Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
China’s FamousSparrow flies back into action, breaches US org after years off the radar
Source: TheRegister
March 27th, 2025 (21 days ago)
Chinese FamousSparrow hackers deploy upgraded malware in attacks
Description: A China-linked cyberespionage group known as 'FamousSparrow' was observed using a new modular version of its signature backdoor 'SparrowDoor' against a US-based trade organization. [...]
Source: BleepingComputer
March 27th, 2025 (21 days ago)
'Lucid' Phishing-as-a-Service Exploits Faults in iMessage, Android RCS
Description: Cybercriminals in China have figured out how to undermine the strengths of mobile messaging protocols.
Source: Dark Reading
March 26th, 2025 (22 days ago)

CVE-2025-2716
China Mobile P22g-CIac Samba Path path traversal
Description: A vulnerability classified as problematic was found in China Mobile P22g-CIac 1.0.00.488. This vulnerability affects unknown code of the component Samba Path Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. In China Mobile P22g-CIac 1.0.00.488 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalität der Komponente Samba Path Handler. Durch das Manipulieren mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (5.1)

EPSS Score: 0.07%

Source: CVE
March 25th, 2025 (24 days ago)
China-Nexus APT 'Weaver Ant' Caught in Yearslong Web Shell Attack
Description: The persistent threat actor was caught using sophisticated Web shell techniques against an unnamed telecommunications company in Asia.
Source: Dark Reading
March 24th, 2025 (24 days ago)
Chinese Weaver Ant hackers spied on telco network for 4 years
Description: A China-linked advanced threat group named Weaver Ant spent more than four years in the network of a telecommunications services provider, hiding traffic and infrastructure with the help of compromised Zyxel CPE routers.  [...]
Source: BleepingComputer
March 24th, 2025 (24 days ago)
US Weakens Disinformation Defenses, as Russia & China Ramp Up
Description: Russia and China spend billions of dollars on state media, propaganda, and disinformation, while the Trump administration has slashed funding for US agencies.
Source: Dark Reading
March 24th, 2025 (24 days ago)
China bans compulsory facial recognition and its use in private spaces like hotel rooms
Source: TheRegister
March 23rd, 2025 (25 days ago)
China-Linked APT Aquatic Panda: 10-Month Campaign, 7 Global Targets, 5 Malware Families
Description: The China-linked advanced persistent threat (APT) group. known as Aquatic Panda has been linked to a "global espionage campaign" that took place in 2022 targeting seven organizations. These entities include governments, catholic charities, non-governmental organizations (NGOs), and think tanks across Taiwan, Hungary, Turkey, Thailand, France, and the United States. The activity, which took place
Source: TheHackerNews
March 21st, 2025 (27 days ago)
New Windows zero-day exploited by 11 state hacking groups since 2017
Description: At least 11 state-backed hacking groups from North Korea, Iran, Russia, and China have been exploiting a new Windows vulnerability in data theft and cyber espionage zero-day attacks since 2017. [...]
Source: BleepingComputer
March 18th, 2025 (about 1 month ago)