Iran, North Korea, and Russia have been observed using artificial intelligence (AI) technology powered by Google to further enable their malicious cyber and information operations. "Threat actors are experimenting with Gemini to enable their operations, finding productivity gains but not yet developing novel capabilities," Google Threat
Source: TheHackerNews
January 30th, 2025 (3 months ago)
Anthropic CEO Says Limiting China’s Access to AI Chips Is 'Existentially Important'
Description: Dario Amodei argues we must limit China’s access to AI chips so we can live under all powerful American-owned AI as opposed to all powerful Chinese-owned AI.
Source: 404 Media
January 29th, 2025 (3 months ago)
Written by: Nino Isakovic
Description: Written by: Nino Isakovic Introduction Since 2022, Google Threat Intelligence Group (GTIG) has been tracking multiple cyber espionage operations conducted by China-nexus actors utilizing POISONPLUG.SHADOW. These operations employ a custom obfuscating compiler that we refer to as "ScatterBrain," facilitating attacks against various entities across Europe and the Asia Pacific (APAC) region. ScatterBrain appears to be a substantial evolution of ScatterBee, an obfuscating compiler previously analyzed by PWC. GTIG assesses that POISONPLUG is an advanced modular backdoor used by multiple distinct, but likely related threat groups based in the PRC, however we assess that POISONPLUG.SHADOW usage appears to be further restricted to clusters associated with APT41. GTIG currently tracks three known POISONPLUG variants: POISONPLUG POISONPLUG.DEED POISONPLUG.SHADOW POISONPLUG.SHADOW—often referred to as "Shadowpad," a malware family name first introduced by Kaspersky—stands out due to its use of a custom obfuscating compiler specifically designed to evade detection and analysis. Its complexity is compounded by not only the extensive obfuscation mechanisms employed but also by the attackers' highly sophisticated threat tactics. These elements collectively make analysis exceptionally challenging and complicate efforts to identify, understand, and mitigate the associate...
Source: Google Threat Intelligence
January 28th, 2025 (3 months ago)

CVE-2024-56953
An issue in Baidu (China) Co Ltd Baidu Input Method (iOS version) v12.6.13 allows attackers to access user information via supplying a crafted link.
Description: An issue in Baidu (China) Co Ltd Baidu Input Method (iOS version) v12.6.13 allows attackers to access user information via supplying a crafted link.

EPSS Score: 0.06%

Source: CVE
January 28th, 2025 (3 months ago)
China and friends claim success in push to stamp out tech support cyber-scam slave camps
Source: TheRegister
January 24th, 2025 (3 months ago)
War Game Pits China Against Taiwan in All-Out Cyberwar
Description: At Black Hat and DEF CON, cybersecurity experts were asked to game out how Taiwan could protect its communications and power infrastructure in case of invasion by China.
Source: Dark Reading
January 24th, 2025 (3 months ago)
IPany VPN Breached by Hackers Planting Backdoor on Installer
Description: A China-aligned APT group dubbed PlushDaemon has executed a supply-chain attack on IPany, a South Korean VPN provider, by embedding a sophisticated backdoor named SlowStepper into its installer. According to ESET researchers, the attack, which began in late 2023, targeted users across South Korea, Japan, and China, with particular focus on industries like semiconductors and … The post IPany VPN Breached by Hackers Planting Backdoor on Installer appeared first on CyberInsider.
Source: CyberInsider
January 22nd, 2025 (3 months ago)
IPany VPN breached in supply-chain attack to push custom malware
Description: South Korean VPN provider IPany was breached in a supply chain attack by the "PlushDaemon" China-aligned hacking group, who compromised the company's VPN installer to deploy the custom 'SlowStepper' malware. [...]
Source: BleepingComputer
January 22nd, 2025 (3 months ago)
PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack
Description: A previously undocumented China-aligned advanced persistent threat (APT) group named PlushDaemon has been linked to a supply chain attack targeting a South Korean virtual private network (VPN) provider in 2023, according to new findings from ESET. "The attackers replaced the legitimate installer with one that also deployed the group's signature implant that we have named SlowStepper – a
Source: TheHackerNews
January 22nd, 2025 (3 months ago)