Published Date All 2025-04-25 2025-04-24 2025-04-23 2025-04-22 2025-04-21 2025-04-20 2025-04-19 2025-04-18 2025-04-17
Tags All .library-ms File .NET framework 2020 US Election Access Management Account Lockouts Account Takeover (ATO) Account Takeover (ATO) Attacks Ace Editor Actionable Insights Active Directory Active Directory Attacks Active Directory Certificate Services (AD CS) Active Directory Security Active Exploitation Active_Exploitation Active! Mail Ad Fraud Advanced Persistent Threat (APT) Advanced Persistent Threats (APTs) Adversary-in-the-Middle (AitM) Affiliate Model Changes Affiliate Models Agamemnon downloader Agentic AI Agentic AI in Cybersecurity AI AI Agents as Privileged Identities AI Code Security AI Deepfakes AI Ethics AI Frameworks AI Governance AI in Cybersecurity AI in Finance AI Lifecycle Security AI Model Vulnerabilities AI Risk in Government AI Risk Management AI Safety AI Security AI Security Risks AI Security Standards AI Supply Chain Security AI Training and Onboarding AI-based Malware AI-driven Automation AI-driven Security AI-enabled Attacks AI-enabled Bot Attacks AI-enabled Fraud AI-generated Attacks AI-Generated Code Security Risks AI-Generated Content AI-generated exploits AI-powered Attacks AI-powered Botnets AI-powered Code Security AI-powered Credential Protection AI-powered Cybersecurity AI-powered Fraud AI-powered geolocation AI-powered Image Analysis AI-Powered Image Analysis AI-powered Penetration Testing AI-powered Phishing AI-powered Public Safety AI-powered Security AI-powered SIEM AI-powered surveillance AI-powered task automation AI-powered Vishing-as-a-Service AI/ML AiCloud AIxCC Alert Triage and Reduction Allegra Alternative Vulnerability Databases Android Android Emulators Android Malware Android Rooting Android Security Android Spyware Anonymity Anti-forensic Techniques Antivirus Software Reviews Anubis Apache Airflow API Attacks API Security App Management Apple Apple_Vulnerability Application Security Application Security (AppSec) APT APT Attacks APT28 (Fancy Bear) APT29 APT29 (Potential) Aqara Arbitrary Command Execution Arbitrary File Write Arbitrary_Code_Execution Artificial Intelligence ASN.1 ATT&CK v17 Attack Surface Management Attack Surface Management (ASM) Attack Surface Reduction Attacker Infrastructure Authentication Bypass Authentication Vulnerability AutoIt Automated Audit Trails Automated Response Automated Security Orchestration, Automation, and Response (SOAR) Automated Vulnerability Remediation Automation Automation in Cybersecurity Automotive Cybersecurity Avast Free Antivirus AWS S3 AWS Security AWS_Security Azure Azure Entra ID Vulnerabilities Azure Entra ID vulnerability Azure Service Health Alerts Backdoor Backup and Replication Software Base64 BASE64 Encoding Baseboard Management Controller (BMC) Biometric Authentication Blockchain Blockchain Technology Blue Screen of Death (BSOD) Bluetooth Tracker Bluetooth Vulnerability Board-Level Cybersecurity Body-worn Cameras Border Security Bot Management Bot Mitigation Botnet Browser extensions Browser Security Browser_Security Browser-Based Security Brute force Brute Force Attack Brute Ratel and Heaven's Gate Brute-Force Attack Buffer Overflow Bug Bounties Bug Bounty Business Email Compromise (BEC) CAPTCHAs CarPlay Issues Cato Networks CDN CEO Protection Certificate Authority CGI Chang Way Technologies ChatGPT ChatGPT Comparison Child Online Safety China China-Based Networks Chinese Hackers Chinese State-Sponsored Hacking Chrome Extension Exploitation Chrome Extensions CISA CISA Advisory CISA BOD 25-01 CISA Guidance CISA Known Exploited Vulnerabilities Catalog CISA Personnel Cisco Cisco Webex Vulnerability CISO CISO Concerns Class Action Lawsuits Click & Collect Disruption Click & Collect Suspension Click-and-Collect Disruption ClickFix ClickFix Attacks Cloud Build Cloud Computing Cloud Computing (AWS) Cloud Infrastructure Cloud Migration Cloud Security Cloud Security Best Practices Cloud Workload Protection Cloud-Based Infrastructure Cloud-Native Cloudera Hue Cloudflare CNAPP Code Execution Code_Execution Command and Control (C2) Command and Control (C2) Server Command and Control (C2) Servers Command Injection Commvault Compliance Compliance and Regulations Consumer Electronics Contactless Payment Disruption Containerization Cookie-Based Attacks Coordinated Vulnerability Disclosure (CVD) COPPERHEDGE Counterfeit Smartphones Cozy Bear CPU Performance Craft CMS Vulnerability Credential Abuse Credential Harvesting Credential Management Credential Reuse/Secrets Leakage Credential Revocation Credential Stuffing Credential Theft Credential-Based Attacks Crisis Communication Critical Infrastructure Critical Infrastructure Attacks Critical Infrastructure Protection Cross-Site WebSocket Hijacking (CSWSH) Cryptocurrencies Cryptocurrency Cryptocurrency Fraud Cryptocurrency Targeting Cryptocurrency Theft Cryptography Cryptojacking Custom Malware Custom ROMs CVE CVE Analysis CVE Foundation CVE Program CVE Program Funding CVE_Vulnerability CVE-2021-20035 CVE-2024-54085 CVE-2025-20236 CVE-2025-21204 CVE-2025-24054 CVE-2025-27610 CVE-2025-31324 CVE-2025-32433 CVE-2025-34028 CVE-2025-3485 CVE-2025-3486 CVE-2025-3882 CVE-2025-3883 CVE-2025-3884 CVE-2025-3886 CVSS 10 CVSS Score 7.2 Cyber Espionage Cyber Hygiene Cyber Insurance Cyber Resilience Act (CRA) Cyber-enabled Fraud Cyberattack Cyberattacks Cybercrime Cybercrime Commercialization Cybercrime Statistics Cybercrime Syndicates Cybersecurity Cybersecurity Automation Cybersecurity Best Practices Cybersecurity Breach Response Cybersecurity Collaboration Cybersecurity Compliance Cybersecurity Hiring Cybersecurity Incident Cybersecurity Incident Response Cybersecurity Investigations Cybersecurity Leadership Cybersecurity Regulations Cybersecurity Risk Management Cybersecurity Solutions Cybersecurity Startup Funding Cybersecurity Strategy Cybersecurity Technology Cybersecurity_Best_Practices CybersecurityLegislation Cyberwarfare Dark Web Dark Web Activity DARPA DAST Data Aggregation Data Analytics Data Backup and Recovery Data Breach Data Breach (Potential) Data Breaches Data Cleanup Data Collection Data Collection Practices Data Encryption Data Exfiltration Data Exposure Data Extortion Data Governance Data Leakage Data Leakage Prevention Data Loss Prevention (DLP) Data Minimization Data Privacy Data Privacy Lawsuit Data Protection Data Security Data Security Incident Data Theft Data Tracking Data_Encryption Data_Exfiltration DDoS DDoS Attack DDoS Attacks DDS Decentralized_VPN Deep Linking deepfake Deepfake Deepfake Detection Deepfake Technology Deepfakes Default Credentials Delayed Breach Notification Denial of Service Denial of Service (DoS) Denial-of-Service Developer Security Training Device Theft DevOps DevSecOps Digital Twins Directory Traversal Disinformation Disruption of Services DKIM DKIM Spoofing DLL side-loading DLL Side-loading DLL Sideloading DNS Manipulation Docker Docker Security Doctor Web Domain Control Validation (DCV) Domain Validation Donald_Trump_Administration Double Extortion DragonForce Driver Blocklist Update DShield-SIEM DslogdRAT Due Diligence Dynamic DNS E-commerce Fraud eBPF eCharge Hardy Barth cPH2 Edge Device Security Edge Router Security EDR Bypass EDR Evasion Elasticsearch Elderly Fraud Elderly Targeting Election Security Electric Vehicle (EV) Charger Vulnerabilities Elon Musk Email Phishing Email Security Emergency Updates Emergency_Patch Employment Fraud Emulation Encrypted Messaging Encryption Encryption Backdoors End-of-Life Software End-to-End Encryption Endpoint Detection and Response (EDR) Endpoint Security Energy Sector Energy Sector Cybersecurity Enterprise Email Security Equation Editor Vulnerability Erlang/OTP Espionage Espionage Attacks ESXi ETSI ETSI Standards EUVD Exchange Online Executive Orders Executive Privacy Exploit Exploit Development Exploit of Public-Facing Applications Exploitation of Public-Facing Applications Exploited Vulnerabilities Export Controls Exposure Management External Attack Surface Management (EASM) Extortion FakeTLS False Positives FBI FBI IC3 Report Federal Agencies Fetch Payload Optimization Fifth Amendment Rights Filebeat Financial Data Theft Financial Fraud Financial Impact Financial Loss Financial Motivation Financial Theft Fintech Security Firmware Tampering Firmware Update Firmware Updates Firmware Vulnerability Firmware_Analysis Firmware-level Malware Flexible Working Models Fog Ransomware Foreign Espionage Fraud Fraud Prevention Freedom of Speech Fully Homomorphic Encryption (FHE) Funding GDPR GDPR Violation Generative AI Generative AI (GenAI) Generative AI in Supply Chain Generative AI Risk Generative AI Security Geolocation Geolocation Data Theft Geopolitical Conflict Geopolitical Risk Geopolitical Risks Ghidra Gig Economy Cybersecurity Git Security GitHub Security Global Cyberattacks Global Surveillance Google Ads Google Analytics Google Analytics Misconfiguration Google Cloud Platform (GCP) Google Cloud Platform (GCP) Vulnerability Google Gemini Google Privacy Sandbox Google Security Flaws Google Sites Abuse Government Appointments Government Censorship Government Contracts Government Cybersecurity Government Data Government Data Security Government Funding Government Investigation Government Regulations Government Resignation Government Surveillance Government_Cybersecurity_Funding GovernmentOverreach GPS Spoofing GrapeLoader GRAPELOADER GSM Association (GSMA) Hacking Hacktivism Hard-coded Credentials Hardware Security Modules (HSMs) Hardware_Analysis Harman Becker Healthcare Healthcare Cybersecurity Healthcare Data Breach Healthcare Data Privacy Healthcare Data Security Healthcare Sector Healthcare Sector Cyberattack Healthcare Sector Targeting Helper Service Hexadecimal Encoding HIDS High Core Count Servers High-Availability Systems High-Fidelity Data HIPAA Compliance HIPAA Violation HomeKit Honeypot Hosting Providers HTML Human Error in Cybersecurity Human Trafficking Investigation Human-AI Collaboration in SOC Hybrid Identity Hyper-V IAM Misconfigurations IAM_Misconfiguration IC3 Report ICS Security ICS Vulnerability Identity Access Management Identity and Access Management (IAM) Identity Protection Identity Security Identity Theft Identity Verification Identity-Based Attacks IIoT Infrastructure Immigration Enforcement Impersonation Impersonation Scam Improper Input Validation Inadequate Security Measures Incident Response Industrial Control Systems (ICS) Industrial Control Systems (ICS) Security Industrial IoT Security Industry Innovation Information Disclosure Information Security Information Stealer Information Stealing Infostealers Initial Access Broker Initial Access Broker (IAB) Initial Access Vector Initial Access Vectors Innorix Agent Insider Threat Insider Threat Prevention Insider Threats Integer Overflow Internal Controls International Cooperation Investment Fraud io_uring iOS iOS Security Update iOS Vulnerabilities iOS Vulnerability IoT Security IP Address Manipulation IP Scanning iPhone Storage Management Iptables Israeli Startup Ivanti Jailbreaking Japan JavaScript Jurisdiction and Internet Companies Kaspersky Kerberos Kernel Driver Vulnerability Keylogger Kimsuky Known Exploited Vulnerabilities (KEVs) Kubernetes Kubernetes Security Large Language Models (LLMs) Lateral Movement Law Enforcement Response Law Enforcement Technology