Chinese hackers install backdoors via Cisco email zero-day

Two groups linked to China are exploiting a newly discovered vulnerability in Cisco's email security products. The campaign involves zero-day attacks, highlighting ongoing cybersecurity risks. The issue was reported on December 19, 2025.

January 08, 2026 由 AI 报道

Cisco Talos has reported a China-linked threat actor known as UAT-7290 that has been spying on telecommunications companies since 2022. The group uses Linux malware, exploits on edge devices, and ORB infrastructure to maintain access to targeted networks.

Ongoing exploitation of the React2Shell vulnerability (CVE-2025-55182)—previously detailed in coverage of China-nexus and cybercriminal campaigns—now includes widespread Linux backdoor installations, arbitrary command execution, and large-scale theft of cloud credentials.

November 05, 2025 由 AI 报道

Pro-Russian hackers known as Curly COMrades are exploiting Microsoft's Hyper-V technology to embed lightweight Alpine Linux virtual machines within compromised Windows systems. This tactic allows them to run custom malware like CurlyShell and CurlCat undetected by traditional endpoint detection tools. The campaign, uncovered by Bitdefender in collaboration with the Georgian CERT, targets organizations in Europe and beyond.

Security researchers, first reporting via TechRadar in December 2025, warn WhatsApp's 3 billion users of GhostPairing—a technique tricking victims into linking attackers' browsers to their accounts, enabling full access without breaching passwords or end-to-end encryption.

December 11, 2025 由 AI 报道

2025年，菲律宾的网络威胁仍坚持使用钓鱼和勒索软件等传统方法，未出现新形式。然而，人工智能放大了这些攻击的数量和规模，导致“网络犯罪的工业化”。多家网络安全公司的报告强调了事件速度、规模和频率的增加。