Ivanti has released patches for four new vulnerabilities in its Connect Secure and Policy Secure appliances, as Mandiant said it has seen eight separate groups exploiting some older flaws in those devices.
The Cyber Safety Review Board cited a string of internal failures in Microsoft's security culture as contributing factors for the 2023 compromise of more than 20 customers' cloud email inboxes by a Chinese threat group.
The U.S. has announced sanctions against a Chinese state-backed company and two individuals, as well as indictments against seven people alleged to part of China's APT31 threat group.
The Department of Justice has disrupted an attack campaign by Chinese state-sponsored attackers on U.S. critical infrastrucutre and says that country's targeting of civilian resources is a "low blow".
APT groups from Russia and China are targeting CVE-2023-38831 in WinRAR in multiple campaigns, deploying custom and commodity malware.