Lawsuit Lazarus APT Lazarus Group Leadership Changes Leak Sites Least Privilege Legacy Systems Legal Case/Lawsuit Legal Challenges Linux Linux_Security Living-off-the-Land (LOTL) Attacks LLM Exploitation LLM Security Local Attack Location Identification Location Identification from Images Log Tampering Mac Antivirus Software MACE Credential Revocation Machine Identity Machine Learning Machine Learning Bug Machine Learning Security macOS MacOS_Security_Settings Magisk Malicious Chrome Extensions Malicious Code Malicious Code Injection Malicious Packages Malicious URL Malvertising Malware Malware Analysis Malware Attack Malware Delivery Malware Deployment Malware Detection Malware Distribution Malware-as-a-Service (MaaS) Malware-Free Attacks Man-in-the-Middle Attack Mandiant M-Trends 2025 Report Maritime Cybersecurity MCP MCP Server Exploitation Memory Corruption Memory Poisoning Mergers and Acquisitions (M&A) Metadata Removal Metasploit Metasploit Framework Update MFA Bypass MGU21 Microsegmentation Microsoft 365 Microsoft 365 Attack Microsoft 365 Compliance Microsoft 365 Compromise Microsoft Azure Vulnerability Microsoft Entra ID Microsoft Patch Tuesday Microsoft Patching Issues Microsoft Purview Microsoft Security Culture Microsoft Security Initiative Microsoft Security Patch Microsoft Security Updates Microsoft Vulnerabilities Microsoft Windows NTLM Vulnerability Midnight Blizzard Misconfiguration MISP Missing Authentication Mitigation and Remediation Mitigation Guidance Mitigation Strategies MitM Attack MITRE MITRE ATT&CK MITRE ATT&CK Framework MITRE NVD MITRE_ATT&CK_TA0002_T1203 MITRE's Role Mixnet Mobile Application Security Mobile Device Management (MDM) Mobile Malware Mobile Network Security Mobile Security Mobile Telecom Security Modbus Protocol Model Context Protocol (MCP) Modular Malware Money Laundering Mongolia MSPs (Managed Service Providers) Multi-Cloud Security Multi-factor Authentication Multi-Factor Authentication (MFA) Multi-Factor Authentication (MFA) Bypass Multi-Factor Authentication (MFA) Failure Mustang Panda Myanmar Nation-State Actor Nation-State Actors Nation-State Adversaries Nation-State Attacks National Security Network Edge Devices Network Security New ChatGPT Models NFC Attacks NFC Exploitation NFC Relay Attacks NIST Cybersecurity Framework NIST Privacy Framework Node.js Node.js Exploitation Node.js Malware North Korea North Korea (DPRK) Cyberattacks North Korean Cyberattacks North Korean Threat Actors NPM NPM Package Compromise NSIS NSO Group NTLM Hash Exploitation NTLM Hash Leak NTLM_attacks nwcheckexec.php OAuth OAuth 2.0 Exploitation OAuth Abuse OAuth Exploitation OAuth Phishing Obfuscation Office 365 Attack Office 365 Attacks Online Advertising Online Dating Scams Open Source Open Source Intelligence (OSINT) Open Source Security Open_Source open-source Open-Source Software Operational Disruption Operational Security Operational Technology (OT) Security OPSEC Failure Optional Update OS Command Injection OSINT Tools Outlook Bug Overlay Injection OWASP SAMM Package Installation PAKLOG and CorKLOG Pass-the-Hash Passkeys Password Management Password Security Password_Management Passwordless Authentication Patch Patch Management Patch Tuesday Patching Path Traversal Path Traversal Vulnerability Pegasus Spyware Penetration Testing Pentesting Automation Perl Persistence Personal Data Exposure Personnel_Changes_in_Cybersecurity Phishing Phishing Attacks Phishing Detection Phishing Kit Phishing Prevention Phishing Protection Phishing-as-a-Service Phishing-as-a-Service (PhaaS) Phone Searches Photo Management Physical Security Pig Butchering Pig Butchering Scams PII (Personally Identifiable Information) PII Detection PII Exposure PKCS#12 PKI Pointer Authentication Bypass Political Controversy Political Retaliation Polymorphic Phishing Post-Quantum Cryptography Powershell PowerShell Pricing Tiers Privacy Concerns Privacy Implications Privacy Regulations Privacy Violation Privacy_Focus Private Key Theft Privilege Escalation Privilege_Escalation Privileged Access Management (PAM) Privileged Account Security Product Comparison Product Review Prompt Engineering Prompt Injection Prompt Injection Attacks Proof-of-Concept Proton66 Proxy Servers Public Exploit Public Key Cryptography Public-Private Partnership PyPI PyPI Vulnerability Python PyTorch Vulnerability quantum computing Quantum Computing Rack Vulnerability Ransomware Ransomware (Possible) Ransomware Attack Ransomware Attacks Ransomware Negotiations Ransomware Response Strategies Ransomware Suspicion Ransomware-as-a-Service (RaaS) RCE RDP Vulnerability Exploitation Real-time Vulnerability Remediation Rebranding Reconnaissance Red Teaming RedTail Malware Refresh Tokens Regular Expressions Regulatory Compliance Regulatory Fine Regulatory Investigation Remediation Time Remnux Remote Access Trojan Remote Access Trojan (RAT) Remote Access Trojans (RATs) Remote Code Execution Remote Code Execution (RCE) Remote Desktop Remote Desktop Issues Remote File Inclusion (RFI) Remote_Access_Tool_Abuse Remote_Code_Execution Replay Attack Resignation Retail Cyberattack Retail Sector Return-Oriented Programming Reverse Shell Reverse_Engineering Risk Assessment Risk Management Risk Prioritization Romance Scams Rootkit rootkit-detection Router Security RSA Conference RSA Conference 2025 RSAC 2025 Ruby on Rails Security Runtime Application Self-Protection (RASP) Russia Russia-linked Threat Actors Russian Threat Actors Rust SaaS Security SageMaker_Security SAP NetWeaver Vulnerability SAP Vulnerability SAP_NetWeaver_Visual_Composer_Vulnerability SAP_NetWeaver_Vulnerability Satellite_Internet SBOM Management Scam Prevention Schneider Electric Search Engine Privacy Secret Detection Secrets Management Secure Boot Secure by Design Secure Development Secure Development Lifecycle (SDL) Secure Development Practices Secure Future Initiative (SFI) Security Automation Security Awareness Training Security Clearances Security Information and Event Management (SIEM) Security Operations Center (SOC) Security Posture Management (SPM) Security tools Security_Analysis Seed Funding Series A Funding Series B Funding Series D Funding Server Hardware Server-Side Request Forgery (SSRF) Service Disruption Session Cookie Theft Session Token Theft Sextortion Shadow AI Shadow IT Siemens Siemens TeleControl Server Basic Signal Jamming SIGNBT SIM Swap Attack Small and Medium-sized Businesses (SMBs) Smart Home Security Smartphone Searches by Law Enforcement Smartphone Security SMB Exploitation SMB Security SMEs (Small and Medium-sized Enterprises) Smishing SMS-based Attacks Social Engineering Social Media Monitoring Social Media Regulation Social Media Risks Social Media Security Social_Engineering Software Composition Analysis (SCA) Software Development Software Development Kit (SDK) Software Development Lifecycle Security Software Obfuscation Software Patch Software Security Software Supply Chain Attack Software Supply Chain Security Software Update Software Updates Software Vulnerabilities Software Vulnerability Software_Vulnerabilities SonicWall SonicWALL SonicWall Vulnerability South Korea Spam Filtering Spear Phishing Spear-phishing SplatCloak Spyware SQL Injection SSH SSH Backdoors SSH Brute-Force SSH Security SSH Vulnerability SSL Certificate Vulnerability SSL Vulnerability SSL/TLS Certificate Management SSRF Stack-Based Buffer Overflow Starjacking StarProxy State-sponsored attacks State-Sponsored Attacks State-sponsored Hacking State-Sponsored Hacking STIX Stolen Credentials Storm-0558 Streaming Device Privacy Settings SuperBlack Ransomware Supply Chain Attack Supply Chain Attacks Supply Chain Compromise Supply Chain Security Supply_Chain_Attacks Supply-Chain Attack Surveillance Surveillance Countermeasures SVG Synthetic Identity System Call Evasion Targeted Advertising Targeted Attack Targeted Attacks Taxonomy Tech Support Scams Telecom Breaches Telecommunication Regulations Telecommunications Security Telegram Telegram C2 Telegram Integration Terms of Service Violations Text Scams Third-Party Access Third-Party Breaches Third-Party Cookies Third-Party Investigation Third-Party Risk Third-Party Software Risks Threat Actor Threat Actor Analysis Threat Actor Group Threat Actor Tactics Threat Detection Threat Detection and Response Threat Intelligence Threat Intelligence Feeds Threat Intelligence Platform (TIP) Threat Intelligence Sharing Threat Modeling ThreatNeedle TONESHELL Traffic Distribution Systems (TDS) Transnational Organized Crime Travel Privacy Triada Trojan Trojan Trust and Transparency in Cybersecurity Ubisoft UK Retail Sector Ukraine Unathenticated Exploitation Unauthenticated Unauthenticated File Upload Unauthenticated_File_Upload Unauthorized Access Undercover Operations Unitree GO2 Robot Dog Unverified Software Signatures US Border Security US Coast Guard US Government US-Based Companies Usage Limits User Experience (UX) in Cybersecurity Venture Capital Verizon DBIR Virtual Private Networks (VPNs) Vishing Visibility and Threat Detection Visibility Paradox Voice Cloning Voter ID VPN VPN_Exploitation VPN_Features_Comparison VPN_Review VPN_Reviews Vulnerabilities Vulnerability Vulnerability Detection Vulnerability Disclosure Vulnerability Exploitation Vulnerability Management wAgent Watering Hole Attack WeaXor Ransomware Web Application Firewall (WAF) Web Application Security (WAS) Web Scraping Web Shell Web_Shell Web3 WebRTC Webshell WhatsApp WhatsApp Privacy Whistleblower Report Windows 10 Update Windows Backdoor Windows NTLM Vulnerability Windows Server Windows Server 2025 Windows Server Bug Windows Update Windows Update Vulnerability Windows Updates WineLoader WINELOADER Wire Fraud WireGuard WordPress Malware WSL2 Bug Fix XML External Entity Injection XRP Ledger XWorm Malware YARA Yii Framework Vulnerability Yokogawa Recorder Vulnerability Zeek Zero Trust Zero-Day Zero-Day Attacks Zero-day Exploit Zero-Day Exploit Zero-Day Exploits Zero-Day Vulnerability Zero-Day Vulnerability (Potential) Zero-Day_Exploit Zero-Day_Exploits Zero-Day_Vulnerability Zip File Vulnerability Zoom Zoom Attacks Zoom Exploitation Zoom Malware Attack
