Home Updates Threat Intel APT Encyclopedia Blog
Threat Intelligence

Threat Intelligence

Latest APT activity, actively exploited CVEs, and curated threat intelligence sources.

Latest APT Activity

Zero-Day Active Dec 19, 2025 UAT-9686

China-Linked APT Exploits Critical Cisco AsyncOS Zero-Day (CVE-2025-20393)

UAT-9686 is actively exploiting a maximum-severity vulnerability in Cisco Secure Email Gateway and Web Manager.

China CVE-2025-20393
CISA Alert Dec 19, 2025 CISA/NSA

BRICKSTORM Backdoor: Joint Advisory on Chinese VMware/ESXi Malware

CISA, NSA and Canadian CCCS released updated IOCs for BRICKSTORM, a sophisticated backdoor targeting VMware vSphere environments.

China VMware
Active Campaign Dec 14, 2025 MuddyWater

Iranian MuddyWater Deploys MuddyViper Backdoor Against Israel & Egypt

MuddyWater leverages custom Fooder loader to deploy MuddyViper backdoor, enabling system recon, shell command execution, and file transfer.

Iran MuddyViper
Ongoing Dec 10, 2025 Salt Typhoon

Salt Typhoon Continues Targeting US Telecom Infrastructure

Chinese state-sponsored group Salt Typhoon maintains access to US telecommunications providers. Focus on metadata collection and call interception.

China Telecom

CISA KEV - Dec 2025

CVE-2025-20393 Critical
Cisco AsyncOS - Input Validation
CVE-2025-40602 High
SonicWall SMA1000 - Missing Auth
CVE-2025-59718 High
Fortinet - Crypto Signature Bypass
View Full KEV Catalog

Active Groups This Month

Salt Typhoon China
MuddyWater Iran
Silver Fox China
UAT-9686 China

Intel Sources

CISA Advisories CYFIRMA Reports MITRE ATT&CK Groups Malpedia