Mandiant

The Latest

TeamPCP Used Mini Shai-Hulud Worm to Poison Over 400 npm and PyPI Packages

TeamPCP Used Mini Shai-Hulud Worm to Poison Over 400 npm and PyPI Packages

Slovakian Admin of Dark Web Kingdom Market Jailed for 16 Years in US

Slovakian Admin of Dark Web Kingdom Market Jailed for 16 Years in US

Why Canadian Telecom Providers Are Prime Targets for Cyberattacks

Why Canadian Telecom Providers Are Prime Targets for Cyberattacks

Canvas Hackers ShinyHunters Say Their Official Domain Was Suspended

Canvas Hackers ShinyHunters Say Their Official Domain Was Suspended

UNC6692 Hackers Exploit Microsoft Teams to Deploy SNOW Malware

Read More

2 minute read

UNC6692 Hackers Exploit Microsoft Teams to Deploy SNOW Malware

UNC6692 hackers exploit Microsoft Teams with fake IT alerts to deploy SNOW malware, steal credentials, and breach corporate networks in advanced attacks.

April 27, 2026

Cl0p-Linked Gang Attempts to Extort Oracle E-Business Customers

Read More

2 minute read

Cl0p-Linked Gang Attempts to Extort Oracle E-Business Customers

A ‘high-volume’ extortion campaign possibly linked to FIN11 and Cl0p is targeting Oracle E-Business executives. Mandiant and GTIG are investigating unproven data theft claims.

October 3, 2025

China-Linked Hackers Hit US Tech Firms with BRICKSTORM Malware

Read More

3 minute read

China-Linked Hackers Hit US Tech Firms with BRICKSTORM Malware

China-backed UNC5221 targets US legal and tech firms by deploying BRICKSTORM malware on neglected VMware and Linux/BSD appliances, Google's Mandiant reports.

September 25, 2025

Zero-Day in Sitecore Exploited to Deploy WEEPSTEEL Malware

Read More

2 minute read

Security

Zero-Day in Sitecore Exploited to Deploy WEEPSTEEL Malware

Hackers exploit a Sitecore zero-day (CVE-2025-53690) to deploy WEEPSTEEL Malware via ViewState attacks, enabling Remote Code Execution (RCE).

September 8, 2025

Salesloft Drift Breach Traced to GitHub Compromise and Stolen OAuth Tokens

Read More

2 minute read

Salesloft Drift Breach Traced to GitHub Compromise and Stolen OAuth Tokens

Salesloft Drift breach traced to GitHub compromise and stolen OAuth tokens, Mandiant confirms breach contained and Salesforce data targeted.

September 7, 2025

Scattered Lapsus$ Hunters Demand Google Fire Security Experts or Face Data Leak

Read More

2 minute read

Scattered Lapsus$ Hunters Demand Google Fire Security Experts or Face Data Leak

Note: The names of both employees have been removed for privacy reasons, following a request from Google. We are now referring to them as Worker 1 and Worker 2.

September 4, 2025

Google Reveals UNC6395’s OAuth Token Theft in Salesforce Breach

Read More

2 minute read

Google Reveals UNC6395’s OAuth Token Theft in Salesforce Breach

A new advisory from Google and Mandiant reveals a widespread data breach in Salesforce. Learn how UNC6395 bypassed…

August 27, 2025

Fake AI Video Tool Ads on Facebook, LinkedIn Spread Infostealers

Read More

2 minute read

Fake AI Video Tool Ads on Facebook, LinkedIn Spread Infostealers

Mandiant Threat Defense uncovers a campaign where Vietnam-based group UNC6032 tricks users with malicious social media ads for…

May 28, 2025

Google Acquires Wiz for Record $32 Billion

Read More

2 minute read

Google Acquires Wiz for Record $32 Billion

$32B Wiz acquisition: Google ramps up cloud security. Following Mandiant, this deal signals major GCP defense upgrade.

March 18, 2025

Google TAG Reports Zero-Day Surge and Rise of State Hacker Threats

Read More

3 minute read

Google TAG Reports Zero-Day Surge and Rise of State Hacker Threats

Google’s Threat Analysis Group (TAG) reports a concerning rise in zero-day exploits and increased activity from state-backed hackers.…

March 27, 2024