Categories All Access Control Account Hijacking Ad Security Advanced Persistent Threat (APT) Advanced Persistent Threat (APT) Activity Advanced Persistent Threat (APT) Analysis Advanced Persistent Threat (APT) Attacks Advanced Persistent Threats (APT) Advanced Persistent Threats (APTs) AI and Machine Learning Security AI Cybersecurity AI Ethics and Governance AI Ethics and Legal Implications AI Ethics and Privacy AI Ethics and Surveillance AI Image Processing AI Image Recognition and Analysis AI in Cybercrime AI in Cybersecurity AI Model Access and Usage AI Risk and Security AI Risk Management AI Security AI Security Risks AI Security Risks and Mitigation AI Security Solutions AI Security Threats AI Standards Development AI System Security AI Technology AI-Driven Threat Protection AI/ML Security Android Security Antivirus Software API Security Application Security Application Security Technology APT Attack Lifecycle APT Attacks APT Group Activities APT Mitigation Strategies Artificial Intelligence Artificial Intelligence in Cybersecurity Artificial Intelligence in Law Enforcement Attack Vectors Authentication & Authorization Authentication and Authorization Authentication Security Automotive Supply Chain Security Blockchain Security Border Crossing Procedures and Policies Bot Mitigation and Detection Botnet Threats Browser Security Business Continuity Business Impact of Cyberattacks Case Studies Certificate Authority (CA) Security Child Exploitation Cloud Security Cloud Security Architecture Cloud Security Best Practices Cloud Security Incident Cloud Security Incidents Cloud Security Solutions Cloud Security Threats and Mitigation Cloud Service Security Cloud Workload Security Cloud_Security Competition Analysis Compliance and Governance Corporate Security Culture & Initiatives Credential Theft Critical Infrastructure Security Cryptocurrency Security Cyber Espionage Cyber Threat Intelligence Cybercrime Cybercrime and Financial Fraud Cybercrime and Threat Intelligence Cybercrime Infrastructure Cybercrime Statistics and Trends Cybercrime Tactics Cybercrime Tactics and Techniques Cybercrime Trends Cybercrime Trends and Analysis Cybercrime Trends and Statistics Cybercrime-as-a-Service (CaaS) Cybercrime/Financial Fraud Cybersecurity Cybersecurity Attacks Cybersecurity Awareness Cybersecurity Awareness Training Cybersecurity Best Practices Cybersecurity Defense Cybersecurity Design and User Experience Cybersecurity Economics Cybersecurity Frameworks and Standards Cybersecurity Funding Cybersecurity in Mergers and Acquisitions Cybersecurity Incident Response Cybersecurity Incidents Cybersecurity Industry Trends Cybersecurity Insurance Cybersecurity Law and Policy Cybersecurity Legislation Cybersecurity Litigation Cybersecurity Mitigation Cybersecurity Personnel Cybersecurity Policy Cybersecurity Policy and Governance Cybersecurity Product Launch Cybersecurity Product Promotion Cybersecurity Recommendations Cybersecurity Regulations and Compliance Cybersecurity Risk Management Cybersecurity Risk Mitigation Cybersecurity Solution Comparison Cybersecurity Solutions Cybersecurity Standards and Frameworks Cybersecurity Startup Cybersecurity Startup Funding Cybersecurity Strategy Cybersecurity Summit Takeaways Cybersecurity Technology Cybersecurity Technology and Tools Cybersecurity Threat Analysis Cybersecurity Threat Intelligence Cybersecurity Threat Landscape Cybersecurity Threat Prevention Cybersecurity Threat Trends Cybersecurity Threats Cybersecurity Threats and Attacks Cybersecurity Threats and Defenses Cybersecurity Threats and Vulnerabilities Cybersecurity Tooling Cybersecurity Tools Cybersecurity Tools and Technologies Cybersecurity Trends Cybersecurity Workforce Development Data Breach Analysis Data Breach Investigations Data Breach Litigation Data Breach Response Data Breach Trends Data Breaches Data Loss Prevention Data Loss Prevention (DLP) Data Privacy Data Privacy and Security Data Privacy and Surveillance Data Privacy Litigation Data Security Data Security and Privacy Data Security and Protection Data Security Breach Data Security Incident Data Security Incident Response Data Security Incidents Data Security Strategy & Implementation Data Storage Optimization Data_Breaches Device Security Digital Advertising Docker Security E-commerce Security Economic Impact Education Sector Cybersecurity Election Law Email Security Embedded Systems Security Embedded_Systems_Security Emerging Cybersecurity Threats Emerging Technologies in Cybersecurity Emerging Threats Emerging Threats and Technologies Endpoint Detection and Response (EDR) Endpoint Security Energy Sector Cybersecurity Threats Enterprise Security Ethical Considerations in Cybersecurity FBI Internet Crime Report Analysis Financial Crime Financial Cybercrime Financial Cybersecurity Financial Fraud Financial Incentives in Cybersecurity Financial Losses from Cybercrime Financial Services Security Financial Technology Firmware Security Fraud Prevention Funding and Investment Gaming Industry Regulation Geopolitical AI Competition Geopolitical Cyber Espionage Geopolitical Cyber Warfare Geopolitical Cyberattacks Geopolitical Cybersecurity Geopolitical Implications of AI Geopolitical Influences on Cyberattacks Geopolitical Threat Geopolitical Threat Analysis Gig Economy Security Risks Google Forms Security Governance and International Collaboration Government and Public Sector Cybersecurity Government and Regulatory Actions Government Cybersecurity Government Cybersecurity Frameworks Government Cybersecurity Incident Government Data Breach Government Oversight Government Security Government Surveillance Government Technology Government_Cybersecurity Governmental Cybersecurity GovernmentRegulation Hardware Security Healthcare Compliance Healthcare Cybersecurity Healthcare Data Breach Healthcare Data Breach (Indirect) Healthcare Data Breach Prevention Healthcare Data Security Home Security Honeypot Security Human Factor in Cybersecurity IAM and Access Control IAM_and_Access_Control ICS Security Identity and Access Management Identity and Access Management (IAM) Identity Management Identity Security Identity Security Threats Impact and Consequences Impact of Cybercrime Impact on Customers Impact on Different Sectors Incident Response Incident Response and Recovery Incident Response and Remediation Incident_Response Industrial Control System Security Industrial Control Systems (ICS) Security Industrial Control Systems Security Industry-Specific Targeting Insider Threat and Privilege Misuse Insider Threat Investigation International Cybersecurity Cooperation International Travel Security InternationalCybersecurity Intrusion Detection IoT Device Security IoT Security IT Operations IT Operations Management Kubernetes Security Best Practices Law Enforcement Response Law Enforcement Technology Linux Security Machine Learning in Cybersecurity Machine_Learning_Security MacOS Security MacOS_Privacy_and_Security Malware Analysis Malware Analysis Techniques Malware Attacks Malware Distribution Malware Techniques Medical Device Security Messaging App Security Microsoft 365 Security Microsoft Security Initiatives Microsoft Security Updates Mobile Device Security Mobile Malware Mobile Malware Analysis Mobile Penetration Testing Mobile Security Mobile Security Solutions Municipal Cybersecurity Nation-State APT Attacks Nation-State Attacks Nation-State Cyberattacks National Security Network Security Network_Security OpenAI Service Announcements Operational Technology (OT) Security OSINT Tools and Techniques OT/ICS Security Patch Management Penetration Testing and Exploit Development Phishing Phishing and Credential Theft Phishing and Social Engineering Phishing and Social Engineering Prevention Phishing Attacks Phishing Attacks and Prevention Phishing Detection Phishing Prevention and Detection Phishing Techniques Phishing-as-a-Service (PhaaS) Physical Security Political Influence on Cybersecurity Politics and Cybersecurity Privacy Privacy and Surveillance Privacy Violation Product Announcements Product Comparison Product_Reviews Public Safety Quantum-Safe Security Ransomware Ransomware Analysis Ransomware Attacks Ransomware Attacks and Mitigation Ransomware Mitigation Ransomware Response and Mitigation Ransomware Threat Analysis Ransomware Threat Landscape Ransomware Trends Regulatory Compliance Regulatory Compliance in Healthcare Responsible Disclosure Retail Cybersecurity Reverse_Engineering Rise of Malicious Bots Risk Management Risk Management and Exposure Management Rootkit Detection Tools Router Security SaaS Security Security Advisories and Patches Security Advisory Security Architecture Security Architecture and Engineering Security Auditing Security Automation Security Awareness and Training Security Awareness Training Security Best Practices Security Governance and Risk Management Security Information and Event Management (SIEM) Security Monitoring Security Operations Security Operations (SecOps) Security Operations Center (SOC) Management Security_Advisory SIEM Enhancements SIEM Log Management Smart Home Technology Smartphone Security Social Engineering Social Engineering Attacks Social Engineering Techniques Social Media Security Software Development Software Development Security Software Development/Feature Updates Software Patching and Update Management Software Security Software Security and Vulnerabilities Software Supply Chain Attacks Software Supply Chain Security Software Updates and Patches Software Updates and Vulnerability Management Software Vulnerabilities Software Vulnerabilities and Exploits Software Vulnerability Software Vulnerability Analysis Software Vulnerability and Patch Management Software Vulnerability Exploitation Software Vulnerability Management Software_Vulnerability_Announcement Software_Vulnerability_Management Spyware Streaming Device Privacy Supply Chain Attack Supply Chain Attacks Supply Chain Compromises Supply Chain Security Surveillance Technology Targeted Attacks Technical Security Technology Reviews Telecom Security Telecommunications Telecommunications Infrastructure Security Telecommunications Security Third-Party Risk Management Third-Party Security Threat Actor Activity Threat Actor Analysis Threat Actor Motivations Threat Actor Profiling Threat Actor Tactics Threat Actor Tactics and Techniques Threat Actors and Attack Vectors Threat Analysis and Detection Threat Detection Threat Detection and Mitigation Threat Detection and Prevention Threat Detection and Response Threat Intelligence Threat Intelligence & Analysis Threat Intelligence & Detection Threat Intelligence and Analysis Threat Intelligence and Detection Threat Intelligence and Information Sharing Threat Intelligence Platforms Threat Intelligence Reporting Threat Management Threat Mitigation Strategies Threat Modeling Threat Modeling & Analysis Threat Modeling and Analysis Threat Modeling and Mitigation Threat Modeling and Risk Assessment Threat Prevention Threat Research Threat_Actor_Activity Threat_Intelligence Types of Cybercrime User Experience (UX) Venture Capital and Cybersecurity VPN_Performance VPN_Security VPN_Technology Vulnerabilities and Mitigation Strategies Vulnerability Advisory Vulnerability Analysis Vulnerability Analysis and Exploitation Vulnerability Analysis and Remediation Vulnerability Assessment and Remediation Vulnerability Database Management Vulnerability Disclosure Vulnerability Disclosure and Analysis Vulnerability Disclosure and Exploitation Vulnerability Exploitation Vulnerability Management Vulnerability Management & Patching Vulnerability Management and Patching Vulnerability Management and Threat Intelligence Vulnerability Management Best Practices Vulnerability Research Vulnerability Research & Statistics Vulnerability Research and Analysis Vulnerability_Disclosure Vulnerability_Disclosure_and_Analysis Vulnerability_Management Vulnerability_Mitigation_and_Remediation Web Application Security Web Security Windows Security Windows Server Security Workplace Cybersecurity Workplace Security Zero Trust Architecture Implementation Zero Trust Security
