Chinese APTs and their parent MSS bureau

The Many Arms of the MSS: Why Provincial Bureaus Matter in China’s Cyber Operations

Provincial bureaus of the Chinese Ministry of State Security likely operate with their own tasking priorities, resources, and local ecosystems for ...

The ForumTroll cyber-espionage group has targeted political experts and scholars working at major Russian universities and research institutions This is the group that deployed Memento Labs' (HackingTeam) Dante spyware earlier this year via Chrome zero-days

Securelist

A new campaign by the ForumTroll APT group

Kaspersky's GReAT experts have uncovered a new wave of cyberattacks by the ForumTroll APT group, targeting Russian political scientists and de...

SafeBreach has uncovered new operations from an Iranian hacking group tracked as Prince of Persia and Infy, which it was believed to have ceased activity back in 2022

SafeBreach

Unmasking the Evolving Iranian Prince of Persia | SafeBreach

New research unmasks the evolving Iranian

The RansomHouse ransomware group is now using two keys to encrypt files

Unit 42

From Linear to Complex: An Upgrade in RansomHouse Encryption

Operators behind RansomHouse, a ransomware-as-a-service (RaaS) group, have upgraded their encryption methods from single-phase to complex and layered.

DataDog has launched pathfinding.cloud, a database of IAM permissions and permission sets that allow privilege escalation in AWS.

pathfinding.cloud - Understand, Detect & Demonstrate AWS IAM Privilege Escalation

Library of AWS IAM privilege escalation paths

The DomainTools security team looks at recent APT35 leaks showing how the group operates with extreme government oversight and bureaucracy, rather than a group of loose canon hackers

DomainTools Investigations | DTI

The APT35 Dump Episode 4: Leaking The Backstage Pass To An Iranian Intelligence Operation - DomainTools Investigations | DTI

APT35/Charming Kitten's leaked documents expose the financial machinery behind state-sponsored hacking. Learn how bureaucracy, crypto micro-pa...

A Latvian crew member was detained for installing a RAT on an Italian ferry:

Bluesky Social

David Shipley (@davidshipley.bsky.social)

Don’t see this everyday. @patrick.risky.biz https://www.france24.com/en/live-news/20251217-france-probes-foreign-interference-after-malware-found...

Google's Wiz division has awarded $320,000 to security researchers for 11 exploits used during the ZeroDay Cloud hacking contest last week

wiz.io

Zero‑Days in the Age of AI: Behind the Scenes of ZeroDay.cloud 2025, with a Record High of CVEs in Critical Cloud Infra | Wiz Blog

ZDC awarded hackers $320,000 and uncovered a record‑breaking tally of critical CVEs for core cloud infrastructure, underscoring the scale and urg...

French authorities said they arrested the man who hacked their Ministry of Interior email servers. He's a known hacker who was already convicted this year. Anyone has any ideas who this could be?

RFI

French police arrest suspect over interior ministry cyber attack

French authorities have detained a 22-year-old man over a cyberattack on the email servers of the French interior ministry that compromised files...

Sweet... a SonicWall zero-day to go with that Cisco zero-day right before your Xmas holiday

Security Advisory