news
Breaking Cyber News From Cyberint
Breaking news feed of the latest cyber incidents, breaches, vulnerabilities, malware, ransomware and so much more.
- All Items
- Jobinfo
- Israel
- Handala
- Business Services
- Data Encrypted For Impact
- Middle East
- Asia
- Shelter Locations In Israel
- Retail
- Saudi Arabia
- Saudi Games
- Cyber Fattah Team
- Ben Horin & Alexandrovitz
- Zachary Levi And Sons - Construction
- Sivim It
- Kibbutz Almog
- Government
- Manufacturing
- Saban Brands Israel
- Digitalghost
- Mprest
- The Knesset
- Evil_Byte
- Gonjeshke Darande
- Nobitex
- Chemicals And Allied Products
- Kimia Farma
- exclusive
- South-Eastern Asia
- Indonesia
- Sentap
- Transportation
- Northern Europe
- Scania
- Europe
- Hensi
- Sweden
- Tbn Israel
- Media
- Weizmann Institute Of Science
- Education
- Resistancetrench
- Israeli Air Force
- Dienet
- Israel Antiquities Authority
- United States
- Mirai
- CVE-2025-24016
- North America
- Wazuh
- Cve-2025-24016
- Epsilor Electric Fuel
- Clayoxtymus1337
- Technology
- Southern Asia
- Advanced Weapons And Equipment India
- India
- More_Eggs
- Fin6
- Cryptocurrency
- Alex Lab
- Edf Energy
- United Kingdom
- Zoldyck
- Critical Infrastructures
- Sudo And Sudo Caching
- Telecommunications
- Credentials In Files
- Spearphishing Link
- Disable Or Modify Tools
- Match Legitimate Name Or Location
- Spectrum
- Unix Shell
- Ingress Tool Transfer
- Amos
- Israel Defense Forces
- Food And Kindred Products
- Coca-Cola Europacific Partners
- Ghna
- Italy
- Automotive
- Southern Europe
- Locauto
- Whitecoat
- Spain
- Mercadona
- Ups
- Wow Health Solutions
- Healthcare
- Cyprus Airways
- Rip_Real_World
- Netsupport Rat
- Tel Aviv University
- Illeak
- Desec0X
- Unc6032
- Numero
- Chaos
- Lucky_Gh0$T
- Yashma
- Cyberlock
- 303
- Deloitte
- Gucci
- Credentials From Web Browsers
- Password Managers
- Input Capture
- User Execution
- Credentials From Password Stores
- Obfuscated Files Or Information
- Phishing
- System Information Discovery
- Command And Scripting Interpreter
- Exfiltration Over C2 Channel
- Virtualization/Sandbox Evasion
- Screen Capture
- Windows Credential Manager
- Eddiestealer
- Drive-By Compromise
- File And Directory Discovery
- Data From Local System
- Australia And New Zealand
- Australia
- W_Tchdogs
- Superloop
- Resource Hijacking
- Network Service Discovery
- Exploitation For Client Execution
- Escape To Host
- Docker
- External Remote Services
- Smb/Windows Admin Shares
- Remote System Discovery
- Lateral Tool Transfer
- Deploy Container
- Web Protocols
- Change Default File Association
- Exploit Public-Facing Application
- Romania
- Venom Rat
- Bitdefender
- Financial Theft
- Eastern Europe
- Cameleon
- Cve-2023-20118
- Vicioustrap
- Cisco
- Macao Special Administrative Region
- CVE-2023-20118
- Eastern Asia
- Cve-2025-0944
- CVE-2025-0944
- Tetraloader
- Uat-6382
- Trimble
- Dynamic-Link Library Injection
- Silver Fox
- Regsvr32
- Reflective Code Loading
- Valleyrat
- Process Discovery
- Scheduled Task
- File Deletion
- Powershell
- Obfuscated Files Or Information: Encrypted Or Encoded Data
- China
- Malicious File
- Masquerade Task Or Service
- Rundll32
- Qakbot
- Trickbot
- Bumblebee
- Danabot
- Warmcookie
- Cetus
- Purehvnc
- Bytebreaker
- Viralgod
- Telcel
- Latin America And The Caribbean
- Mexico
- Peter Green Chilled
- Cellcom
-
May 26, 2025
Chinese Threat Actor UAT-6382 Exploits Vulnerability in Trimble Cityworks
A Chinese-speaking threat actor known as UAT-6382 has been linked to the exploitation of a recently patched remote-code-execution vulnerability (CVE-2025-0944) in Trimble Cityworks. This group successfully targeted enterprise networks of local governing bodies in the United States, deploying various web shells and custom malware, including Cobalt Strike and a Rust-based loader called Tetraloader, to maintain long-term access to compromised systems. The attacks began in January 2025, and the vulnerability was added to the U.S. Cybersecurity and Infrastructure Security Agency's known exploited vulnerabilities catalog in February 2025.