Threat Actor All 764 Access brokers Agent-aware adversaries AI-driven attackers Akira ALPHV/BlackCat Anubis AppleBot Operators APT Groups APT28 APT29 APT34 (aka OilRig) APT42 (aka Charming Kitten) APT44 Armin Attackers (AWS CodeBuild and GitHub Exploitation) Attackers/Cybercriminals Babuk2 Bad actor Behrouz Parsarad BianLian BianLian ransomware group Big Data Billbug Black Basta Black Shadow BlackCat/ALPHV BlackCat/ALPHV ransomware gang BlackSuit Blind Eagle Bling Libra Brass Typhoon ByteSpider Bot Operators Cactus CBP agents ChatGPT User Bot Operators China China Mobile China-nexus groups Chinese Communist Party (CCP) Chinese Government Chinese groups such as Charcoal Typhoon Chinese threat actors Chinese-speaking individuals Chinese-speaking operators Chinese-speaking threat actor Chinese-speaking threat actors Cl0P CL0P Claude Bot Operators Cloak Ransomware Clop Contagious Interview CrazyHunter Cyber Toufan cyberattacker CyberAv3ngers Cybercrime actors Cybercrooks Darcula Darcula developers Dark Angels DarkSide DeepSeek Democratic People's Republic of Korea (DPRK) DOGE DOGE (Elon Musk's Department of Government Efficiency) DOGE (US Department of Government Efficiency) DOGE employees Donald J. Trump Donald Trump Dragonforce DragonForce East and Southeast Asian organized crime groups EGodly Elusive Comet ELUSIVE COMET Espionage-motivated threat actors FAMOUS CHOLLIMA Fancy Bear Fiddling Scorpius FIN8 Financially motivated threat actors Financially-motivated threat groups Fog Fog ransomware operators Frag Fraudsters G0030: Lotus Blossom G0032: Lazarus Group G0034: Sandworm Team G0049: OilRig G0094: Kimsuky G1041: Sea Turtle G1042: RedEcho G1043: BlackByte G1044: APT42 G1045: Salt Typhoon G1046: Storm-1811 G1047: Velvet Ant Gamaredon Google Hacker Handala HellCat Hellcat Hackers High-Flyer Quant Horizon3 Attack Team Hunters International INC Ransom Infostealers Initial Access Broker Initial Access Broker (IAB) Initial Access Brokers Interlock Interlock ransomware gang Iran Iran-nexus threat actors Iranian groups Iranian threat actors IronHusky Jaime Quin John Doe Jumpy Pisces Kimsuky Kimsuky APT KOK08 LARVA-246 Lazarus Lazarus APT Lazarus Group LockBit Lotus Panda Lumma Lynx Lynx ransomware Malicious Cyber Actors Malicious Insider (Rippling Lawsuit) Malicious MCP Server Marko Elez Massive Blue Medusa Medusa ransomware gang Michael Scheuer Midnight Blizzard Minh Phuong Ngoc Vong Miscreants Moonstone Sleet Mora_001 MS-13 Muddled Libra Mustang Panda nation-state actor Nation-state actors Nation-States Noname057(16) North Korea North Korea-linked threat actors North Korean APTs North Korean IT workers North Korean threat actors NSO Group Organized crime Organized Criminal Networks Palantir Payroll Pirates Phobos Play PLAY PlugValley Qilin ransomware gang Radar/Dispossessor RansomHub Ransomhub affiliate Ransomware actors Ransomware gang (unnamed) Ransomware gangs Ransomware groups Ransomware Groups Ransomware operators Ransomware Operators Real Attackers RedEcho Remote threat actor Rhysida Romance Scammers Russia Russia-linked threat actors Russian and Eastern European cyber-threat actors Russian hackers Safepay Salt Typhoon Sandworm Scallywag Actors Scammers Scattered Spider SCATTERED SPIDER Sea Turtle SeaWind Sector 16 (S16) SessionShark creators SessionShark Creators ShinyHunters Silk Typhoon Slow Pisces Smishing Triad Sodinokibi Sophisticated attackers Southeast Asian crime syndicate Soyjak Spoiled Scorpius State-sponsored actors Storm-0558 Storm-0817 Storm-1811 STORM-1849 Suncity SuperBlack ransomware operators SuperCard X SuperCard X Developers SuperCard X MaaS operators Suspected Russian threat actors SweetSpecter (TGR-STA-0043) TA422 TA427 TA450 Takahiro Yokoyama ToyMaker TraderTraitor Tren de Aragua Triada Creators Triada Developers Triplestrength Typhoon groups UAC-0194 UAT4356 Unauthorized Person UNC1069 UNC1549 UNC2428 UNC3313 UNC3782 UNC4736 UNC4841 UNC4899 UNC5174 UNC5221 UNC5267 UNC5337 UNC5342 UNC5537 UNC5812 UNK_RemoteRogue Unknown Actor(s) Unknown Actors Unknown Actors (Alpine Quest Campaign) Unknown Actors (Android Spyware Campaign) Unknown Actors (Microsoft 365 Phishing Campaign) Unknown Actors (ViPNet Backdoor Campaign) Unknown Actors (ViPNet Campaign) Unknown Brute-Forcer Unknown Cybercriminals Unknown Phishing Actors Unknown Third-Party Unregulated commercial companies Unspecified Attacker US Immigration and Customs Enforcement (ICE) UTA0352 UTA0355 Vault Viper Velvet Ant Vigorish Viper Vishing Gangs Volt Volt Typhoon Wang Duo Yu watchTowr William James Z-Pentest
Actor Aliases All @EditorStacy @KOanhHa @naderabdi/merchant-advcash @tacticalinvest_ adfoster-r7 adhkr Agamemnon AGAMEMNON ALPHV Andariel Android.Spy.1292.origin AntiBrok3rs Anubis AppleBot APT28 APT29 ArcaneDoor ArechClient2 Aureon Capital Aureon Press awsdecrypttechie.com Backdoor.AndroidOS.Triada.z Basin BASIN bdbdbhdctvhdvf BEARHOST Belsen Group BianLian bigballs Bigrocks918 Billbug Bitter Scorpius BlackCat bloombergconferences[@]gmail.com Blue Kitsune Bronze Elgin Bronze President Business Group 1 Buttercup bwatters-r7 ByteSpider Bot calendly[.]com/bloombergseries calendly[.]com/cryptobloomberg Camaro Dragon Charming Kitten ChatGPT User Bot China Mobile International China Telecom Global China Unicom Global Ciph3r CITIC Telecom International CitrixBleed CL-STA-0240 ClaudeBot Contagious Interview Copperhedge COPPERHEDGE Cozy Bear CozyDuke Cyber Resistance cyberdluffy D3F@ckloader Dancehall, Jamaica R. Darcula Dark Halo DarkGemini Ddarknotevil DeceptiveDevelopment DEV#POPPER DOGE DogeSA_2d5c3e0446f9@nlrb.microsoft.com Droplink Earth Estries Earth Preta ELENOR-corp Elon Musk Elon Musk's Department of Government Efficiency Emerald Sleet Famous Chollima FamousSparrow Fancy Bear Forest Blizzard FortiJump FraudGPT Ghost Emperor GRAPELOADER GRU hades255 HOLERUN HoneyMyte https://us06web[.]zoom[.]us/j/84525670750 Innorix Abuser Interlock RAT IRON HEMLOCK IRON RITUAL Jade Sleet johnsherlock Kimsuky Knight ransomware l4u6h1n6m4n LAGTOY Lao Wang Lighthouse Lotus Blossom LPEClient Lucid Lumma LummaC2 LuwakLab Mango Sandstorm Metastealer Midnight Blizzard miscreant miya Mo0n Shaxf0x9dx84x9eow msinfo32.exe MuddyWater mukulljangid MysteryMonoSnail MysterySnail RAT Nam3L3ss Nemesis NGate NOBELIUM NobleBaron OilRig Oktapus Operation SyncHole Overwatch PCCW Global Hong Kong Pryx PUKCHONG Raccoon stealer RADAR Ransomware.Win.Prince; Ransomware.Wins.Prince.ta.* Ransomware.Wins.INC Reader Red Delta RedDelta Redline RedLine RedTail Resepro Rey RisePro Salt Typhoon Sec Reporter SectopRAT Securehost SessionShark 0365 2FA/MFA Shibai SIGNBT Slow Pisces SocGholish Sofacy SolarStorm Soralink Spring Dragon Stately Taurus Stealc SuperCard X TA416 TAG-124 Takahiro-Yoko Tapper The Dukes The OnChain Podcast thegoodearth918 ThreatNeedle ThreatNeedleTea Thrip TraderTraitor Trojan.WIN64.WINELOADER.*; APT.Wins.WineLoader.* Ukrainian Cyber Alliance UNC2286 UNC2452 UNC3524 UNC4899 UNDERGROUND UNK_RemoteRogue Vidar Volt Typhoon wAgent WaitingThreadHijackBlock WalkerATX Whitesox, Chicago M. WINELOADER WormGPT WPSafeLink xAI's Grok-2 xxhcvv / darcula_channel YTTRIUM Yu Idea
Exploit Method All 2016 DNC and Hillary Clinton Campaign Hacks 4chan Hack Abuse of Legitimate Remote Access Tools Abuse of Microsoft Entra ID (Azure AD) Device Registration Service Abusive usage Access Control Bypasses Access to Contact List without Warrant Account credential sharing and unauthorized access Account Takeover (ATO) Attacks Active Exploitation of Flaws Active Scanning Post-Compromise Active! Mail RCE Exploit Ad Fraud through WordPress Plugin Manipulation Ad Hoc YARA Rule Generation Advanced Headless Browser Exploitation Adversarial Manipulation Adversarial Manipulation of AI Tools Agent Breach Cascading Across AI Pipeline Agent Misuse Agentic AI Data Leakage Agentic AI Misconfiguration Leading to Network Disruptions AI-Accelerated Malicious Code Analysis AI-assisted exploitation of CVE-2025-32433 AI-Assisted Tech Support Scam (Vishing) AI-based Geolocation Exploit AI-Driven Attacks AI-driven exploitation of vulnerabilities AI-driven Phishing Attacks AI-generated Deepfakes for Identity Fraud AI-Powered E-commerce Fraud AI-Powered Employment Fraud AI-Powered Location Inference from Images AI-powered Phishing AI-Powered Polymorphic Phishing AI-Powered Reverse Location Search AI-powered Social Engineering and Insider Threats AI-Powered Social Media Bot for Intelligence Gathering AI-Powered Social Media Bots AI-powered Vishing AI-powered Voice Spoofing (Vishing) Akira Ransomware Exploit AkiraBot Campaign Algorithm Flaws Alpine Quest Trojanized App Distribution AlpineQuest Trojanization and SSRF for Credential Theft and State-sponsored Espionage Android Malware Distribution via Compromised WordPress Android spyware hidden in mapping software Android.Spy.1292.origin Trojan in Alpine Quest Anonymous Pastebin Exploit Anubis's Data Ransom and Extortion AnyDesk API Endpoint Exploitation API Vulnerabilities Exploitation App Transport Security (ATS) Disablement and Weak Encryption APT42 Credential Harvesting via Fake Login Pages Arbitrary Code Execution Exploit ArcaneDoor ASN.1 Parser Differential Vulnerabilities ASUS AiCloud Authentication Bypass ASUS routers auth bypass AsyncRAT via Clipboard Execution AWS Access Key Theft and Ransomware Deployment AWS CodeBuild and GitHub Actions Abuse for Persistent Access AWS EC2 Instance Metadata SSRF BentoML RCE BentoML Runner Server RCE Bind Shell Biometric Bypass for Device Access BlueKeep RDP Flaw Exploitation Bluetooth Denial-of-Service Exploit Bootloader Unlocking and Magisk Exploitation Bring Your Own Vulnerable Driver (BYOVD) Bring Your Own Vulnerable Driver (BYOVD) attacks Browser Extension Exploitation Browser Vulnerabilities for MFA Bypass Browser-based XSS-powered Command and Control (C2) Brute Force Attack on Administrator Account Brute Force Attacks Brute Ratel and Heaven's Gate Post-Exploitation Brute Ratel and Heaven's Gate Technique Brute Ratel C4 Post-Exploitation Brute Ratel Deployment Brute_Force_Attack_on_GEA_Server Brute-force attack against username and password Brute-Force Attack Attempt Brute-force attacks Brute-Force Attacks Brute-force attacks (password spraying, default credentials, high-volume RDP login attempts) Brute-Force Attacks (Password Spraying) Business Email Compromise (BEC) Business Email Compromise (BEC) Scams C2-Driven Attacks CACTUSPAL Backdoor as Palo Alto Networks GlobalProtect Installer Cell Tower Data Dump Cellebrite Zero-Day Exploit Cellebrite Zero-Day Exploitation Centralized Prompt Management Vulnerability Chained Exploitation of CVE-2025-31200 and CVE-2025-31201 ChatGPT for Summarizing Meeting Notes Cisco Cisco Smart Licensing Utility Exploit Cisco Smart Licensing Utility Exploitation CitrixBleed CL0P Ransomware Attack Click & Collect Service Disruption ClickFix ClickFix Social Engineering ClickFix Social Engineering Attack ClickFix Social Engineering Technique Clipboard Hijacking Cloak Ransomware Exploit Cloud Migration Vulnerabilities Exploitation Code Exfiltration via Model Manipulation Command Injection Command Injection via index.php GET Parameter Command Injection via nwcheckexec.php Commvault Pre-Authenticated Remote Code Execution via deployWebpackage.do and deployServiceCommcell.do Compelled Biometric Unlock Compromise and Privilege Escalation of Non-Human Identities (NHIs) Compromised VPN Credentials ConfusedComposer ConfusedComposer Privilege Escalation Contactless Payment System Disruption Contagious Interview Campaign Cookie Bite Cookie-Bite Craft CMS RCE Exploit Chain Crafted Request Exploit Credential Brute-forcing Credential Harvesting via Clipper Malware Credential Phishing Credential Reuse Credential Reuse in Third-Party Environments Credential Stuffing Credential Stuffing and Impersonation Credential Stuffing and Reuse Credential Stuffing with