Chinese hackers install backdoors via Cisco email zero-day

Two groups linked to China are exploiting a newly discovered vulnerability in Cisco's email security products. The campaign involves zero-day attacks, highlighting ongoing cybersecurity risks. The issue was reported on December 19, 2025.

January 08, 2026 An Ruwaito ta hanyar AI

Cisco Talos has reported a China-linked threat actor known as UAT-7290 that has been spying on telecommunications companies since 2022. The group uses Linux malware, exploits on edge devices, and ORB infrastructure to maintain access to targeted networks.

Ongoing exploitation of the React2Shell vulnerability (CVE-2025-55182)—previously detailed in coverage of China-nexus and cybercriminal campaigns—now includes widespread Linux backdoor installations, arbitrary command execution, and large-scale theft of cloud credentials.

November 05, 2025 An Ruwaito ta hanyar AI

Pro-Russian hackers known as Curly COMrades are exploiting Microsoft's Hyper-V technology to embed lightweight Alpine Linux virtual machines within compromised Windows systems. This tactic allows them to run custom malware like CurlyShell and CurlCat undetected by traditional endpoint detection tools. The campaign, uncovered by Bitdefender in collaboration with the Georgian CERT, targets organizations in Europe and beyond.

Security researchers, first reporting via TechRadar in December 2025, warn WhatsApp's 3 billion users of GhostPairing—a technique tricking victims into linking attackers' browsers to their accounts, enabling full access without breaching passwords or end-to-end encryption.

December 11, 2025 An Ruwaito ta hanyar AI

In 2025, cyber threats in the Philippines stuck to traditional methods like phishing and ransomware, without new forms emerging. However, artificial intelligence amplified the volume and scale of these attacks, leading to an 'industrialization of cybercrime'. Reports from various cybersecurity firms highlight increases in speed, scale, and frequency of incidents.