Cybersecurity researchers have flagged fresh activity from a
China-aligned threat actor known as Webworm in 2025, deploying
custom backdoors that employ Discord and Microsoft Graph API for
command-and-control (C2 or C&C) communications. Webworm, first
publicly documented by Broadcom-owned Symantec in September 2022,
is assessed to be active since at least 2022, targeting government
agencies
Read more https://thehackernews.com/2026/05/webworm-deploys-echocreep-and-graphworm.html
