Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2026-03-31GoogleAdrian Hernandez, Ashley Zaya, Austin Larsen, Christopher Gardner, Dima Lenz, Michael Rudden, Mon Liclican, Tyler McLellan
North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack
WAVESHAPER
2026-03-18GoogleGoogle Threat Intelligence Group
The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors
GHOSTBLADE
2026-03-03GoogleGoogle Threat Intelligence Group
Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit
Coruna
2026-03-03GoogleGoogle Threat Intelligence Group
Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit
Coruna UNC6353 UNC6691
2026-02-26Group-IBHans Figueroa, Vlada Govorova
GTFire Phishing Scheme: Avoiding Detection Using Google Services
GTFire
2026-02-21kmsecKieran Miyamoto
DPRK tests Google Drive as a malware stager
2026-02-17GoogleDaniel Sislo, Fernando Tomlinson, John Scarbrough, Jr., Nick Harbour, PETER UKHANOV, Rich Reece
From BRICKSTORM to GRIMBOLT: UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day
BRICKSTORM GRIMBOLT SLAYSTYLE UNC6201
2026-01-30GoogleMandiant
Vishing for Access: Tracking the Expansion of ShinyHunters-Branded SaaS Data Theft
UNC6671
2026-01-28GoogleGoogle Threat Intelligence Group
No Place Like Home Network: Disrupting the World's Largest Residential Proxy Network
2026-01-27GoogleGoogle Threat Intelligence Group
Diverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088
2025-12-12GoogleAragorn Tseng, Austin Larsen, CASEY CHARRIER, Genevieve Stark, Robert Weiner, Zander Work
Multiple Threat Actors Exploit React2Shell (CVE-2025-55182)
ANGRYREBEL MINOCAT SNOWLIGHT Earth Lamia
2025-12-04Aryaka Networksbikash dash, varadharajan krishnasamy
Scam in the Cloud How Fraudsters Exploit Google Cloud Storage (GCS) for Deceptive Campaigns
2025-11-20GoogleDan Perez, Harsh Parashar, Tierra Duncan
Beyond the Watering Hole: APT24's Pivot to Multi-Vector Attacks
BADAUDIO Cobalt Strike
2025-11-05GoogleGoogle Threat Intelligence Group
GTIG AI Threat Tracker: Advances in Threat Actor Usage of AI Tools
PromptLock UNC1069
2025-10-20GoogleWesley Shields
To Be (A Robot) or Not to Be: New Malware Attributed to Russia State-Sponsored COLDRIVER
MAYBEROBOT NOROBOT YESROBOT
2025-09-30GoogleAswad Robinson, Bhavesh Dhake, Laith Al, Matthew McWhirt, Michael Rudden, Omar ElAhdan
Cybercrime Observations from the Frontlines: UNC6040 Proactive Hardening Recommendations
2025-09-24TEAMT5Still Hsu, Tim Chen
Google Calendar As C2 Infrastructure: A China-Nexus Campaign With Stealthy Tactics
TOUGHPROGRESS
2025-09-24GoogleAshley Pearson, Austin Larsen, BRAD SLAYBAUGH, Doug Bienstock, Geoff Carstairs, John Wolfram, Josh Madeley, Josh Murchie, Matt Lin, Sarah Yoder
Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors
BRICKSTORM
2025-09-05Arctic WolfDmitry Kupin, Dmitry Melikov, Jacob Faires, Jon Grimm, Pavel Usatenko
GPUGate Malware: Malicious GitHub Desktop Implants Use Hardware-Specific Decryption, Abuse Google Ads to Target Western Europe
2025-08-26GoogleAustin Larsen, Matt Lin, Omar ElAhdan, Tyler McLellan
Widespread Data Theft Targets Salesforce Instances via Salesloft Drift
UNC6395