All Malware Data Breach Privacy APT Vulnerability General
Mandiant Malware

Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors

Written by: Sarah Yoder, John Wolfram, Ashley Pearson, Doug Bienstock, Josh Madeley, Josh Murchie, Brad Slaybaugh, Matt Lin, Geoff Carstairs, Austin Larsen Introduction Google Threat Intelligence Group (GTIG) is tracking BRICKSTORM malware activity, which is being used to mainta

Mandiant Vulnerability

Cybercrime Observations from the Frontlines: UNC6040 Proactive Hardening Recommendations

Written by: Omar ElAhdan, Matthew McWhirt, Michael Rudden, Aswad Robinson, Bhavesh Dhake, Laith Al, Ravi Kumar Raja Update (Nov. 21): In response to the Salesforce advisory related to Gainsight applications, this blog post has been updated to include comprehensive hardening, log

Mandiant APT

Oracle E-Business Suite Zero-Day Exploited in Widespread Extortion Campaign

Written by: Peter Ukhanov, Genevieve Stark, Zander Work, Ashley Pearson, Josh Murchie, Austin Larsen Update (Oct. 11): On Oct. 11, Oracle released another patch, addressing CVE-2025-61884. Introduction Beginning Sept. 29, 2025, Google Threat Intelligence Group (GTIG) and Mandian

Mandiant Malware

New Group on the Block: UNC5142 Leverages EtherHiding to Distribute Malware

Written by: Mark Magee, Jose Hernandez, Bavi Sadayappan, Jessa Valdez Since late 2023, Mandiant Threat Defense and Google Threat Intelligence Group (GTIG) have tracked UNC5142, a financially motivated threat actor that abuses the blockchain to facilitate the distribution of info

Mandiant Malware

DPRK Adopts EtherHiding: Nation-State Malware Hiding on Blockchains

Written by: Blas Kojusner, Robert Wallace, Joseph Dobson Google Threat Intelligence Group (GTIG) has observed the North Korea (DPRK) threat actor UNC5342 using ‘EtherHiding’ to deliver malware and facilitate cryptocurrency theft, the first time GTIG has observed a nation-state a

Mandiant Malware

To Be (A Robot) or Not to Be: New Malware Attributed to Russia State-Sponsored COLDRIVER

Written by: Wesley Shields Introduction  COLDRIVER, a Russian state-sponsored threat group known for targeting high profile individuals in NGOs, policy advisors and dissidents, swiftly shifted operations after the May 2025 public disclosure of its LOSTKEYS malware, operationaliz

Mandiant General

Pro-Russia Information Operations Leverage Russian Drone Incursions into Polish Airspace

Written by: Alden Wahlstrom, David Mainor Introduction  Google Threat Intelligence Group (GTIG) observed multiple instances of pro-Russia information operations (IO) actors promoting narratives related to the reported incursion of Russian drones into Polish airspace that occurre

Mandiant Malware

Help Wanted: Vietnamese Actors Using Fake Job Posting Campaigns to Deliver Malware and Steal Credentials

Google Threat Intelligence Group (GTIG) is tracking a cluster of financially motivated threat actors operating from Vietnam that leverages fake job postings on legitimate platforms to target individuals in the digital advertising and marketing sectors. The actor effectively uses

Mandiant General

Keys to the Kingdom: A Defender's Guide to Privileged Account Monitoring

Written by: Bhavesh Dhake, Will Silverstone, Matthew Hitchcock, Aaron Fletcher The Criticality of Privileged Access in Today's Threat Landscape Privileged access stands as the most critical pathway for adversaries seeking to compromise sensitive systems and data. Its protection

Mandiant General

Preparing for Threats to Come: Cybersecurity Forecast 2026

Every November, we make it our mission to equip organizations with the knowledge needed to stay ahead of threats we anticipate in the coming year. The Cybersecurity Forecast 2026 report, released today, provides comprehensive insights to help security leaders and teams prepare fo

Mandiant APT

GTIG AI Threat Tracker: Advances in Threat Actor Usage of AI Tools

Executive Summary Based on recent analysis of the broader threat landscape, Google Threat Intelligence Group (GTIG) has identified a shift that occurred within the last year: adversaries are no longer leveraging artificial intelligence (AI) just for productivity gains, they are d

Mandiant Vulnerability

No Place Like Localhost: Unauthenticated Remote Access via Triofox Vulnerability CVE-2025-12480

Written by: Stallone D'Souza, Praveeth DSouza, Bill Glynn, Kevin O'Flynn, Yash Gupta Welcome to the Frontline Bulletin Series Straight from Mandiant Threat Defense, the "Frontline Bulletin" series brings you the latest on the threats we are seeing in the wild right now, equippin

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33