news
Breaking Cyber News From Cyberint
Breaking news feed of the latest cyber incidents, breaches, vulnerabilities, malware, ransomware and so much more.
- All Items
- Handala
- Business Services
- Israel
- Asia
- Data Encrypted For Impact
- Jobinfo
- Middle East
- Shelter Locations In Israel
- Saudi Games
- Retail
- Saudi Arabia
- Cyber Fattah Team
- Ben Horin & Alexandrovitz
- Zachary Levi And Sons - Construction
- Sivim It
- Government
- Kibbutz Almog
- Manufacturing
- Saban Brands Israel
- Digitalghost
- Mprest
- Evil_Byte
- The Knesset
- Gonjeshke Darande
- Nobitex
- Indonesia
- Sentap
- exclusive
- Kimia Farma
- South-Eastern Asia
- Chemicals And Allied Products
- Sweden
- Scania
- Northern Europe
- Europe
- Transportation
- Hensi
- Tbn Israel
- Media
- Weizmann Institute Of Science
- Education
- Resistancetrench
- Israeli Air Force
- Dienet
- Israel Antiquities Authority
- United States
- Cve-2025-24016
- Mirai
- North America
- CVE-2025-24016
- Wazuh
- Clayoxtymus1337
- Epsilor Electric Fuel
- Technology
- Southern Asia
- Advanced Weapons And Equipment India
- India
- More_Eggs
- Fin6
- Cryptocurrency
- Alex Lab
- Zoldyck
- United Kingdom
- Critical Infrastructures
- Edf Energy
- Match Legitimate Name Or Location
- Amos
- Disable Or Modify Tools
- Sudo And Sudo Caching
- Spearphishing Link
- Spectrum
- Ingress Tool Transfer
- Telecommunications
- Unix Shell
- Credentials In Files
- Israel Defense Forces
- Ghna
- Coca-Cola Europacific Partners
- Food And Kindred Products
- Italy
- Locauto
- Automotive
- Southern Europe
- Mercadona
- Whitecoat
- Spain
- Wow Health Solutions
- Ups
- Healthcare
- Cyprus Airways
- Rip_Real_World
- Netsupport Rat
- Tel Aviv University
- Illeak
- Desec0X
- Yashma
- Numero
- Lucky_Gh0$T
- Cyberlock
- Unc6032
- Chaos
- Deloitte
- 303
- Gucci
- Eddiestealer
- Obfuscated Files Or Information
- Phishing
- Data From Local System
- Virtualization/Sandbox Evasion
- File And Directory Discovery
- Credentials From Password Stores
- Command And Scripting Interpreter
- Input Capture
- Drive-By Compromise
- Screen Capture
- Windows Credential Manager
- Password Managers
- Credentials From Web Browsers
- Exfiltration Over C2 Channel
- User Execution
- System Information Discovery
- W_Tchdogs
- Superloop
- Australia
- Australia And New Zealand
- Resource Hijacking
- Remote System Discovery
- Network Service Discovery
- Deploy Container
- Escape To Host
- Docker
- Change Default File Association
- Lateral Tool Transfer
- Exploitation For Client Execution
- Smb/Windows Admin Shares
- Exploit Public-Facing Application
- Web Protocols
- External Remote Services
- Bitdefender
- Eastern Europe
- Romania
- Venom Rat
- Cameleon
- Financial Theft
- Vicioustrap
- Cisco
- Cve-2023-20118
- CVE-2023-20118
- Macao Special Administrative Region
- Eastern Asia
- Cve-2025-0944
- CVE-2025-0944
- Tetraloader
- Trimble
- Uat-6382
- Powershell
- Process Discovery
- China
- File Deletion
- Malicious File
- Reflective Code Loading
- Dynamic-Link Library Injection
- Obfuscated Files Or Information: Encrypted Or Encoded Data
- Silver Fox
- Valleyrat
- Masquerade Task Or Service
- Regsvr32
- Rundll32
- Scheduled Task
- Trickbot
- Bumblebee
- Warmcookie
- Danabot
- Qakbot
- Cetus
- Purehvnc
- Bytebreaker
- Viralgod
- Latin America And The Caribbean
- Telcel
- Mexico
- Peter Green Chilled
- Cellcom
-
May 26, 2025
Chinese Threat Actor UAT-6382 Exploits Vulnerability in Trimble Cityworks
A Chinese-speaking threat actor known as UAT-6382 has been linked to the exploitation of a recently patched remote-code-execution vulnerability (CVE-2025-0944) in Trimble Cityworks. This group successfully targeted enterprise networks of local governing bodies in the United States, deploying various web shells and custom malware, including Cobalt Strike and a Rust-based loader called Tetraloader, to maintain long-term access to compromised systems. The attacks began in January 2025, and the vulnerability was added to the U.S. Cybersecurity and Infrastructure Security Agency's known exploited vulnerabilities catalog in February 2025.