Stolen Credentials Credential Stuffing/Mining Data Leaks Credential Stuffing/Reuse Credential Theft and Social Engineering Credential Theft via ChromeKatz and CredentialKatz Credential Theft via Infostealers Credential-based Attacks Targeting RDP Critical Erlang/OTP SSH Flaw Crontab Tampering Cross EX Exploitation Cross EX Vulnerability Cross-level Business Logic Flaws and Coding Errors Cross-Site Scripting (XSS) Cross-Site WebSocket Hijacking (CSWSH) CrushFTP CVE-2025-2825 Exploit CrushFTP CVE-2025-2825 Exploitation Cryptocurrency ATM Fraud Cryptocurrency Wallet Address Swapping Cryptojacking via Teneo DePIN Cryptojacking via teneo.pro CSRF Custom RDP Wrapper CVE-2025-32433 PoC Exploit Darcula Phishing Kit Exploitation Darcula Phishing-as-a-Service (PhaaS) Exploit Darcula Phishing-as-a-Service Platform Exploit Darcula Suite Phishing-as-a-Service (PhaaS) Platform Exploit Data Breach of Sensitive Federal Systems Data Breach via Unauthorized Access Data Breaches Data Collection and Tracking by Streaming Devices Data Distillation via Circumvention of Model Guardrails Data Exfiltration Data Exfiltration via NxGen Application data extraction Data Leakage Data Leaks through Unintentional Oversharing and Insider Threats Data Poisoning Data Poisoning in Agentic AI Training DDoS_Botnet DDoS_Protection_Services_for_Cybercrime Deep Linking for Content Decloaking Deep Packet Inspection (DPI) Circumvention using AmneziaWG Deepfake Identity Impersonation for Job Applications Deepfake Social Engineering Deepfake_Synthetic_Identities_for_Infiltration Deepfake-driven Social Engineering Attacks Deepfakes for Sextortion and Romance Scams DeepSeek API Vulnerabilities Default 'My Friends Are Nice' Setting Default Credential Exploit Default Internet Connectivity for Jupyter Notebooks Default Password Exploit Default SageMaker Role Misuse - Cognito IDP Manipulation Default SageMaker Role Misuse - ECR Access Default SageMaker Role Misuse - Glue Data Poisoning Default SageMaker Role Misuse - S3 Access Default SageMaker Role Misuse - Secrets Manager Access Delayed Breach Notifications Destructive Stored URL Parameter Injection in Azure SQL Server Device Registration and 2FA Bypass Directory Traversal in Cloudera Hue Ace Editor Directory Traversal leading to Remote Code Execution Discord Account Creation by Minors Disney_Hack Disruption of Click and Collect and Contactless Payment Services Disruption of Click and Collect Service DKIM Bypass using OAuth Application DKIM Replay Attack DKIM Spoofing/Bypass DLL Hollowing DLL Side-loading DLL Side-Loading DLL Side-Loading with Wine.exe DLL Sideloading DNS Hijacking DNS Hijacking (Network Connection Blocking) Docker Container Abuse Docker Crypto Mining with Teneo Domain Generation Algorithm (DGA) Abuse Domain Name System (DNS) Spoofing Double Theft DragonForce's Distributed RaaS Model DslogdRAT Deployment DslogdRAT Malware Deployment DslogdRAT Malware Implantation Easy Exploitation of CVE-2025-32433 EDR Evasion (SplatCloak) EDR Killer Tools Email Bombing Email-based Domain Control Validation Bypass Encryption Backdoors in Social Media Espionage-Motivated Attacks with Financial Gain Exploit against SonicWall by Fog and Akira Exploit Chain against Juniper Networks Exploit Chaining and Pre-ransom Reconnaissance Exploit of ADSynchronization.ReadWrite.All Permission Exploit of Application Vulnerabilities Exploit of Implicit Permissions in Directory Synchronization Accounts Role Exploit of Implicit Permissions in On Premises Directory Sync Account Role Exploit of software vulnerabilities Exploit Targeting Software and OS Vulnerabilities Exploit_Law_Enforcement_Phone_Access Exploit_Misconfigured_MDM_EDR Exploit_Unmanaged_Devices Exploitation of a flaw in the Ray AI framework Exploitation of Erlang OTP SSH Vulnerability Exploitation of Initial Access Brokers Exploitation of iOS Zero-Day Bugs Exploitation of Known and Zero-Day Vulnerabilities Exploitation of Known Flaws in Edge Devices Exploitation of Misconfigured and Unpatched Edge Routers Exploitation of Network Edge Devices Exploitation of Poor Cybersecurity Posture Exploitation of Public-Facing Application Vulnerabilities Exploitation of Public-Facing Applications Exploitation of SonicWall SMA Vulnerability Exploitation of Unpatched or Legacy Systems Exploitation of Vulnerabilities as Initial Access Exploitation of Vulnerabilities as Initial Access Vector Exploitation of Vulnerabilities Dating Back to 2015 Exploitation of vulnerabilities in Cisco Nexus switches Exploitation of vulnerabilities in edge security devices Exploitation of vulnerabilities in firewalls Exploitation of vulnerabilities in general Exploitation of Weak Governance Exploitation of Zero-Day Vulnerabilities in Cleo Software Exploitation of Zero-Day Vulnerabilities in VPNs and Edge Devices Exploiting Google Authenticator Seed Export Extortion Attacks Failure to Encrypt Data Fake AI-Enhanced Identities Fake Alpine Quest App with Android.Spy.1292.origin spyware Fake CAPTCHA Social Engineering Exploit Fake Crypto Exchange Scam Fake Job Application Malware Delivery FakeTLS FakeTLS Protocol Exploitation False Positive Spam Filtering in Microsoft Exchange Online Fault Injection Attack on GenV1 Starlink Antenna Fog Ransomware Exploit Fog_Ransomware_Attack Forensic Tool Data Extraction Fortinet Fortinet Firewall Zero-Day Exploit Fortinet Zero-Day Exploit FreeType Zero-Day Exploit Fresh Windows NTLM Vulnerability Exploit Fresh Windows NTLM Vulnerability Exploited in Attacks Gamma-based Phishing Campaign Ghost Tap Git History Traversal and Deleted File Restoration Gladinet CentreStack & Triofox Exploitation Global Title Number Leasing Gmail Replay Attack using OAuth and DKIM Google Analytics Misconfiguration Google Forms Phishing Google Sites Arbitrary Script and Embed Execution Google Sites Arbitrary Script Execution Google Sites Credential Harvesting GPS Spoofing GPT-4.1 Jailbreaking/Circumvention Grapeloader DLL Side-loading and Persistence GrapeLoader Malware Delivery via Phishing GRAPELOADER Malware Delivery via Phishing Hardcoded Credentials Exploit Hardcoded Encryption Keys Hardcoded Secrets and Shared Credentials Hardcoded Secrets in Codebases Heaven's Gate Bypass Heaven's Gate Technique Hertz Data Breach via Cleo Zero-Day Exploit High Core Count BSOD on Windows Server 2025 Hijacking GCC with LD_PRELOAD Horizon3 PoC Exploit Hyper-V VM Boot Issues from Security Updates (October 2023) Hyper-V VM Creation and Startup Issues (January & December 2022) Identity Compromise Leading to Privilege Escalation and Lateral Movement Illegal Data Acquisition and Use for AI Model Training ImageViewer Supply Chain Attack Impersonation of IC3 Employees Improper Access Control due to Dynamic IP and Static iptables Rules Inadequate Security Measures including password spraying Inconsistent Filebeat Versions Leading to Log Ingestion Failure Indirect Prompt Injection inetpub Junction Exploit Infostealer Credential Exploitation Infostealer Malware Infostealer Malware Campaigns Infostealer Malware Exploitation Inline JavaScript Execution via Node.js Innorix Agent Arbitrary File Download Zero-Day Innorix Agent Exploit Innorix Agent Vulnerability Exploit Insecure AI-Generated Code Insecure File Upload Insider Manipulation through Weak Internal Controls Insider threat exploitation Insider Threats Insufficient Security in AI Model Development Interlock Ransomware Interlock Ransomware Attack Investment Fraud io_uring-based rootkit IP Address and Domain Manipulation (DNS Fluxing and IP Churn) JELLYBEAN/CANDYBOX Delivery via Phishing Jira_Credential_Harvesting_and_Exploit Job_themed_Malware_Delivery JSP Web Shell Upload JSP Webshell Upload JSP Webshell Upload and Execution Junction_Point_DoS Kerberos PKINIT Authentication Issue with Credential Guard Keyloggers and Infostealers Kubernetes Pod Privilege Escalation Lack of Secret Rotation and Expiration LAGTOY Backdoor LAGTOY Backdoor Deployment Langflow AI RCE Lateral Movement Leaked Secrets Exploitation Living Off Trusted Platforms Living-Off-the-Land (LOTL) Techniques LLM Generated Vulnerable Code LLM-based Vulnerability Identification and Exploitation LNK File Dropper and Propagation Local Privilege Escalation via Improper Package Installation Locking LockBit Ransomware Exploit Login Attempts from Russian IP Address LogMeIn Lateral Movement LONEFLEET/LEAFPILE Backdoor Delivery LSPatch Trojan Injection Lynx Ransomware MACE Credential Revocation App Misconfiguration MACE Credential Revocation False Positive Lockouts Magnet RAM Capture for Credential Harvesting Malicious Chrome Extension Exploiting Insecure MCP Server Malicious Copy and Paste Malicious File Execution Malicious GitHub Action updates Malicious LNK Files Malicious MMC Script Malicious Traffic Distribution System (TAG-124) Maliciously Crafted Media File Exploit Malspam Campaign Exploiting Multiple Vulnerabilities Malvertising Campaign using Node.js for Information Theft Malware Attack Leading to USIM Data Compromise Malware Delivery via Zoom Meeting Malware Distribution via Google Forms Quiz Malware Infection Leading to USIM Data Exposure Malware Reassembly in the Browser Man-in-the-Middle (MITM) Attack Mitigation through Multihopping Man-in-the-Middle (MitM) Attack using Relays Man-in-the-Middle Attack on Debian Package Download Masquerading as Legitimate Web Crawlers Mass Surveillance via Broadly Defined 'Critical Information' MCP Trigger Phrase Injection Memory Poisoning in AI Agents Metadata Masking using Nym Noise Generating Mixnet (NGM) Metasploit Shellcode Injection MFA Phishing MFA-Bypass Phishing MFA-Bypassing Phishing Kits Microsoft Copilot Studio SSRF Microsoft Edge Sandbox Escape Microsoft Entra ID Restricted Administrative Units Bypass Microsoft OAuth 2.0 Abuse Microsoft OAuth 2.0 Authorization Code Phishing Microsoft Office Macro Exploitation Microsoft Teams Impersonation Attack Mirai Botnet Exploitation of Edimax IP Cameras Misalignment of AI Development and Deployment Misconfiguration and Exposed Credentials Exploit Misconfiguration of Google Analytics Misconfiguration of Google Analytics leading to data exposure Misconfigured Google Analytics Misdelivery MITRE ATT&CK Technique MMC Script Sideloading Modbus Protocol Exploitation Model Manipulation Model Obfuscation Model Supply Chain Risks Monitoring User Browsing Behavior MOVEit_Supply_Chain_Attack MS Teams Vishing MSA Signing Key Theft and Forgery MSBuild Compiled Code Injection Multi-Step Phishing Mustang Panda's Multi-Tool Attack Nation-State Attacks Network Surveillance and Data Interception via Chinese Telecom Networks Next.js Middleware Authentication Bypass NFC Relay Attack NFC Relay Attacks on Android Node.js Malvertising Campaign with CustomActions.dll NTLM Hash Disclosure via Malicious .library-ms File NTLM Hash Harvesting via Malicious .library-ms Files NTLM Hash Leak via Malicious .library-ms Files NTLM Hash Leakage via Malicious .library-ms File NTLM Relay Attack NTLM Relay Attacks NTP Command Injection OAuth 2 Phishing Against Microsoft 365 OAuth 2.0 Authorization Code Phishing OAuth-based Phishing with Social Engineering Obfuscation of Malware Operation SyncHole (Lazarus APT Supply Chain Attack) OttoKit WordPress Plugin Exploitation Outlook CPU Spikes Exploit Overlay Injection Overprivileged Access to NHIs Package Confusion Attack via GenAI Hallucinations Palo Alto Networks Password Spray