APT28 hackers deploy customized variant of Covenant open-source tool

The Russian state-sponsored APT28 threat group is using a custom variant of the open-source Covenant post-exploitation framework for long-term espionage operations.
Microsoft

Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft

Storm-2561 uses SEO poisoning to push fake VPN downloads that install signed trojans and steal VPN credentials. Active since 2025, Storm-2561 mimics trusted brands and abuses legitimate services. This ...

Understanding and Defending Against Iranian Cyber Threats: An ISA/IEC 62443 Perspective

During the unprecedented escalation of the current 2026 cyber and kinetic war involving Iran, Israel and the United States, understanding the adversary's playbook is more critical than ever.