news
Breaking Cyber News From Cyberint
Breaking news feed of the latest cyber incidents, breaches, vulnerabilities, malware, ransomware and so much more.
- All Items
- Middle East
- Data Encrypted For Impact
- Asia
- Israel
- Handala
- Business Services
- Jobinfo
- Shelter Locations In Israel
- Retail
- Saudi Arabia
- Saudi Games
- Cyber Fattah Team
- Ben Horin & Alexandrovitz
- Zachary Levi And Sons - Construction
- Sivim It
- Kibbutz Almog
- Government
- Manufacturing
- Saban Brands Israel
- Mprest
- Digitalghost
- Evil_Byte
- The Knesset
- Gonjeshke Darande
- Nobitex
- South-Eastern Asia
- exclusive
- Chemicals And Allied Products
- Sentap
- Indonesia
- Kimia Farma
- Hensi
- Europe
- Scania
- Transportation
- Northern Europe
- Sweden
- Tbn Israel
- Media
- Weizmann Institute Of Science
- Education
- Israeli Air Force
- Resistancetrench
- Dienet
- Israel Antiquities Authority
- United States
- North America
- Mirai
- Wazuh
- CVE-2025-24016
- Cve-2025-24016
- Clayoxtymus1337
- Epsilor Electric Fuel
- Technology
- India
- Advanced Weapons And Equipment India
- Southern Asia
- Fin6
- More_Eggs
- Cryptocurrency
- Alex Lab
- Critical Infrastructures
- Zoldyck
- Edf Energy
- United Kingdom
- Telecommunications
- Unix Shell
- Sudo And Sudo Caching
- Spearphishing Link
- Disable Or Modify Tools
- Match Legitimate Name Or Location
- Ingress Tool Transfer
- Credentials In Files
- Amos
- Spectrum
- Israel Defense Forces
- Ghna
- Coca-Cola Europacific Partners
- Food And Kindred Products
- Southern Europe
- Automotive
- Italy
- Locauto
- Spain
- Mercadona
- Whitecoat
- Wow Health Solutions
- Healthcare
- Ups
- Rip_Real_World
- Cyprus Airways
- Netsupport Rat
- Illeak
- Tel Aviv University
- Desec0X
- Lucky_Gh0$T
- Cyberlock
- Yashma
- Unc6032
- Numero
- Chaos
- Deloitte
- 303
- Gucci
- Screen Capture
- Input Capture
- Data From Local System
- Windows Credential Manager
- System Information Discovery
- Credentials From Password Stores
- Obfuscated Files Or Information
- Drive-By Compromise
- Eddiestealer
- Credentials From Web Browsers
- Phishing
- Exfiltration Over C2 Channel
- Password Managers
- Virtualization/Sandbox Evasion
- Command And Scripting Interpreter
- File And Directory Discovery
- User Execution
- Australia And New Zealand
- W_Tchdogs
- Superloop
- Australia
- Lateral Tool Transfer
- Deploy Container
- Exploitation For Client Execution
- Resource Hijacking
- Change Default File Association
- Smb/Windows Admin Shares
- Escape To Host
- Web Protocols
- Exploit Public-Facing Application
- Network Service Discovery
- Remote System Discovery
- External Remote Services
- Docker
- Financial Theft
- Romania
- Cameleon
- Eastern Europe
- Bitdefender
- Venom Rat
- CVE-2023-20118
- Cisco
- Vicioustrap
- Cve-2023-20118
- Eastern Asia
- Macao Special Administrative Region
- CVE-2025-0944
- Cve-2025-0944
- Uat-6382
- Tetraloader
- Trimble
- Masquerade Task Or Service
- Scheduled Task
- Rundll32
- Reflective Code Loading
- Silver Fox
- File Deletion
- China
- Obfuscated Files Or Information: Encrypted Or Encoded Data
- Process Discovery
- Malicious File
- Dynamic-Link Library Injection
- Regsvr32
- Powershell
- Valleyrat
- Danabot
- Qakbot
- Warmcookie
- Bumblebee
- Trickbot
- Cetus
- Purehvnc
- Bytebreaker
- Viralgod
- Mexico
- Latin America And The Caribbean
- Telcel
- Peter Green Chilled
- Cellcom
-
May 26, 2025
Chinese Threat Actor UAT-6382 Exploits Vulnerability in Trimble Cityworks
A Chinese-speaking threat actor known as UAT-6382 has been linked to the exploitation of a recently patched remote-code-execution vulnerability (CVE-2025-0944) in Trimble Cityworks. This group successfully targeted enterprise networks of local governing bodies in the United States, deploying various web shells and custom malware, including Cobalt Strike and a Rust-based loader called Tetraloader, to maintain long-term access to compromised systems. The attacks began in January 2025, and the vulnerability was added to the U.S. Cybersecurity and Infrastructure Security Agency's known exploited vulnerabilities catalog in February 2025.