UAT-6382, a Chinese-speaking threat actor, was observed exploiting a zero-day vulnerability (CVE-2025-0994) in Cityworks to deploy sophisticated malware, targeting U.S. local government networks since January 2025.| blog.polyswarm.io
Chinese-speaking hackers have exploited a now-patched Trimble Cityworks zero-day to breach multiple local governing bodies across the United States.| BleepingComputer