30 articles. Nation-state cyber operations and espionage campaigns. APT tracking, attribution analysis, and geopolitical context across MENA, EU, and US.
Google disrupted UNC2814, a suspected PRC espionage group that breached 53 telecoms and governments across 42 countries using Google Sheets as C2.
Self-named hacktivist collective claims 375TB exfiltration from Lockheed Martin. Zero verified samples after 10 days. Separately, MOIS-backed Handala.
F5 reclassifies BIG-IP APM vulnerability CVE-2025-53521 from denial-of-service to unauthenticated RCE. Memory-resident webshells deployed.
Iran's MOIS-backed Handala published 300+ emails and photos from FBI Director Kash Patel's personal Gmail. The account appeared in 11 prior data breaches.
Iran's MuddyWater embedded Deno-based and Python backdoors on a US bank, airport, and defense company weeks before US-Israeli strikes on Iran.
A 6-vulnerability iOS exploit chain deploying three malware variants targeted users across Saudi Arabia, Turkey, Malaysia, and Ukraine.
Iranian APT MuddyWater launched Operation Olalampo targeting Gulf governments with new AI-assisted malware including GhostFetch, CHAR backdoor.
Critical auth bypass in Cisco Catalyst SD-WAN exploited by APT UAT-8616 since 2023. CVSS 10.0. Five Eyes joint advisory. CISA emergency directive ED 26-03.
Amnesty International revealed Predator spyware deployed against Egyptian activists via zero-click exploits. US sanctions imposed on Intellexa consortium.
China-linked attackers exploited an Ivanti VPN zero-day with RESURGE rootkit to steal 5.6M patient records across five Connecticut hospitals.
Jordan's NCSC reported 6,758 incidents in 2024, a 175% surge over 2023, issuing 6,922 alerts and achieving a 97% detection rate against known threat indicators.
Citizen Lab documented Bahrain's use of NSO Group's Pegasus spyware against at least nine activists via zero-click iMessage exploits requiring no user.
Hezbollah-linked Lebanese Cedar APT exploited unpatched Atlassian and Oracle servers to breach 250+ telecom servers globally, stealing call records.
Zero-click iMessage exploits deployed by Saudi- and UAE-linked operators compromised 36 Al Jazeera journalists' iPhones. Citizen Lab identified the KISMET.
Business and Human Rights Centre investigation found five Jordanian ISPs, including Orange, collecting intrusive user data beyond service needs without.
Amnesty rated BeAware among the world's most dangerous contact-tracing apps, conducting live GPS tracking linked to national IDs and broadcasting.
Amnesty discovered a critical API flaw in Qatar's mandatory Ehteraz contact-tracing app that exposed health data of 1M+ users via predictable QID enumeration.
Iran-linked APT34 deployed Dustman wiper malware against Bahrain's national oil company BAPCO, gaining initial access months earlier via a compromised VPN.
Iranian state actors gained command-and-control of Bahrain EWA's industrial control systems managing electricity and water for the kingdom alongside NSA.
Iranian APT hijacked DNS records for Lebanon's Ministry of Finance and Middle East Airlines, intercepting email credentials and VPN logins.
Cybersecurity CEO Khalil Sehnaoui breached Ogero Telecom, government ministries, banks, and airport systems in what was called Lebanon's largest hack.
EFF and Lookout exposed a Lebanese intelligence espionage campaign run from a GDGS building in Beirut, targeting thousands of victims across 21+ countries.
Chinese state-sponsored hackers operated undetected for 11 months inside the second-largest US health insurer, stealing 78.8M patient records.
Iran-linked Shamoon malware wiped corporate systems at Qatar's RasGas LNG producer, two weeks after devastating Saudi Aramco's 35,000 workstations.
A Stuxnet-related Gauss trojan targeted six major Lebanese banks including Bank of Beirut and BlomBank, stealing online banking credentials from 2,500.
Citizen Lab discovered Egyptian ISPs using Sandvine PacketLogic deep packet inspection to hijack subscriber traffic for ad injection and cryptocurrency.
Iranian APT34 penetrated Oman's Administrative Court as part of a long-running espionage campaign exposed when Lab Dookhtegan leaked the group's tools in 2019.
Citizen Lab and Access Now documented systematic Pegasus deployment against 35+ journalists, lawyers, and activists in Jordan over four years.
Palo Alto Unit 42 uncovered a multi-year espionage campaign using custom anime-named backdoors to target Kuwait's shipping sector and government entities.
Iran-linked APT39 (Chafer) conducted a multi-year espionage campaign against Kuwaiti government agencies, targeting diplomatic, military.