Nation-State & APT

CISA Adds Google Dawn CVE to KEV as North Korean APT UNC1069 Claims Axios Supply Chain Attack

CISA confirmed active exploitation of a use-after-free vulnerability in Google Dawn by adding it to the KEV catalog. Meanwhile, Google attributed the recent Axios npm supply chain compromise to North Korean threat group UNC1069, while ransomware operators continue targeting critical infrastructure including water treatment facilities.

Apr 2, 2026Security Affairs, The Record

cisa-kevgoogle-dawnnorth-korea

🇺🇸Google

criticalNation-State & APT

Critical Infrastructure Under Fire: Romanian Attacks, Citrix Zero-Day, and Ransomware Evolution

Romanian government institutions are under sustained cyber attack with thousands of daily attempts, while CISA has issued emergency patching orders for a critical Citrix NetScaler vulnerability. Meanwhile, supply chain attacks are targeting AI development tools and ransomware operators are evolving their data monetization strategies.

Apr 1, 2026Security Affairs, The Record

romaniacitrixnetscaler

criticalNation-State & APT

Critical Infrastructure Under Fire: Fortinet RCE, Russian iOS Exploits, and NetScaler Memory Leaks

Threat actors are actively exploiting critical vulnerabilities across multiple enterprise platforms this week. A Fortinet FortiClient EMS SQL injection flaw enables remote code execution, while Russian APT TA446 deploys iOS exploit kits against iPhone users.

Mar 30, 2026Security Affairs

fortinetrussiaapt

🇷🇺Star Blizzard

highNation-State & APT

Nation-State Roundup: Iran-linked Handala Targets FBI Director, ShinyHunters Breaches EU Commission, Apple Warns of Active Web Exploits

Iran-linked threat actor Handala reportedly compromised FBI Director Kash Patel's systems while ShinyHunters claims to have breached the European Commission's mail servers. Apple is simultaneously warning users of active web-based exploits targeting unpatched iOS devices.

Mar 29, 2026Security Affairs

iran-apthandalashinyhunters

🏴ShinyHunters

🇺🇸Apple

criticalNation-State & APT

Nation-State Intelligence Roundup: Russian Disinformation Targets Baltics, Critical PTC Vulnerability Emerges

CISA warns of a critical unpatched vulnerability in PTC Windchill and FlexPLM software with maximum CVSS score. Russian disinformation campaigns target Baltic states with false drone allegations while adversaries expand phishing operations against TikTok Business accounts.

Mar 28, 2026Security Affairs, The Record

nation-stateaptdisinformation

🇦🇪Telegram🇨🇳TikTok🇺🇸Google

mediumNation-State & APT

Nation-States Weaponize Compromised IP Cameras for Cross-Border Surveillance

Nation-state actors are increasingly leveraging compromised IP cameras for cross-border surveillance operations. Organizations should implement network segmentation, regular firmware updates, and monitoring to defend against this persistent threat vector.

Mar 28, 2026Dark Reading

ip-camerasnation-statesurveillance

highNation-State & APT

Red Menshen APT Deploys Enhanced BPFdoor Malware Against Global Telecommunications Infrastructure

Chinese APT group Red Menshen has enhanced its BPFdoor malware with sophisticated evasion capabilities specifically targeting global telecommunications infrastructure. The upgraded malware defeats traditional cybersecurity protections, leaving telecommunications providers with limited defensive options beyond active threat hunting.

Mar 28, 2026Dark Reading

red-menshenbpfdoortelecommunications

criticalNation-State & APT

Nation-State Roundup: CISA KEV Addition, APT Clusters Target Southeast Asia, and RedLine Developer Extradited

CISA flagged a critical Aquasecurity Trivy vulnerability as actively exploited, while Palo Alto Unit 42 uncovered coordinated espionage operations targeting Southeast Asian government systems. Meanwhile, a RedLine malware developer faces extradition to the US.

Mar 27, 2026Security Affairs, The Record, Palo Alto Unit 42

cisa-kevapt-groupssoutheast-asia

🇺🇸Snap Inc🇺🇸Apple

highNation-State & APT

Week in Review: Russian Botnet Conviction, Critical Router Flaws, and Infrastructure Attacks

A Russian national received 24 months in prison for operating botnets used in ransomware attacks against U.S. companies. Meanwhile, active ransomware campaigns disrupted operations at Spain's Port of Vigo and Puerto Rico's driver licensing agency, while TP-Link patched critical authentication bypass flaws in enterprise routers.

Mar 26, 2026Security Affairs, The Record

russian-cybercrimebotnetinfrastructure-attacks

🇨🇳TP-Link

highNation-State & APT

Nation-State Activity Roundup: Iranian Actors Hit Stryker, Dutch Finance Ministry Breached, Critical NetScaler Flaw

Iranian threat actors allegedly conducted destructive attacks against medical device firm Stryker, wiping over 200,000 devices and forcing production shutdowns. Meanwhile, the Dutch Ministry of Finance disclosed a cyberattack affecting employee data, and critical vulnerabilities emerged in Citrix NetScaler systems.

Mar 25, 2026Security Affairs, The Record, Palo Alto Unit 42

nation-stateaptiran

🏴Lapsus$

highNation-State & APT

APT Activity Roundup: Iran-Linked Energy Targeting, Major DeFi Breach, and Critical Infrastructure Vulnerabilities

Iranian threat actors are actively targeting Middle East energy infrastructure while QNAP addressed critical SD-WAN vulnerabilities demonstrated at Pwn2Own Ireland 2025. A major DeFi platform breach resulted in $24.5 million stolen, and education company Kaplan disclosed a breach affecting over 230,000 individuals.

Mar 24, 2026Security Affairs, The Record, Palo Alto Unit 42

iran-aptenergy-sectordefi-breach

🇺🇸Google

criticalNation-State & APT

Nation-State Activity Roundup: Oracle Critical RCE, North Korean IT Worker Infiltration, Dark Web Takedown

Oracle released emergency patches for a critical unauthenticated RCE vulnerability in Identity Manager (CVE-2026-21992, CVSS 9.8). Meanwhile, a US soldier received sentencing for helping North Korean IT workers infiltrate companies using stolen identities, highlighting ongoing DPRK revenue generation tactics.

Mar 23, 2026Security Affairs, The Record

oraclercenorth-korea

🇺🇸Oracle Data Cloud