China’s Cyberspying Targets Western Defense Industry, Dutch Intel Chief Says A military intelligence report warned that Beijing poses a growing threat to Europe alongside Russia and that the two countries’ increasing cooperation compounds the danger.

China’s Cyberspying Targets Western Defense Industry, Dutch Intel Chief Says
The Wall Street Journal
www.wsj.com/world/chinas...
@wsj.com

Lazarus “Mach-O Man” Malware: What CISOs Need to Know Learn how the Lazarus “Mach-O Man” campaign targets businesses, and how SOC leaders can reduce credential theft and data exposure risk.

New Lazarus APT Campaign: “Mach-O Man” macOS Malware Kit Hits Businesses
ANY.RUN
any.run/cybersecurit...

Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories Our research on Void Dokkaebi’s operations uncovered a campaign that turns infected developer repositories into malware delivery channels. By spreading through trusted workflows, organizational codeba...

Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories
Void Dokkaebi, also tracked as Famous Chollima, is a North Korea-aligned intrusion set
Trend Micro
www.trendmicro.com/en_us/resear...

Same packet, different magic: Mustang Panda hits India's banking sector and Korea geopolitics Acronis Threat Research Unit (TRU) identified a new variant of the LOTUSLITE backdoor with a theme related to India's banking sector, delivered via DLL sideloading using a legitimate Microsoft-signed ...

Same packet, different magic: Mustang Panda hits India's banking sector and Korea geopolitics
Acronis Threat Research Unit
www.acronis.com/en/tru/posts...

EU targets two Russian propaganda networks with new sanctions The measures target Euromore, a media outlet that EU officials say amplifies Kremlin narratives, and the Foundation for the Support and Protection of the Rights of Compatriots Living Abroad (Pravfond)...

EU targets two Russian propaganda networks with new sanctions
The Record
therecord.media/eu-targets-r...
@therecordmedia.bsky.social

Ukraine busts ‘bot farm’ supplying thousands of fake Telegram accounts to Russian spies Ukrainian authorities have dismantled a so-called “bot farm” that police say was supplying thousands of fake social media accounts to Russian intelligence services for use in disinformation campaigns ...

Ukraine busts ‘bot farm’ supplying thousands of fake Telegram accounts to Russian spies
The Record
therecord.media/ukraine-sbu-...
@therecordmedia.bsky.social

Initial Takeaways on LayerZero DVN Security Incident Things you need to know and where the ecosystem goes from here

Initial Takeaways on LayerZero DVN Security Incident
Security Alliance
radar.securityalliance.org/initial-take...

KelpDAO suffers $290 million heist tied to Lazarus hackers State-sponsored North Korean hackers are likely behind the $290 million crypto-heist that impacted the KelpDAO DeFi project on Saturday.

KelpDAO suffers $290 million heist tied to Lazarus hackers
BleepingComputer
www.bleepingcomputer.com/news/securit...
@bleepingcomputer.com

GoLoader at Industrial Scale: Two Unauthenticated Builder Panels, 468K Polymorphic Samples, Steganographic .NET Loaders, and a Cracked njRAT Config Pointing to a Chinese XWorm Operator Two GoLoader panels with zero authentication are churning out 468K+ polymorphic Windows malware samples targeting Chinese crypto investors. We reversed steganographic payloads, cracked the njRAT AES-2...

GoLoader at Industrial Scale: Two Unauthenticated Builder Panels, 468K Polymorphic Samples, Steganographic .NET Loaders, and a Cracked njRAT Config Pointing to a Chinese XWorm Operator
Breakglass Intelligence
intel.breakglass.tech/post/goloade...

Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17) Unit 42 details recent Iranian cyberattack activity, sharing direct observations of phishing, hacktivist activity and cybercrime. We include recommendations for defenders.

Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)
Unit 42 | Palo Alto
unit42.paloaltonetworks.com/iranian-cybe...

From APT28 to RePythonNET: automating .NET malware analysis
Sekoia.io
blog.sekoia.io/apt28-to-rep...
@sekoia.io

Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise | Microsoft Security Blog The Microsoft Defender Security Research Team uncovered a sophisticated macOS intrusion campaign attributed to the North Korean threat actor Sapphire Sleet that abuses user driven execution and social...

Microsoft Threat Intelligence uncovered a macOS‑focused cyber campaign by the North Korean threat actor Sapphire Sleet that relies on social engineering
www.microsoft.com/en-us/securi...

Iranian APT Seedworm Targets Global Organizations via Microsoft Teams Contributors: Authors: Vishak Unnikrishnan Kavitha, Niranjan Jayanand  Introduction In late February 2026, escalating geopolitical tensions in

Iranian APT Seedworm Targets Global Organizations via Microsoft Teams
CyberProof
www.cyberproof.com/blog/iranian...

DomainTools Investigations | MOIS Linked MOIST GRASSHOPPER / Homeland Justice / KarmaBelow80 / Handala Hackers / Campaigns and Evolution Explore the evolution of MOIS-linked actors Homeland Justice, Karma, and Handala. Analysis of destructive malware, surveillance integration, and the 2026 Stryker incident.

