Chinese hackers install backdoors via Cisco email zero-day

Two groups linked to China are exploiting a newly discovered vulnerability in Cisco's email security products. The campaign involves zero-day attacks, highlighting ongoing cybersecurity risks. The issue was reported on December 19, 2025.

2026년 01월 08일 AI에 의해 보고됨

Cisco Talos has reported a China-linked threat actor known as UAT-7290 that has been spying on telecommunications companies since 2022. The group uses Linux malware, exploits on edge devices, and ORB infrastructure to maintain access to targeted networks.

Ongoing exploitation of the React2Shell vulnerability (CVE-2025-55182)—previously detailed in coverage of China-nexus and cybercriminal campaigns—now includes widespread Linux backdoor installations, arbitrary command execution, and large-scale theft of cloud credentials.

2025년 11월 05일 AI에 의해 보고됨

Pro-Russian hackers known as Curly COMrades are exploiting Microsoft's Hyper-V technology to embed lightweight Alpine Linux virtual machines within compromised Windows systems. This tactic allows them to run custom malware like CurlyShell and CurlCat undetected by traditional endpoint detection tools. The campaign, uncovered by Bitdefender in collaboration with the Georgian CERT, targets organizations in Europe and beyond.

Security researchers, first reporting via TechRadar in December 2025, warn WhatsApp's 3 billion users of GhostPairing—a technique tricking victims into linking attackers' browsers to their accounts, enabling full access without breaching passwords or end-to-end encryption.

2025년 12월 11일 AI에 의해 보고됨

2025년 필리핀의 사이버 위협은 피싱과 랜섬웨어 같은 전통적 방법에 머물렀으며 새로운 형태는 등장하지 않았다. 그러나 인공지능이 이러한 공격의 양과 규모를 증폭시켜 '사이버 범죄의 산업화'를 초래했다. 여러 사이버 보안 업체의 보고서는 사건의 속도, 규모, 빈도의 증가를 강조한다.