-->
#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
Security Service Edge

cyber espionage | Breaking Cybersecurity News | The Hacker News

Category — cyber espionage
Google Disrupts UNC2814 GRIDTIDE Campaign After 53 Breaches Across 42 Countries

Google Disrupts UNC2814 GRIDTIDE Campaign After 53 Breaches Across 42 Countries

Feb 25, 2026 Cyber Espionage / Network Security
Google on Wednesday disclosed that it worked with industry partners to disrupt the infrastructure of a suspected China-nexus cyber espionage group tracked as UNC2814 that breached at least 53 organizations across 42 countries. "This prolific, elusive actor has a long history of targeting international governments and global telecommunications organizations across Africa, Asia, and the Americas," Google Threat Intelligence Group (GTIG) and Mandiant said in a report published today. UNC2814 is also suspected to be linked to additional infections in more than 20 other nations. The tech giant, which has been tracking the threat actor since 2017, has been observed using API calls to communicate with software-as-a-service (SaaS) apps as command-and-control (C2) infrastructure. The idea, it added, is to disguise their malicious traffic as benign. Central to the hacking group's operations is a novel backdoor dubbed GRIDTIDE that abuses Google Sheets API as a communication ...
Defense Contractor Employee Jailed for Selling 8 Zero-Days to Russian Broker

Defense Contractor Employee Jailed for Selling 8 Zero-Days to Russian Broker

Feb 25, 2026 Zero Day / National Security
A 39-year-old Australian national who was previously employed at U.S. defense contractor L3Harris has been sentenced to a little over seven years in prison for selling eight zero-day exploits to Russian exploit broker Operation Zero in exchange for millions of dollars. Peter Williams pleaded guilty to two counts of theft of trade secrets in October 2025. In addition to the jail term, Williams has been ordered to serve three years of supervised release with special conditions, as well as forfeit illicit proceeds, including properties, clothing, jewelry, and luxury watches, purchased from the cryptocurrency payments he received in return for selling the exploits. The case's connection to Operation Zero was disclosed by cybersecurity journalist Kim Zetter late last year. The nature of the exploits are presently unclear. But a sentencing memorandum published earlier this month revealed that the tools could have been "used against any manner of victim, civilian or military ...
UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware

UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware

Feb 24, 2026 Cyber Espionage / Malware
A Russia-aligned threat actor has been observed targeting a European financial institution as part of a social engineering attack to likely facilitate intelligence gathering or financial theft, signaling a possible expansion of the threat actor's targeting beyond Ukraine and into entities supporting the war-torn nation . The activity, which targeted an unnamed entity involved in regional development and reconstruction initiatives, has been attributed to a cybercrime group tracked as UAC-0050 (aka DaVinci Group ). BlueVoyant has designated the name Mercenary Akula to the threat cluster. The attack was observed earlier this month. "The attack spoofed a Ukrainian judicial domain to deliver an email containing a link to a remote access payload," researchers Patrick McHale and Joshua Green said in a report shared with The Hacker News. "The target was a senior legal and policy advisor involved in procurement, a role with privileged insight into institutional operation...
cyber security

How to Discover Shadow AI [Free Guide]

websiteNudge SecuritySaaS Security / Shadow AI
The first step in mitigating AI risks is to uncover where AI is being used. Get a head start with this guide.
cyber security

OpenClaw: RCE, Leaked Tokens, and 21K Exposed Instances in 2 Weeks

websiteReco AIAttack Surface / AI Agents
The viral AI agent connects to Slack, Gmail, and Drive—and most security teams have zero visibility into it.
CRESCENTHARVEST Campaign Targets Iran Protest Supporters With RAT Malware

CRESCENTHARVEST Campaign Targets Iran Protest Supporters With RAT Malware

Feb 19, 2026 Cyber Espionage / Data Security
Cybersecurity researchers have disclosed details of a new campaign dubbed CRESCENTHARVEST , likely targeting supporters of Iran's ongoing protests to conduct information theft and long-term espionage. The Acronis Threat Research Unit (TRU) said it observed the activity after January 9, with the attacks designed to deliver a malicious payload that serves as a remote access trojan (RAT) and information stealer to execute commands, log keystrokes, and exfiltrate sensitive data. It's currently not known if any of the attacks were successful. "The campaign exploits recent geopolitical developments to lure victims into opening malicious .LNK files disguised as protest-related images or videos," researchers Subhajeet Singha, Eliad Kimhy, and Darrel Virtusio said in a report published this week. "These files are bundled with authentic media and a Farsi-language report providing updates from 'the rebellious cities of Iran.' This pro- protest framing appears ...
Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs

Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs

Feb 13, 2026 Threat Intelligence / Malware
A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL . Google Threat Intelligence Group (GTIG) described the hacking group as possibly affiliated with Russian intelligence services. The threat actor is assessed to have targeted defense, military, government, and energy organizations within the Ukrainian regional and national governments. However, the group has also exhibited growing interest in aerospace organizations, manufacturing companies with military and drone ties, nuclear and chemical research organizations, and international organizations involved in conflict monitoring and humanitarian aid in Ukraine, GTIG added. "Despite being less sophisticated and resourced than other Russian threat groups, this actor recently began to overcome some technical limitations using LLMs [large language models]," GTIG said . "Through prompting, they conduct reconnaissance, create lures for soci...
Expert Insights Articles Videos
Cybersecurity Resources