Threats Affecting South Africa
View all threats affecting or targeting South Africa. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
South AfricaThreats Affecting South Africa
Click on any threat for detailed analysis and mitigation recommendations
TA4922: The Suspected Chinese Crime Group is Going Global 0 TA4922 is a highly sophisticated Chinese-speaking threat actor demonstrating rapid operational tempo and continually evolving malware capabilities. Initially targeting East Asia, particularly Japan, the group has expanded globally to Europe and Africa. The actor deploys multiple malware families including Atlas RAT, RomulusLoader, SilentRunLoader, and ValleyRAT (Winos4.0), alongside legitimate remote management tools like AnyDesk and SyncFuture. Campaigns use localized lures themed around HR, payroll, tax, and invoicing, targeting hundreds to thousands of recipients per campaign. TA4922 conducts credential phishing, fraud operations including credit card theft, and attempts to shift communications to out-of-band channels like LINE, WhatsApp, and Microsoft Teams. The group leverages legitimate cloud hosting services and trusted software for delivery and persistence, combining advanced tradecraft with financially motivated objectives such as data theft, fraud, access resale, and persistent remote access. Join the discussion | AlienVault OTX General | 06/03/2026, 12:55:39 UTC Added: 06/04/2026, 08:33:36 UTC |
Chinese hackers use new Atlas RAT malware in European cyberattacks 0 A Chinese-speaking cybercrime group has expanded its targeting to the European space, deploying previously undocumented malware and the Atlas backdoor. [...] Join the discussion | Bleeping Computer | 06/03/2026, 21:45:27 UTC Added: 06/03/2026, 21:48:37 UTC |
Beyond Tax Returns: How Shared Malware Infrastructure Scales Brand Abuse In Indonesia 0 A sophisticated fraud campaign exploiting Indonesia's tax season targeted 67 million residents through fake Coretax applications distributed via phishing websites and WhatsApp social engineering. The GoldFactory threat cluster orchestrated operations using Gigabud.RAT and MMRat malware families with shared infrastructure abusing over 16 trusted brands across government and financial sectors. The attack chain combines vishing, screen recording, and remote access capabilities to achieve device compromise and unauthorized financial transfers. Estimated financial impact reaches USD 1.5-2 million nationwide, with global implications extending to USD 6 million annually across multiple countries. The industrialized malware-as-a-service infrastructure enables horizontal scaling across Thailand, Vietnam, Philippines, and South Africa, demonstrating a shift toward unified cross-border operations that systematically undermine trust in digital government services. Join the discussion | AlienVault OTX General | 05/20/2026, 12:33:54 UTC Added: 05/21/2026, 16:29:45 UTC |
Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India 0 The Silver Fox threat group conducted phishing campaigns in December 2025 and January 2026, impersonating tax authorities in India and Russia. Malicious emails contained archives with a modified Rust-based RustSL loader that deployed ValleyRAT backdoor. Over 1600 malicious emails targeted organizations across industrial, consulting, retail, and transportation sectors. During investigation, a previously undocumented Python-based backdoor named ABCDoor was discovered, active since late 2024. The attacks utilized multi-stage infection chains involving encrypted payloads, custom ValleyRAT modules, and various persistence mechanisms including Phantom Persistence technique. ABCDoor features remote control capabilities, screen broadcasting using ffmpeg, and file manipulation functions. The group employed sophisticated evasion techniques including geofencing, string encryption, and mimicking legitimate VPN services. Join the discussion | AlienVault OTX General | 04/30/2026, 09:42:51 UTC Added: 05/04/2026, 10:51:31 UTC |
CVE-2026-30573: n/aCVE-2026-30573 0 A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values for sales transactions. This leads to incorrect financial calculations, corruption of sales reports, and potential financial loss. Join the discussion | CVE Database V5 | 04/01/2026, 00:00:00 UTC Added: 04/01/2026, 18:08:19 UTC |
CVE-2026-30523: n/aCVE-2026-30523 0 A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to the lack of proper input validation. The application allows administrators to define "Loan Plans" which determine the duration of a loan (in months). However, the backend fails to validate that the duration must be a positive integer. An attacker can submit a negative value for the months parameter. The system accepts this invalid data and creates a loan plan with a negative duration. Join the discussion | CVE Database V5 | 04/01/2026, 00:00:00 UTC Added: 04/01/2026, 18:08:19 UTC |
CrystalX RAT: a Trojan for pranks, remote access, and cryptocurrency theft | Kaspersky official blog 0 The new CrystalX remote access Trojan combines pranks with full control over the victim’s computer. It also spies on its victims, steals their cryptocurrency and accounts, and uses advanced methods to bypass protection. We explain how it works, and how to avoid infection. Join the discussion | Kaspersky Security Blog | 04/01/2026, 15:05:19 UTC Added: 04/01/2026, 15:08:42 UTC |
CVE-2026-30522: n/aCVE-2026-30522 0 A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific penalty rates for overdue payments. While the frontend interface prevents users from entering negative numbers in the "Monthly Overdue Penalty" field, this constraint is not enforced on the backend. An authenticated attacker can bypass the client-side restriction by manipulating the HTTP POST request to submit a negative value for the penalty_rate. Join the discussion | CVE Database V5 | 04/01/2026, 00:00:00 UTC Added: 04/01/2026, 14:08:53 UTC |
CVE-2026-5237: SQL Injection in itsourcecode Payroll Management SystemCVE-2026-5237 0 A security flaw has been discovered in itsourcecode Payroll Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /manage_user.php of the component Parameter Handler. Performing a manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. Join the discussion | CVE Database V5 | 03/31/2026, 23:00:22 UTC Added: 04/01/2026, 13:38:38 UTC |
CVE-2026-5209: Cross Site Scripting in SourceCodester Leave Application SystemCVE-2026-5209 0 A security vulnerability has been detected in SourceCodester Leave Application System 1.0. Affected by this issue is some unknown functionality of the component User Management Handler. Such manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. Join the discussion | CVE Database V5 | 03/31/2026, 18:30:12 UTC Added: 03/31/2026, 18:38:19 UTC |
Showing 1 to 10 of 1152 results