MOIS Linked MOIST GRASSHOPPER / Homeland Justice / KarmaBelow80 / Handala Hackers / Campaigns and Evolution
Domain Tools
dti.domaintools.com/research/moi...
@domaintools.bsky.social

How North Korea laundered money through Vietnamese crypto company - The Korea Times On Sept. 22, 2025, a post seeking a verified U.S. Payoneer account appeared on a Telegram channel run by Quangvietdnbg International Services Co. L...

How North Korea laundered money through Vietnamese crypto company
The Korea Times
www.koreatimes.co.kr/foreignaffai...

Inside ZionSiphon: Darktrace’s Analysis of OT Malware Targeting Israeli Water Systems
Darktrace
www.darktrace.com/blog/inside-...
@darktrace.com

China Criticizes Iran War as Beijing Supports Tehran Under the Table China is trying to have it both ways in the U.S.-Iran conflict. On April 14, Chinese leader Xi Jinping criticized Washington’s blockade of Iranian ports and called for a diplomatic resolution during....

China Criticizes Iran War as Beijing Supports Tehran Under the Table
Foundation for Defense of Democracies
www.fdd.org/analysis/202...

The Risks of Chinese-Produced Cellular Modules House Select Committee on the CCP, Press Release, “Letter to Treasury and Defense Secretaries on ‘Chinese Military Company’ Quectel,” January 4, 2024. (https://chinaselectcommittee.house.gov/media/let...

The Risks of Chinese-Produced Cellular Modules
Foundation for Defense of Democracies
www.fdd.org/analysis/202...

The Iran War’s Hidden Front: Censorship, Satellite Imagery, and Narrative Power - HSToday Modern conflict is no longer decided solely on the kinetic battlefield. It is increasingly shaped by a hidden front: the struggle over what events can be seen, verified, withheld, and interpreted in r...

The Iran War’s Hidden Front: Censorship, Satellite Imagery, and Narrative Power
Homeland Security Today
www.hstoday.us/subject-matt...

US nationals behind DPRK IT worker 'laptop farm' sent to prison Two U.S. nationals have been sent to prison for helping North Korean remote information technology (IT) workers to pose as U.S. residents and get hired by over 100 companies across the country, includ...

Two U.S. nationals have been sent to prison for helping North Korean remote information technology (IT) workers to pose as U.S. residents
BleepingComputer
www.bleepingcomputer.com/news/securit...

US nationals behind DPRK IT worker 'laptop farm' sent to prison Two U.S. nationals have been sent to prison for helping North Korean remote information technology (IT) workers to pose as U.S. residents and get hired by over 100 companies across the country, includ...

Two U.S. nationals have been sent to prison for helping North Korean remote information technology (IT) workers to pose as U.S. residents
BleepingComputer
www.bleepingcomputer.com/news/securit...

Intelligence Specialist (Operations) GG-13 w/ the 782nd Military Intelligence Battalion (Cyber), Fort Gordon, Ga., serving as a Cryptologic Cyberspace Operations Specialist, as a Digital Network Exploitation Analyst (DNEA). Open: April 16 to 22, 2026, www.usajobs.gov/job/865250400. #ArmyCyber

How China’s Weapons Transfers to Iran Have Evolved Over Decades

How China’s Weapons Transfers to Iran Have Evolved Over Decades
The New York Times
www.nytimes.com/2026/04/15/w...
@nytimes.com

Sweden Sees Russia Intensifying Cyber Attacks on Infrastructure Russia’s intelligence services are now seeking to damage European infrastructure with cyber attacks rather than merely overwhelm websites with excess traffic, Swedish Civil Defense Minister Carl-Oskar...

Sweden Sees Russia Intensifying Cyber Attacks on Infrastructure
Bloomberg
www.bloomberg.com/news/article...
@bloomberg.com

How a fake Russian story became a real problem for Estonia Inside the People’s Republic that wasn’t.

How a fake Russian story became a real problem for Estonia
Politico
www.politico.eu/article/how-...
@politico.eu

Hungary for more? Russian Storm-1516 narratives and engagement tactics targeting Hungary’s 2026 parliamentary election
Clemson University
open.clemson.edu/cgi/viewcont...

Orbán’s loss won’t stop Russian influence campaigns, but it shows they’re beatable The Hungarian strongman’s electoral defeat exposes the growth, and limits, of Russian hybrid-warfare tactics.

Orbán’s loss won’t stop Russian influence campaigns, but it shows they’re beatable
Defense One
www.defenseone.com/threats/2026...
@defenseone.bsky.social

State-sponsored threats: Different objectives, similar access paths A look at 2025 state-sponsored threats, exploring how actors linked to China, Russia, North Korea, and Iran use vulnerabilities, identity, and trusted access paths to achieve their goals.

State-sponsored threats: Different objectives, similar access paths
Across the Talos 2025 Year in Review, state-sponsored threat activity from China, Russia, North Korea, and Iran all had varying motivations
Cisco Talos
blog.talosintelligence.com/state-sponso...

"And particularly, two brands of these devices, TP-Link, which is a Chinese firm, and MikroTik, which is a Latvian firm, which is not very popular here in the United States but is very widely used in Eastern Europe and particularly in Ukraine."

Tips to protect your home internet network after a Russian router hack Following a large-scale Russian hacking operation targeting routers, and new FCC guidance, what can you do to make sure your home internet connection is safe?

Tips to protect your home internet network after a Russian router hack
NPR
www.npr.org/2026/04/14/n...
@npr.org