seen from Ukraine
seen from United States
seen from United States
seen from United States
seen from China
seen from China
seen from Argentina
seen from United Arab Emirates
seen from United States
seen from United Kingdom
seen from Germany
seen from Germany
seen from Netherlands
seen from Kazakhstan
seen from Germany
seen from United States
seen from Italy
seen from Germany
seen from Israel
seen from Yemen
Fancy Bear Exploits Microsoft Office Flaw in Ukraine and EU
Russian-linked Fancy Bear actively exploits CVE-2026-21509 in Microsoft Office documents to bypass security controls and deploy malware across Ukrainian and EU organisations.
Source: Infosecurity Magazine
Read more: CyberSecBrief
Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.
Free to watch • No registration required • HD streaming
VPNFILTER Woven Throw by Glitch Textiles
https://www.open-vault.com/aptvol1/vpnfilter The design is made by visualizing a section of code from the VPNFILTER advanced multi-stage modular malware created by the APT28 threat actor. VPNFILTER is advanced, state-sponsored malware that targets internet connected routers and networked storage devices common in small office and home networks. It was developed by an Advanced Persistent Threat (APT). APTs are highly skilled and well resources hacking groups that focus on selective targets for a sustained period of time.
Produced by @glitchtextiles for @_openvault's cyber weapons retail pop-up located at 325 Canal St., NYC
https://open-vault-on-canal.eventbrite.com
A malware framework that’s already infected hundreds of thousands of routers across the globe appears to be even more dangerous than originally thought, according to new findings by Cisco’s internal cybersecurity unit Talos. The latest results show that the malware, “VPNFilter,” affects a wider array of devices, including more than 11 different hardware vendors, and carries several previously unknown infection capabilities, such as the potential to manipulate internet traffic on the end device in novel ways.
“They’re not trying to gather as much traffic as they can. They’re after certain very small things like credentials and passwords“, Craig Williams
Current U.S. officials and other experts have linked VPNFilter to a hacking group known as APT28, also called “Fancy Bear.” This entity is widely associated with Russia’s Main Intelligence Directorate (GRU) and has been blamed for breaching the Democratic National Committee in 2016.
Court documents suggested last week that Russia had been involved in VPNFilter.
Simply put, VPNFilter is dangerous because it offers the attacker the ability to both destroy data, rendering the device unusable, and covertly spy on specific targets. With Wednesday’s findings, perhaps the most unsettling new capability discovered by Talos is that VPNFilter can also execute a man-in-the-middle attack on incoming Web traffic that passes through infected routers; giving APT28 an avenue to inject malware into legitimate web applications.
“Initially when we saw this we thought it was primarily made for offensive capabilities like routing attacks around the Internet,” Craig Williams, a senior technology leader and global outreach manager at Talos, told Ars Technica reporter Dan Goodin. “But it appears [attackers] have completely evolved past that, and now not only does it allow them to do that, but they can manipulate everything going through the compromised device. They can modify your bank account balance so that it looks normal while at the same time they’re siphoning off money and potentially PGP keys and things like that. They can manipulate everything going in and out of the device.”
“They’re looking for very specific things,” Williams said. "They’re not trying to gather as much traffic as they can. They’re after certain very small things like credentials and passwords. We don’t have a lot of intel on that other than it seems incredibly targeted and incredibly sophisticated. We’re still trying to figure out who they were using that on.”
From Ars Technica
To bypass TLS encryption that’s designed to prevent such attacks, ssler actively tries to downgrade HTTPS connections to plaintext HTTP traffic. It then changes request headers to signal that the end point isn’t capable of using encrypted connections.
Worth remembering just how big nation state cyber efforts actually are. The focus has been squarely on APT28s DNC related hacks (actually hundreds of individuals and organizations); but simultaneously they deployed an attack against Ukrainian military forces, multiple Asian countries, the WADA hack, maintaining at least one attribution front, developing and updating their core toolchain (although it is more of a migration and cleanup than a redevelopment... they’re clearly sticking with what they know rather than electing for procurement process pain)
The competition between RIS agencies is well documented, but this report suggests internal competition between divisions/units. That’s interesting. Either there is internal politics, or the group is extremely decentralized. Most probably its political jockeying though.
Good to remember just how big a nation state hacking crew really is, and how many objectives and campaigns it can maintain simultaneously. This is a good metric. You can guess budget, team size, and so on from this sort of data.
APT28 Weaponises Microsoft Office in Operation Neusploit
APT28 exploited CVE-2026-21509 in Microsoft Office, deploying Outlook-stealing macros and in-memory loaders to gain persistent access across targeted networks.
Source: Zscaler ThreatLabz
Read more: CyberSecBrief
Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.
Free to watch • No registration required • HD streaming
APT28 hackers exploit Signal chats to deploy new malware in Ukraine
Russian-backed threat actors are leveraging Signal messages to deliver sophisticated malware targeting Ukrainian government systems, highlighting growing risks in encrypted communication platforms.
Alerta en Windows: Un parche incompleto permite ataques "Zero-Click"
Una falla en la actualización de seguridad de Microsoft ha dejado una puerta abierta para que hackers vinculados a Rusia ejecuten ataques sin necesidad de interacción del usuario, poniendo en riesgo datos sensibles en toda Europa (Fuente Akamai). La seguridad de Windows se enfrenta a una crisis de confianza tras el descubrimiento de un parche defectuoso. Según un informe de Akamai, una…
The infrastructure was already inside the network long before most users realized anything had changed. It wasn’t loud, it didn’t crash syst