Attack Password Spraying Password Theft Path Substitution in lumpdiag.exe Path Traversal Path Traversal RCE Exploit (Commvault) Path Traversal via Username Parameter PawRoot Jailbreak Payroll Pirates HR-themed Phishing Campaign Pegasus Hacking Perl-based CGI web shell exploit Persistence via Service Installation Phishing Phishing 3.0 Phishing and Smishing for Passwords Phishing and Spear-Phishing Phishing and Spoofing Phishing and Spoofing Attacks Phishing Attack Phishing Attacks Phishing Attacks on OAUTH Device Code Flow Phishing Attacks Targeting Microsoft Employees Phishing Campaign Targeting Android Users Phishing for Credentials Phishing through Fake Fraud Alerts Phishing through Package Delivery Scams Phishing through Toll Fee Scams Phishing via Fake Encrypted Email Invitations Phishing via Malicious Google Ads Redirect Phishing with Malicious Archive Phishing with Malicious LNK File Phishing with Malicious Wine.zip Attachment Phishing_Campaigns_Targeting_TRON_and_Solana_Users Phishing_for_Financial_Credentials Phishing-as-a-Service (PhaaS) Physical Theft of Unsecured Devices Pig Butchering Scam Pig Butchering Scams PKCS#12 Certificate-Based Kerberos Authentication Exploit PointyPhish Policy Puppetry Prompt Injection Attack Poor Password Hygiene PostScript Exploits on 4chan Potential Ransomware Attack PowerShell Script for Lateral Movement Pre-authentication Server-Side Request Forgery (SSRF) leading to Remote Code Execution Pre-installed Malware in System Partitions Privilege Escalation Privilege Escalation and Data Exfiltration Privilege Escalation and Web UI Command Injection in Cisco IOS XE Privilege Escalation via Exposed Database ProDefense PoC Exploit Prompt Engineering Attacks Prompt Engineering to Elicit Sensitive Information from LLMs Prompt Injection Prompt Injection & Jailbreaking Prompt Injection in SlackAI Prompt Injection via Malicious Tool Descriptions Push Fatigue PuTTY Quishing Attacks RansomHub Ransomware Exploit Ransomware Ransomware (Encrypting and Extortion) Ransomware Attack Ransomware Attack at Port of Seattle Ransomware Attack on Abilene Ransomware Attack on AOA Ransomware Attack on Bell Ambulance Ransomware Attack on DaVita Ransomware Attack on Lower Sioux Indian Community Ransomware Attack on PowerSchool Ransomware Attacks Ransomware Attacks against OEMs Ransomware Deployment Ransomware Exploit of CVE-2024-55591 Ransomware Exploits leveraging valid accounts and public-facing applications Ransomware Exploits Targeting Lack of Backup and Recovery Ransomware Exploits Targeting Weak Cyber Hygiene Ransomware in Unmanaged Environments Ransomware_Attack_on_Insurance_IT_Biz Ransomware_Exploit Ransomware-as-a-Service (RaaS) Exploits Rapid Exploitation of Newly Disclosed CVEs RDP RDP Disconnection Exploit (Windows 11 24H2 to Windows Server 2016) RDP Lateral Movement and Concurrent Login Override RDP/SMB Abuse Real-time Deepfake for Identity Deception in Job Applications Recruitment via Telegram Reflection-Based Data Extraction (Telegram) RegAsm.exe Process Injection RegSvcs.exe Process Injection (AutoIt) Remote Access Software Exploitation Remote Access Trojan (RAT) Distribution via Fake CapCut Premium Remote Code Execution in SAP NetWeaver Visual Composer Remote Code Execution via SonicWall SMA 100 Management Interface Remote Desktop Freeze Exploit (Windows Server 2025 and Windows 11 24H2) Remote Desktop Session Freeze Exploit Remote Script Injection via Iframes Remote Takeover of Lantronix XPort Reselling access and powering third-party services Reverse Engineering of AI Models Reverse Engineering of Mobile Apps Reverse Shell Reverse Shell via @naderabdi/merchant-advcash Ripple NPM Supply Chain Attack Ripple xrpl.js Supply Chain Attack Romance Scam using AI-generated images or celebrity photos Romance Scam using False Urgency and Emotional Manipulation Romance Scams RootAVD Exploit Rootkit Installation via Kernel Module Salt Typhoon SAP Zero-Day Exploit SAP zero-day vulnerability Satellite Imagery and AI-based Lip Reading Screenshotting/Picture Taking Secrets Leaked on Public Platforms SectopRAT (ArechClient2) Deployment via Fake PDF Converter Security Alert Manipulation Self-Deportation Tracking and Enforcement Prioritization SenseShield sprotect.sys Driver Incompatibility Server-Side Request Forgery (SSRF) to access Instance Metadata Service (IMDS) Session Hijacking Session Persistence Exploitation SessionShark 0365 2FA/MFA SessionShark Phishing Kit Sextortion Scam via Email Shadow AI Data Leakage via Unsanctioned AI Tools Shadow IT and Shadow AI Exploitation Shadow IT Exploitation Shipping Products with Known Vulnerabilities Shor's Algorithm Exploit against RSA and ECC SIM Swapping Single Point of Failure in Unified Communication Channel Slopsquatting Smishing and Phone Call Social Engineering Smishing Attack Smishing Campaign Targeting Unpaid Toll Violations Smishing using SMS and iMessage SMS MFA Bypass Social Engineering (Smishing and Phone Calls) Social Engineering & Impersonation Social Engineering and Phishing via Multiple Channels Social Engineering through Wrong Number Scams SonicWall Gen 6/7 Firewall Authentication Bypass SonicWall SMA appliance exploit SonicWall SMA Appliance Exploit SonicWall SMA Appliance Exploitation SonicWall SMA Exploitation SonicWall SMA1000 Zero-Day Exploit SonicWall Vulnerability Sophisticated Backdoor in Fake ViPNet Update Sophisticated Social Engineering Sophisticated Targeted Attack Spear-phishing campaign with exploit in unpatched software Spear-phishing with Session Token Theft SQL Injection SQL Injection Exploit SSH Backdoor via Malicious npm Packages SSH Brute-Force Attack SSL.com Domain Validation Bypass SSRF leading to Remote Code Execution SSRF leading to Remote Code Execution via Malicious JSP in ZIP archive Sticky Keys Bypass for Remote Command Execution Stolen or Leaked Credentials Storm-0558 Attack Strela Stealer Deployment StrelaStealer Phishing Campaign SuperBlack Ransomware Deployment SuperCard X Malware SuperCard X NFC Relay Attack SuperCard X NFC Relay Exploit Supply Chain Attack on xrpl Package Supply Chain Attack on xrpl.js Supply Chain Compromise Supply_Chain_Attack_on_3CX SVG Attachment Phishing SVG_File_Embedding_HTML_and_Javascript Symbolic Link Abuse Symbolic Link FortiGate Bypass Symbolic Link FortiGate Patch Bypass Symbolic Link trick Symbolic Link trick bypass FortiGate patches Symbolic Link Trick to Bypass FortiGate Patches Systemd Injection Targeting of IT IEC-104 Protocol Tech Support Fraud Telegram Bot API Exposure Telemetry Data Exploitation Texas Texas Water Plant Attack Third-party cookie tracking Third-Party Vendor Vulnerability Exploitation TollShark Triada Trojan Data Exfiltration and Account Hijacking Triada Trojan Firmware Infection U-Boot Modification Exploit (pre-SecureBoot) Ubisoft Data Collection in Far Cry Primal Unauthenticated File Upload to Deploy Webshells Unauthenticated File Upload with JSP Webshell Unauthenticated Remote Code Execution via Malformed SSH Protocol Messages Unauthorized Access and Data Exfiltration Unauthorized Access and Data Exfiltration via Privileged Accounts Unauthorized Access and Use of Sensitive Data via Shadow AI Unauthorized Access and Use of Sensitive Government Data Unauthorized Access to Cookies and Sensitive Headers Unauthorized Access to Personal Information Unauthorized Access to Sensitive Government Data Unauthorized Access via Insecure Home Networks Unauthorized Account Creation and Privileges Unauthorized Data Exposure via AI-Enhanced Tools Unauthorized Microphone/Camera Placement Unauthorized Tracking Cookie Installation Underfunding and Staff Cuts at CISA Unsecured Data Repository Exploitation Unspecified Backend System Compromise Unspecified Cyberattack Unspecified Network Intrusion UPX Packing and Unpacking URL Manipulation for Path Traversal Use of Case Management System for Targeting and Apprehension Use of Custom JumbledPath Tool Use of RC4 and XOR Encryption Use of Software Components with Known Vulnerabilities Valid Account Abuse Vasion Print Vulnerabilities Verzion iOS Call Filter App Flaw ViPNet Backdoor Distribution Vishing via Google Forms Visual Hacking Volt Typhoon Volt Typhoon Attacks VPN compromise via default credentials and high-volume remote desktop protocol login attempts VPN Exploitation VPNs and routers from Ivanti Vulnerability Insertion via Code Suggestion Manipulation Wagemole Campaign Waiting Thread Hijacking (WTH) Watering Hole Attack Watering Hole Attack with Cross EX and Innorix Agent Exploitation Watering Hole Attacks Weak or Broken Encryption Weak Password Exploit Weak Password Exploitation Weak PIN Exploitation WeaXor Ransomware Deployment Web Scraping Web Shell Backdoor Installation WebLogic Zero-Day Exploit WhatsApp Flaw Allowing Malicious Code Execution Windows Container Launch Failure in Hyper-V Isolation Mode Windows Hello Login Failure Exploit Windows Hello Login Failure Post-Patch Windows Server 2025 Domain Controller Inaccessibility Windows Server 2025 Domain Controller Unreachable Exploit Windows Zero-Day Exploit (mentioned in passing) WineLoader Backdoor Deployment Wineloader Data Exfiltration WINELOADER Delivery (via GRAPELOADER) Workarounds due to poor usability WSMAN Enumeration for Lateral Movement XSS XWorm Malware Delivery via Social Engineering and LNK Files XWorm Malware Deployment xz-utils backdoor Z-NFC Payment Fraud Tool Zero-click iMessage exploits Zero-day exploits targeting edge devices and VPNs Zero-day Exploits Targeting Edge Devices and VPNs Zoom Remote Control Abuse Zoom Remote Control Feature Exploitation Zoom Remote Control Social Engineering Attack Zoom Remote Control Social Engineering Exploit Zoom Remote Control Spoofing Zoom Screen Sharing for Malware Delivery Zrok Peer-to-Peer Tool Exploitation Zygote Process Compromise
Vulnerabilities All Commvault_Vulnerability ConfusedComposer CVE-2012-0158 CVE-2014-6332 CVE-2017-11882 CVE-2017-12637 CVE-2017-5754 CVE-2017-9844 CVE-2018-7842 CVE-2018-7843 CVE-2018-7844 CVE-2018-7845 CVE-2018-7846 CVE-2018-7847 CVE-2018-7848 CVE-2018-7849 CVE-2018-7850 CVE-2018-7852 CVE-2018-7853 CVE-2018-7854 CVE-2018-7855 CVE-2018-7856 CVE-2018-7857 CVE-2019-0708 CVE-2019-10172 CVE-2019-6806 CVE-2019-6807 CVE-2019-6808 CVE-2019-6809 CVE-2019-6828 CVE-2019-6829 CVE-2019-6830 CVE-2021-20035 CVE-2021-33813 CVE-2021-40449 CVE-2021-44228 CVE-2022-26187 CVE-2022-26210 CVE-2022-4046 CVE-2023-37545 CVE-2023-37546 CVE-2023-37547 CVE-2023-37548 CVE-2023-37549 CVE-2023-37550 CVE-2023-37552 CVE-2023-37553 CVE-2023-37554 CVE-2023-37555 CVE-2023-37556 CVE-2023-37557 CVE-2023-37558 CVE-2023-37559 CVE-2023-46805 CVE-2023-48788 CVE-2023-6548 CVE-2023-6549 CVE-2024-10914 CVE-2024-12987 CVE-2024-20359 CVE-2024-20439 CVE-2024-21762 CVE-2024-21887 CVE-2024-21893 CVE-2024-23113 CVE-2024-3400 CVE-2024-37036 CVE-2024-37037 CVE-2024-37038 CVE-2024-37039 CVE-2024-37040 CVE-2024-40766 CVE-2024-41713 CVE-2024-43451 CVE-2024-4577 CVE-2024-47575 CVE-2024-48248 CVE-2024-49138 CVE-2024-53150 CVE-2024-53197 CVE-2024-54085 CVE-2024-55591 CVE-2024-5560 CVE-2024-57699 CVE-2024-58136 CVE-2024-6407 CVE-2024-9441 CVE-2025-0108 CVE-2025-0282 CVE-2025-1863 CVE-2025-20150 CVE-2025-20178 CVE-2025-20236 CVE-2025-21204 CVE-2025-21293 CVE-2025-2185 CVE-2025-2222 CVE-2025-2223 CVE-2025-22230 CVE-2025-22457 CVE-2025-23006 CVE-2025-23120 CVE-2025-24054 CVE-2025-24085 CVE-2025-24200 CVE-2025-24201 CVE-2025-24472 CVE-2025-2492 CVE-2025-24970 CVE-2025-25184 CVE-2025-26382 CVE-2025-27111 CVE-2025-27429 CVE-2025-27495 CVE-2025-27520 CVE-2025-27610 CVE-2025-2825 CVE-2025-2857 CVE-2025-29824 CVE-2025-29931 CVE-2025-30406 CVE-2025-31200 CVE-2025-31201 CVE-2025-31324 CVE-2025-31330 CVE-2025-32375 CVE-2025-32406 CVE-2025-32432 CVE-2025-32433 CVE-2025-32434 CVE-2025-3248 CVE-2025-32817 CVE-2025-32965 CVE-2025-34028 CVE-2025-3485 CVE-2025-3486 CVE-2025-3500 CVE-2025-3606 CVE-2025-3881 CVE-2025-3882 CVE-2025-3883 CVE-2025-3884 CVE-2025-3885 CVE-2025-3886 CVE-2025-42599 CVE-2025-43928 CVE-2025-46271 CVE-2025-46272 CVE-2025-46273 CVE-2025-46274 CVE-2025-46275 CWE-89 KVE-2024-0014 KVE-2025-0014
