Tag: UNC5174
-
VMware Zero-Day (CVE-2025-41244) Exploited by Chinese APT UNC5174 Since October 2024
Broadcom has patched a critical privilege escalation vulnerability in VMware Aria Operations and VMware Tools, which had been actively exploited as a zero-day since October 2024. The flaw, tracked as CVE-2025-41244, was not initially acknowledged as exploited in Broadcom’s official advisory. However, Maxime Thibaut of NVISO had disclosed the issue back in May, and NVISO…
-
ANSSI Exposes “Houken”: China-Linked APT Exploiting Ivanti CSA Zero-Days & Deploying Linux Rootkits
The French cybersecurity agency has announced a large-scale cyberattack targeting key sectors of the nation. Government institutions, telecommunications firms, media organizations, the financial sector, and transport entities were all placed in the crosshairs. The malicious campaign has been attributed to a Chinese hacking group that exploited previously unknown vulnerabilities in Ivanti’s Cloud Services Appliance (CSA).…
-
UNC5174 Exploits Zero-Days: F5, Connectwise Hit
Mandiant specialists report that Chinese hackers, identified as UNC5174, are exploiting vulnerabilities in widely-used products to disseminate malicious software capable of installing additional backdoors on compromised Linux hosts. The attacks orchestrated by UNC5174 have targeted a broad array of entities ranging from research and educational institutions in Southeast Asia and the United States to businesses…