BRICKSTORM Backdoor Targeting Tech and Legal Sectors, Google and Mandiant Warn
TL;DR Google Threat Intelligence Group and Mandiant report renewed BRICKSTORM backdoor activity used to maintain long-term access in U.S. organizations,…
UNC6040 vishing attacks: Proactive hardening and detection for SaaS
TL;DR Google Threat Intelligence Group profiles UNC6040 as a financially motivated cluster using voice phishing to trick employees into granting…
Oracle E-Business Suite Zero-Day Used in Large-Scale Extortion Campaign
TL;DR Google Threat Intelligence Group and Mandiant tracked a mass extortion campaign beginning Sept. 29, 2025, in which an actor…
North Korea’s UNC5342 Uses EtherHiding to Deliver Malware via Blockchains
TL;DR Google Threat Intelligence Group reports that the DPRK-linked threat cluster UNC5342 has been using EtherHiding since February 2025 to…
UNC5142 Abuses BNB Smart Chain and EtherHiding to Spread Infostealers
TL;DR Mandiant Threat Defense and Google Threat Intelligence Group have tracked UNC5142 since late 2023; the financially motivated group compromises…
New ROBOT Malware Family Linked to Russian State-Sponsored COLDRIVER
TL;DR Google's Threat Intelligence Group links a set of new malware families to Russian state-sponsored actor COLDRIVER after the public…
Pro-Russia Influence Networks Exploit September Drone Incursion into Poland
TL;DR Google Threat Intelligence Group (GTIG) observed multiple pro‑Russia information operation (IO) actors amplifying narratives after reported Russian drone incursions…
GTIG AI Threat Tracker: Threat Actors Deploy AI-Enabled Malware in 2025
TL;DR Google’s Threat Intelligence Group reports a shift from using AI for productivity to embedding LLMs inside malware, including dropper…
Triofox Vulnerability CVE-2025-12480: Unauthenticated Host-Header Bypass Enables RCE
TL;DR Mandiant reported exploitation of an unauthenticated access flaw in Gladinet’s Triofox (CVE-2025-12480) that allowed attackers to bypass authentication, create…