china
Malicious extensions in Chrome Web store steal user credentials
Two Chrome extensions in the Web Store named ‘Phantom Shuttle’ are posing as plugins for a proxy service to hijack user traffic and steal sensitive data. Both extensions are still present in Chrome’s official marketplace at the time of writing and have been active since at least 2017, according to a report from researchers at the […]
Cisco warns of unpatched AsyncOS zero-day exploited in attacks
Cisco warned customers today of an unpatched, maximum-severity Cisco AsyncOS zero-day actively exploited in attacks targeting Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances. This yet-to-be-patched zero-day (CVE-2025-20393) affects only Cisco SEG and Cisco SEWM appliances with non-standard configurations, when the Spam Quarantine feature is enabled and exposed on the Internet. […]
Google links more Chinese hacking groups to React2Shell attacks
Over the weekend, Google’s threat intelligence team linked five more Chinese hacking groups to attacks exploiting the maximum-severity “React2Shell” remote code execution vulnerability. Tracked as CVE-2025-55182, this actively exploited flaw affects the React open-source JavaScript library and allows unauthenticated attackers to execute arbitrary code in React and Next.js applications with a single HTTP request. While multiple […]
Critical React2Shell flaw actively exploited in China-linked attacks
Multiple China-linked threat actors began exploiting the React2Shell vulnerability (CVE-2025-55182) affecting React and Next.js just hours after the max-severity issue was disclosed. React2Shell is an insecure deserialization vulnerability in the React Server Components (RSC) ‘Flight’ protocol. Exploiting it does not require authentication and allows remote execution of JavaScript code in the server’s context. For the Next.js framework, […]
Google exposes BadAudio malware used in APT24 espionage campaigns
China-linked APT24 hackers have been using a previously undocumented malware called BadAudio in a three-year espionage campaign that recently switched to more sophisticated attack methods. Since 2022, the malware has been delivered to victims through multiple methods that include spearphishing, supply-chain compromise, and watering hole attacks. Campaign evolution From November 2022 until at least September 2025, APT24 […]
‘PlushDaemon’ hackers hijack software updates in supply-chain attacks
A China-linked threat actor tracked as ‘PlushDaemon’ is hijacking software update traffic using a new implant called EdgeStepper in cyberespionage operations. Since 2018, PlushDaemon hackers have targeted individuals and organizations in the United States, China, Taiwan, Hong Kong, South Korea, and New Zealand with custom malware, such as the SlowStepper backdoor. PlushDaemon has compromised electronics manufacturers, universities, […]
Anthropic claims of Claude AI-automated cyberattacks met with doubt
Anthropic reports that a Chinese state-sponsored threat group, tracked as GTG-1002, carried out a cyber-espionage operation that was largely automated through the abuse of the company’s Claude Code AI model. However, Anthropic’s claims immediately sparked widespread skepticism, with security researchers and AI practitioners calling the report “made up” or the company of overstating the incident. “I […]
US announces new strike force targeting Chinese crypto scammers
U.S. federal authorities have established a new task force to disrupt Chinese cryptocurrency scam networks that defraud Americans of nearly $10 billion annually. The Scam Center Strike Force team, supported by agents from the U.S. Attorney’s Office, the Department of Justice, the FBI, and the Secret Service, investigates and prosecutes criminal groups operating large-scale cryptocurrency investment […]
Popular Android-based photo frames download malware on boot
Uhale Android-based digital picture frames come with multiple critical security vulnerabilities and some of them download and execute malware at boot time. Mobile security company Quokka conducted an in-depth security assessment on the Uhale app and found behavior suggesting a connection with the Mezmess and Voi1d malware families. The researchers reported the issues to ZEASN (now ‘Whale […]
China-linked hackers exploited Lanscope flaw as a zero-day in attacks
China-linked cyber-espionage actors tracked as ‘Bronze Butler’ (Tick) exploited a Motex Lanscope Endpoint Manager vulnerability as a zero-day to deploy an updated version of their Gokcpdoor malware. The discovery of this activity comes from Sophos researchers, who observed the threat actors exploiting the vulnerability in mid-2025 before it was patched to steal confidential information. The flaw […]