North Korea’s UNC5342 Uses EtherHiding to Deliver Malware via Blockchains
TL;DR Google Threat Intelligence Group reports that the DPRK-linked threat cluster UNC5342 has been using EtherHiding since February 2025 to…
UNC5142 Abuses BNB Smart Chain and EtherHiding to Spread Infostealers
TL;DR Mandiant Threat Defense and Google Threat Intelligence Group have tracked UNC5142 since late 2023; the financially motivated group compromises…
New ROBOT Malware Family Linked to Russian State-Sponsored COLDRIVER
TL;DR Google's Threat Intelligence Group links a set of new malware families to Russian state-sponsored actor COLDRIVER after the public…
Pro-Russia Influence Networks Exploit September Drone Incursion into Poland
TL;DR Google Threat Intelligence Group (GTIG) observed multiple pro‑Russia information operation (IO) actors amplifying narratives after reported Russian drone incursions…
GTIG AI Threat Tracker: Threat Actors Deploy AI-Enabled Malware in 2025
TL;DR Google’s Threat Intelligence Group reports a shift from using AI for productivity to embedding LLMs inside malware, including dropper…
Triofox Vulnerability CVE-2025-12480: Unauthenticated Host-Header Bypass Enables RCE
TL;DR Mandiant reported exploitation of an unauthenticated access flaw in Gladinet’s Triofox (CVE-2025-12480) that allowed attackers to bypass authentication, create…
UNC1549 exploits third-party access, VDI breakouts and custom malware
TL;DR Mandiant's follow-up analysis details UNC1549 campaigns from late 2023 through 2025 targeting aerospace, aviation and defense sectors using supplier…
Beyond the Watering Hole — APT24 Shifts to Multi-Vector Espionage Attacks
TL;DR Google's Threat Intelligence Group is tracking a three-year campaign by APT24, a PRC-nexus actor, that uses a custom, heavily…
Sanctioned Intellexa Continues to Deploy Multiple Mobile Zero-Day Exploits
TL;DR Google's Threat Intelligence Group reports that Intellexa, despite US sanctions, remains an active commercial spyware vendor exploiting numerous mobile…