China and North Korea continue to industrialize zero-day vulnerabilities: Google Cloud's John Hultquist dives into how state hackers are finding exploits, as well as Pyongyang's ongoing success at planting IT workers inside Western organizations.
https://www.databreachtoday.com/how-china-north-korea-are-industrializing-zero-days-a-28252 @infosec.exchange/@Johnhultquist/ #mandiant
Recent searches
Search options
Administered by:
#mandiant
0 posts0 participants0 posts today
Compromised SAP NetWeaver instances are ushering in opportunistic threat actors https://www.helpnetsecurity.com/2025/05/12/compromised-sap-netweaver-instances-attacks-opportunistic-threat-actors/ #incidentresponse #enterprise #government #Don'tmiss #Forescout #Hotstuff #Mandiant #webshell #Onapsis #News #SAP
Help Net Security · Compromised SAP NetWeaver instances are ushering in opportunistic threat actors - Help Net Security
More from 
Zeljka Zorz
Google Cloud (ex. Mandiant) recently published a rather comprehensive breakdown of defenses against the threat cluster commonly known as Scattered Spider (UNC3944).
I can't help but feel that this report is somewhat of a deviation from many of previous Mandiant articles as it's almost entirely a list of bullets about how to defend against UNC3944.
Sure that's exactly what the article is named, but still feels... off. As if an LLM has had a chance to review/read source data and then produce a categorized list of defensive actions to take. Hopefully I'm just angry for no reason about the potential LLM-abuse.
There's usually so much more data and details in their "normal" incident styled reporting. But this one... has none of that but instead a whole bunch of recommendations that are ... well, very comprehensive and not prioritized.
I'm torn.
Google Cloud BlogDefending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines | Google Cloud BlogProactive hardening recommendations to defend against UNC3944, aka Scattered Spider, a financially-motivated threat group.
M-Trends 2025: State-Sponsored IT Workers Emerge as Global Threat https://www.securityweek.com/m-trends-2025-state-sponsored-it-workers-emerge-as-new-global-threat/ #Uncategorized #NorthKorea #Mandiant #Report
M-Trends 2025: State-Sponsored IT Workers Emerge as Global Threat https://www.securityweek.com/m-trends-2025-state-sponsored-it-workers-emerge-as-new-global-threat/ #Uncategorized #NorthKorea #Mandiant #Report
Understanding 2024 cyber attack trends https://www.helpnetsecurity.com/2025/04/24/understanding-2024-cyber-attack-trends/ #cloudsecurity #insiderthreat #cyberattacks #ransomware #Don'tmiss #Hotstuff #Mandiant #trends #News #tips
Help Net Security · Understanding 2024 cyber attack trends - Help Net Security
More from Zeljka Zorz
Laut einem aktuellen #Mandiant-Report ist die gezielte #Infiltration durch IT-Mitarbeiter aus #Nordkorea kein ausschließlich US-amerikanisches Problem. Im Bericht werden Beispiele aus Deutschland, Großbritannien, Serbien und Portugal genannt. Ziele der Cyberkriminellen sind zum einen Lohnzahlungen für das nordkoreanische Raketenprogramm, zum anderen #Spionage, das Einschleusen von Schadsoftware in Unternehmensnetze und Datenerpressung:
https://cybernews.com/cybercrime/north-korean-fraudsters-target-european-companies/ #cybersecurity #cybercrime
Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle – Source: www.securityweek.com https://ciso2ciso.com/rapid7-reveals-rce-path-in-ivanti-vpn-appliance-after-silent-patch-debacle-source-www-securityweek-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #IncidentResponse #Malware&Threats #vulnerabilities #securityweekcom #CVE-2025-22457 #ConnectSecure #securityweek #Mandiant #Ivanti #Rapid7 #VPN
CISO2CISO.COM & CYBER SECURITY GROUP · Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle – Source: www.securityweek.comSource: www.securityweek.com - Author: Ryan Naraine Security researchers at Rapid7 are publicly documenting a path to remote code execution of a critical
Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle https://www.securityweek.com/rapid7-reveals-rce-path-in-ivanti-vpn-appliance-after-silent-patch-debacle/ #IncidentResponse #Malware&Threats #Vulnerabilities #ConnectSecure #CVE202522457 #Mandiant #Ivanti #Rapid7 #VPN
Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle https://www.securityweek.com/rapid7-reveals-rce-path-in-ivanti-vpn-appliance-after-silent-patch-debacle/ #IncidentResponse #Malware&Threats #Vulnerabilities #ConnectSecure #CVE202522457 #Mandiant #Ivanti #Rapid7 #VPN
Google Targets SOC Overload With Automated AI Alert and Malware Analysis Tools – Source: www.securityweek.com https://ciso2ciso.com/google-targets-soc-overload-with-automated-ai-alert-and-malware-analysis-tools-source-www-securityweek-com/ #rssfeedpostgeneratorecho #ArtificialIntelligence #ThreatIntelligence #CyberSecurityNews #securityweekcom #securityweek #agenticai #Mandiant #Google #SOC #AI
CISO2CISO.COM & CYBER SECURITY GROUP · Google Targets SOC Overload With Automated AI Alert and Malware Analysis Tools – Source: www.securityweek.comSource: www.securityweek.com - Author: Ryan Naraine Technology giant Google this week announced plans to unleash automated AI agents into overtaxed SOCs
Google Targets SOC Overload With Automated AI Alert and Malware Analysis Tools https://www.securityweek.com/google-targets-soc-overload-with-automated-ai-alert-and-malware-analysis-tools/ #ArtificialIntelligence #ThreatIntelligence #agenticAI #Mandiant #google #SOC #AI
Google Targets SOC Overload With Automated AI Alert and Malware Analysis Tools https://www.securityweek.com/google-targets-soc-overload-with-automated-ai-alert-and-malware-analysis-tools/ #ArtificialIntelligence #ThreatIntelligence #agenticAI #Mandiant #google #SOC #AI
Google Pushing ‘Sec-Gemini’ AI Model for Threat-Intel Workflows – Source: www.securityweek.com https://ciso2ciso.com/google-pushing-sec-gemini-ai-model-for-threat-intel-workflows-source-www-securityweek-com/ #rssfeedpostgeneratorecho #ArtificialIntelligence #ThreatIntelligence #CyberSecurityNews #securityweekcom #securityweek #threatintel #SecGemini #FEATURED #Mandiant #Gemini #Google
CISO2CISO.COM & CYBER SECURITY GROUP · Google Pushing ‘Sec-Gemini’ AI Model for Threat-Intel Workflows – Source: www.securityweek.comSource: www.securityweek.com - Author: Ryan Naraine Tech giant Google has rolled out an experimental artificial intelligence model designed to support in
Google Pushing ‘Sec-Gemini’ AI Model for Threat-Intel Workflows https://www.securityweek.com/google-pushing-sec-gemini-ai-model-for-threat-intel-workflows/ #ArtificialIntelligence #ThreatIntelligence #threat-intel #Sec-Gemini #Mandiant #Gemini #google
Google Pushing ‘Sec-Gemini’ AI Model for Threat-Intel Workflows https://www.securityweek.com/google-pushing-sec-gemini-ai-model-for-threat-intel-workflows/ #ArtificialIntelligence #ThreatIntelligence #threat-intel #Sec-Gemini #Mandiant #Gemini #google
oooh... this could be interesting #cybersecurity #ai #google #gemini #infosec #mandiant
https://security.googleblog.com/2025/04/google-launches-sec-gemini-v1-new.html
Google Online Security BlogGoogle announces Sec-Gemini v1, a new experimental cybersecurity modelPosted by Elie Burzstein and Marianna Tishchenko, Sec-Gemini team Today, we’re announcing Sec-Gemini v1, a new experimental AI model focused...
Google Launches Sec-Gemini v1 AI Model for Real Time Cyber Defense
#Cybersecurity #CybersecurityAI #Google #GoogleAI #SecGemini #ThreatIntelligence #AIinSecurity #CyberDefense #Mandiant
Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances – Source: www.securityweek.com https://ciso2ciso.com/chinese-apt-pounces-on-misdiagnosed-rce-in-ivanti-vpn-appliances-source-www-securityweek-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #Malware&Threats #NetworkSecurity #securityweekcom #CVE-2025-22457 #ConnectSecure #PulseConnect #securityweek #Mandiant #UNC5221 #Ivanti
CISO2CISO.COM & CYBER SECURITY GROUP · Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances – Source: www.securityweek.comSource: www.securityweek.com - Author: Ryan Naraine Ivanti on Thursday rushed out documentation for a critical flaw in its Connect Secure VPN appliances
Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) https://www.helpnetsecurity.com/2025/04/03/ivanti-vpn-customers-targeted-via-unrecognized-rce-vulnerability-cve-2025-22457/ #cyberespionage #vulnerability #Don'tmiss #Hotstuff #Mandiant #Ivanti #News #VPN
Help Net Security · Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) - Help Net Security
More from Zeljka Zorz