MITRE ATT&CK TTP All " a new line to Fog's updated ransom note reads."] "\"In a recent example of such an impersonation scheme "\"They then recommended that victims contact \"Jaime Quin "a joint study published by SecurityScorecard and KPMG in October 2024 found that third-party breaches drive almost half (45%) of malicious intrusions in this sector." "Compromising OT can be particularly lucrative for ransomware actors "context": "The article explicitly describes a sophisticated phishing attack using Google Sites and DKIM replay to create convincing fake subpoena emails. This directly aligns with the Phishing technique (T1566) "context": "The article explicitly details how the Cl0P ransomware group exploited a vulnerability in the MOVEit software supply chain to compromise numerous energy sector companies "context": "The article explicitly states that the Fog ransomware encrypts victims' data ('Victims not only have to cough up cash to feed the crime machine') to extort a ransom. The ransom note demonstrates the impact of the encryption "context": "The article extensively discusses the increase in ransomware attacks against the energy sector "context": "The article mentions that the attacker used "newly created DOGE accounts" with the correct username and passwords to access the NLRB systems. This implies the use of valid or compromised accounts to gain initial access." "context": "The attackers used social media and likely emails to direct victims to a Telegram contact "context": "The description of the Lazarus Group's "Operation DreamJob" campaign details how malicious archive files disguised as skill assessment tests were used to infect employees of a nuclear organization. This is a classic spearphishing attachment attack." "context": "The near real-time login attempts using valid credentials suggest that the credentials may have been obtained through a method that didn't require extensive cracking "context": "The scammers used various methods like email "context": "While not explicitly stated "contradictions": "None. The overall narrative strongly supports the prevalence of ransomware attacks." } "contradictions": "None. The article provides clear evidence of data encryption as a core component of the attack." } "contradictions": "None. The article's description directly supports the use of phishing techniques." } "contradictions": "None. The attack description clearly indicates the use of a spearphishing attachment." } "contradictions": "None. The evidence strongly supports the classification of this attack as a supply chain compromise." } "contradictions": "None" } "contradictions": "The article doesn't explicitly mention attachments "contradictions": "The article doesn't explicitly state how the accounts were obtained (e.g., phishing, brute-forcing, insider threat) "contradictions": "The article doesn't explicitly state that the credentials were unsecured "contradictions": "There is no definitive proof a direct link was sent. The confidence is slightly lower due to this omission." } "Exploit Public-Facing Application: T1190 "Give me five bullet points on what you accomplished for work last week or you owe me a trillion dollars "independent_analysis": "The article explicitly details the use of deceptive communication channels to initiate contact with the victims "independent_analysis": "The description clearly indicates data encryption as the primary mechanism used by the Fog ransomware to achieve its objective. The ransom demand is directly tied to the encryption "independent_analysis": "The description of a sophisticated attack leveraging DKIM replay to bypass email authentication strongly suggests a carefully crafted spearphishing campaign "independent_analysis": "The detailed description of the MOVEit breach and its cascading effect on multiple energy sector companies demonstrates a clear example of a supply chain attack. The impact extends beyond the initial target "independent_analysis": "The numerous mentions of ransomware attacks "independent_analysis": "The successful login using valid credentials indicates that the attacker had obtained legitimate accounts or compromised existing accounts with sufficient privileges to access the NLRB's systems." "independent_analysis": "The use of Google Sites to create convincing phishing pages and a complex email flow involving Outlook "independent_analysis": "The use of malicious attachments sent to targeted individuals within a specific organization is a direct match for T1193. The targeting of nuclear organization employees makes it a spearphishing attack. The lack of specifics about the attachment's contents slightly lowers the confidence score." "independent_analysis": "While not explicitly stating a URL "independent_analysis": "While the method of obtaining the credentials is not specified "Indicator Removal: T1070 "Jaime Quin". This is consistent with spearphishing "Most of these breaches have only managed to compromise IT environments "Phishing: T1566 "ransomware attacks targeting the energy and utilities sectors increased by 80% in 2024 compared to the previous year." "Ransomware: T1486 "SecurityScorecard also found that “software and IT vendors outside the energy sector are the main source of third-party breaches.”" ] "Spearphishing Attachment: T1193 "Spearphishing Link: T1192 "The compromise of these utility companies "Unsecured Credentials: T1552 "Valid Accounts: T1078 "Victims not only have to cough up cash to feed the crime machine \" who claims to be the Chief Director of IC3 a key characteristic of ransomware attacks." Abusive usage Account Takeover: T1078 affecting numerous downstream organizations and Namecheap's PrivateEmail to bypass email authentication checks clearly demonstrates the attacker's attempt to trick users into clicking malicious links or opening attachments and social media to contact victims Anti-phishing: T1566 Application Layer Protocol: T1071 Arbitrary File Write: T1562 as opposed to more critical operational technology (OT) networks because this type of attack enables adversaries to physically paralyze energy production operations Bluetooth: T1095 but according to researchers but the context strongly suggests their likely use." } but the context suggests compromised or newly created accounts with valid credentials." } but the speed of the successful login suggests a possibility." } but the threat to the latter is rapidly intensifying." but third parties of those customers as well (fourth parties) Cl0P was not only able to compromise the MFT platforms’ customers Cloud Accounts: T1078 Cloud Accounts: T1078.004 Command and Scripting Interpreter: T1059 Content Injection: T1659 Credential from Password Stores: T1555 Credential Theft: T1003 Credentials from Password Stores: T1555 custom SMTP relays Data Breach: T1003 Data Breach: T1562 Data Encrypted for Impact: T1486 Data Exfiltration: T1021 Data Exfiltration: T1070 Data from Password Stores: T1555 Data Theft: T1071 Denial of Service: T1489 Deobfuscate/Decode Files or Information: T1140 DLL Side-Loading: T1105 Email Forwarding Rule: T1114.003 empowering them with the leverage needed to command higher ransom sums." ] Exfiltration: T1021 Exploit Public-Facing Application: T1190 Exploitation for Client Execution: T1203 Exploitation for Privilege Escalation: T1068 Exploitation of Remote Services: T1210 exposing a downstream cascade of impacted vendors and clients." External Remote Services: T1133 Extortion: T1021 File and Directory Discovery: T1083 fitting the profile of spearphishing." fulfilling the criteria for T1195." fulfilling the requirements for T1486. The absence of specific technical details on individual attacks lowers the confidence slightly." highlight the magnitude of cyber supply-chain risk that energy operators must manage today." Impair Defenses: T1562 impersonating legitimate entities. This aligns with the Phishing technique which uses deceptive communication to trick victims into revealing sensitive information or taking actions that benefit the attacker." implying either unsecured credentials or pre-compromised accounts." Improper Input Validation: T1203 including their impact and financial consequences including their third and fourth-party vendors. This directly aligns with the definition of Supply Chain Compromise (T1195) as an attack vector." Indicator Removal on Host: T1070 Indicator Removal: T1070 Ingress Tool Transfer: T1105 Inhibit System Recovery: T1490 Input Capture: T1056 Insider Threat: T1562 Lateral Tool Transfer: T1570 leading to further compromise." making data unusable until the ransom is paid." making it a clear case of data encryption for impact." Malware: T1071 mentioning specific incidents and the resulting financial losses. The description of ransomware's impact on IT and OT systems directly relates to data encryption for impact mirroring the key characteristics of phishing attacks. The creation of fake profiles on social media platforms to blend in with potential victims further strengthens the classification as a phishing campaign." Modify Registry: T1112 Money Laundering: T1021 Native API: T1106 Non-Application Layer Protocol: T1095 Obfuscate Files or Information: T1027 Obfuscate/Decode Files or Information: T1140 Obfuscated Files or Information: T1027 Obfuscation Files or Information: T1027 Obfuscted Files or Information: T1027 OS Credential Dumping: T1003 Persistence Indicators: T1053 Phishing: T1566 phone calls PowerShell: T1059.001 pretending to be fellow victims.\"" ] Process Injection: T1055 provide strong evidence of this tactic. The article explicitly links ransomware with data encryption and disruption of operations Proxy: T1090 quotes": [ "\"Complainants report initial contact from the scammers can vary. Some individuals received an email or a phone call quotes": [ "67% of respondents who said their organizations had suffered a ransomware attack in the last year." quotes": [ "By breaching MOVEit quotes": [ "Google Spoofed Via DKIM Replay Attack: A Technical BreakdownEasyDMARC’sGerasim Hovhannisyandescribes an impressively sophisticated phishing attack that leverages Google Sites and DKIM replay to create highly convincing fake subpoena emails appearing to come from Google." ] quotes": [ "several employees from a nuclear-related organization were “infected via three compromised archive files appearing to be skill assessment tests for IT professionals.”" ] quotes": [ "Whistleblower details how DOGE may have taken sensitive NLRB data- “Within minutes after DOGE accessed the NLRB's systems quotes": ["\"Complainants report initial contact from the scammers can vary. Some individuals received an email or a phone call quotes": ["Ransomware scumbags - potentially those behind the Fog gang - are channeling their inner Elon Musk with their latest ransom note Ransomware: T1486 Remote Code Execution: T1059 Remote Code Execution: T1203 Remote Services: T1021 Reselling access or using ChatGPT to power third-party services scammers created female persona profiles on social media networking sites and joined groups for financial fraud victims Scheduled Task/Job: T1053 Server-Side Request Forgery: T1210 Service Stop: T1489 Shadow IT: T1562 Sharing your account credentials or making your account available to anyone else Social Engineering: T1566 someone with an IP address in Russia started trying to log in. The attempts were ‘near real-time.’ Whoever was attempting to log in was using one of the newly created DOGE accounts — and the person had the correct username and password.”" ] Spearphishing Attachment: T1193 Spearphishing Link: T1192 Spearphishing: T1566 specifically using links (in this case a Telegram contact suggestion) to lure victims to a malicious resource." spotted by researchers at Trend Micro." Stolen Credentials: T1552 such as automatically or programmatically extracting data such as weak passwords or other vulnerabilities." Supply Chain Compromise: T1195 System Information Discovery: T1082 the direction to contact someone via Telegram strongly suggests a link was used to guide victims to the attacker's communication channel. The targeting of financial fraud victims suggests the spearphishing was targeted to this group for better success rate." the ease of access suggests a lack of sufficient security measures around the accounts involved the highly convincing nature of the fake subpoena emails strongly suggests that the attack likely involved malicious attachments delivered via email. The complexity of the attack implies a targeted approach they're being trolled with the DOGE chief's infamous five-bullet-point demand to know what federal workers achieved that week." Trusted Relationship: T1199 ttp": { "items": { "Data Encrypted for Impact: T1486 ttp": { "items": { "Phishing: T1566 ttp": { "items": { "Supply Chain Compromise: T1195 Unsecured Credentials: T1552 Valid Accounts: T1078 via Telegram.\"" ] Watering Hole: T1189 where attachments would be crucial for delivering the payload." which are fourth-party victims to the primary MOVEit managed file transfer breach which involves manipulating users into revealing sensitive information or performing actions that compromise their security." while others were approached via social media or forums\"" Windows Management Instrumentation: T1047
Exploited Software All .NET 4.0 @naderabdi/merchant-advcash 3CX 4chan 4chan's Ghostscript (2012 version) 7-zip 7-Zip (7za.exe) AADInternals Accessibility Active Directory Active Directory (AD) Active Directory Certificate Services (AD CS) Active! Mail Adobe Express ADS-B (Automatic Dependent Surveillance–Broadcast) Advanced IP Scanner Agent Tesla AI image manipulation service (Cutout.pro) Akira Akira Ransomware Allegra Alpine Quest Alpine Quest (Android) Alpine Quest mapping software Amazon Cognito IDP Amazon Elastic Container Registry (ECR) Amazon Fire TV Amazon Glue Amazon S3 Amazon SageMaker JupyterLab Amazon Secrets Manager Amazon Web Services Amazon Web Services (AWS) Elastic Compute Cloud (EC2) American Megatrends International's MegaRAC Baseboard Management Controller (BMC) Android Android devices Android OS Android OS (unspecified version) Android zero-day Anthropic and Meta models Anthropic's Claude 3.7-Sonnet Anubis Ransomware AnyDesk Apache Products Apache Roller Blog Server Apache Tomcat APIs Apple CoreAudio framework Apple iMessage Apple iOS Apple iOS, iPadOS & macOS Apple iOS/iPadOS/macOS/tvOS/visionOS Apple products Apple Products Apple TV Applications and Infrastructure Templates ASN.1 implementations (pyasn1, asn1, asn1tools) ASUS motherboards (specific models impacted) ASUS routers ASUS Routers with AiCloud ASUS Routers with AiCloud enabled async-ip-rotator AsyncRAT Atlassian Jira Atlassian Products AutoIt Avast Free Antivirus AWS Access Keys AWS CodeBuild AWS IAM Identity Center AWS S3 Azure Entra ID Baltimore City Public Schools IT Systems Banking Apps BeaverTail BentoML BentoML's runner server Bitdefender BRICKSTORM Broadcom VMware Browser Checkup for Chrome by Doctor Browser Extensions Browser WatchDog for Chrome Browserless Calendly Canva CapCut Cato Client for macOS CDK Global, Blue Yonder, and Change Healthcare CentreStack ChatGPT ChatGPT (free tier) ChatGPT (OpenAI models o3 and o4-mini) ChatGPT (OpenAI's o3 and o4-mini models) ChatGPT o3 Chinese Crane Software Choose Your Chrome Tools Chrome Cicada 3301 Ransomware Cisco Cisco ASA and FTD Software Cisco ConfD Cisco IOS XE Cisco IOS XR Cisco Network Services Orchestrator (NSO) Cisco Nexus switches Cisco products Cisco Products Cisco Smart Licensing Utility (CSLU) Cisco Webex App CiscoCollabHost.exe Citrix NetScaler ADC and Gateway Claude Desktop Cleo file share tool Cleo software CLFS Driver (Microsoft) ClickHouse database (DeepSeek) Cline Cloudera Hue Ace Editor Cloudflare cmd.exe CODESYS RTS (Runtime System) Commvault Backup and Recovery Commvault Command Center Commvault Command Center 11.38 Innovation Release Commvault Command Center Innovation Release Commvault Command Center Innovation Release version 11.38 ConnectWise ScreenConnect, TeamViewer, AnyDesk Containers Content Management Systems Core Audio Core Media CoreAudio Corklog keylogger Cortex XDR Craft CMS CrewAI Cross EX CrushFTP CrushFTP CVE-2025-2825 Cuponomia – Coupon and Cashback curl.exe Cursor Cyber PowerPanel D-Link NAS D-Link NAS devices D3F@ckloader Darcula Phishing Kit Darcula Phishing-as-a-Service Platform Darcula Suite DaVita's internal computer systems DeepSeek API DeepSeek iOS app Deepseek-R1 DeepSeek-R1 model DELTA (Ukrainian intelligence system) Diablo III DigitalOcean Discord DNS Servers Docker DragonForce Ransomware DrayTek devices Dropbox Droplink ECC eCharge Hardy Barth cPH2 Edge browser Edge devices Edge Devices eHorus Agent Email Clients (Unspecified) Email_Client Entra ID Equation Editor (Microsoft Office) Erlang OTP SSH Erlang's SSH library Erlang/OTP Erlang/OTP SSH Erlang/OTP SSH implementation Erlang/OTP SSH Server Exchange Online Exchange Server and SharePoint Server Facebook Far Cry Primal File share server Filebeat Fire Shield Extension Protection Firefox Firefox (with user.js configuration) Fog Fog Ransomware Fortinet Fortinet edge devices Fortinet Firewall Fortinet firewalls Fortinet FortiClient Endpoint Management Server Fortinet FortiClient Enterprise Management Server (FortiClientEMS) Fortinet FortiManager Fortinet FortiOS Fortinet FortiOS/FortiProxy Fortinet products Foundation Models/LLMs Frag Ransomware FreeBSD FreeType FrostyFerret Gamma GCC (GNU Compiler Collection) GenAI Large Language Model (LLM) web apps Git GitHub GitHub Actions GitHub Copilot Gladinet Gladinet flaw CVE-2025-30406 Gmail Gmail (Google Workspace) Google Ads Google Agent-to-Agent (A2A) Google AI (Unspecified Version) Google Analytics Google Authenticator Google Chrome Google Chrome Extension (Unspecified) Google Chrome zero-day Google Chromecast/Google TV Google Cloud Platform Google Cloud Platform (GCP) Cloud Composer Google Cloud Platform (GCP) Composer Google Docs Google Forms Google Homepage (cloned) Google Meet Google OAuth Google Sites Google's Gemini Google's OAuth application Google's OAuth Application GOOPDATE GPS Receivers GPT-4.1 Grapeloader GrapeLoader Grok 3 Grok-2 Halo Infinite Harman Becker MGU21 Horizon Client for Windows ICT communication systems in Zambia ICU iMessage Infodraw Media Relay Service (MRS) Innorix Agent Instagram Integuru Internet stock trading services InvisibleFerret iOS iOS (unspecified version, but likely iOS versions prior to 18.4.1) iOS 18.4 (and iPadOS 18.4) iOS/iPadOS/macOS/tvOS/visionOS iPadOS IT IEC-104 protocol Ivanti Ivanti Connect Secure Ivanti Connect Secure (ICS) Ivanti Connect Secure and Ivanti Policy Secure Ivanti Connect Secure VPN and Ivanti Policy Secure appliances Ivanti Endpoint Manager Ivanti Neurons for ZTA Ivanti Neurons for ZTA gateways Ivanti Policy Secure Ivanti products Ivanti Products Ivanti Pulse Secure Jira Juniper and Palo Alto networking gear and VPN appliances Juniper Networks Juniper Networks Junos OS Kaspersky Kaspersky antivirus software KingCard NFC (io.dxpay.remotenfc.supercard) Kryptoneer Kubernetes LAGTOY LangChain Langflow Lantronix Device Lantronix XPort Legacy Case Management System Legacy Google Service Legacy systems Legacy Systems Legacy, non-production Microsoft test tenant account (specific software unspecified) Level RMM software LINE Linode Linux Linux Kernel (io_uring) Litespeed Technologies LLM models (Unspecified) LLMs (Large Language Models) LNK Files LockBit LockBit Ransomware Lumma LUMMA Lynx Ransomware M&S Click & Collect System M&S Point of Sale (POS) System MACE Credential Revocation app (Microsoft Entra feature) macOS macOS Sequoia Magisk Magnet RAM Capture (MRCv120.exe) Marks & Spencer's Website and App MCP Server (Unspecified Version) Merlin Bird ID MetaMask Metasploit ELF binaries Metasploit-injected Putty and ApacheBench Metastealer METASTEALER Microsoft 365 Microsoft 365 (M365) Microsoft 365 (specific versions not specified) Microsoft 365 applications (Outlook and Teams) Microsoft Account (MSA) Microsoft Account (MSA) signing service Microsoft Active Directory Microsoft Azure Microsoft Azure portal Microsoft Azure SQL Server Microsoft Copilot Studio Microsoft Defender Microsoft Defender XDR Microsoft Edge Microsoft Entra admin center Microsoft Entra Connect (versions prior to 2.4.129.0) Microsoft Entra ID Microsoft Entra ID (Azure AD) Microsoft Entra ID (formerly Azure Active Directory) Microsoft Entra ID (formerly Azure AD) Microsoft Exchange Online Microsoft Identity Access System Microsoft Intune admin center Microsoft Office Microsoft Office 2016 (Word, Excel, Outlook) Microsoft Office 365 Microsoft OneDrive Microsoft Products Microsoft RDP Microsoft Remote Desktop Services Microsoft SharePoint Microsoft Teams Microsoft Windows Microsoft Windows flaws Microsoft Windows NTLM Microsoft-based systems (general) Mitel MiCollab Mitel MiCollab (NPM component) Mobile applications (general) Mobile Network Signaling Systems Modbus Model Context Protocol (MCP) Model Context Protocol (MCP) servers MOVEit Transfer Mozilla Firefox MSBuild.exe msedge_proxy.exe mshtaa.exe (Microsoft HTML Application engine) MysterySnail RAT NAKIVO Net.Time - PTP/NTP clock Netplex Json-smart Network edge devices Network Edge Devices Network Edge Routers Nexus Network client Nice Linear eMerge E3 NLRB Database NLRB systems node-telegram-bots-api node-telegram-util node-telegram-utils Node.js Notion NSIS (Nullsoft Scriptable Install System) NTLM NxGen NxGen case management system OAUTH device code flow Office 365 Office 365 Exchange Online Casino Systems OnlyOffice Community Server Docker image Open-source software OpenAI Function Calling OpenAI models OpenAI-based copilots OpenAI's GPT-4o OpenSSH Opera Operating Systems Oracle Cloud System Oracle Communications products Oracle Legacy Cloud Environment Oracle Login Servers Oracle products Oracle Products Oracle WebLogic OtterCookie Outlook Outlook (Classic for Windows) OVHCloud PAKLOG and CorKLOG Paklog keylogger Palantir's ICE Case Management System Palo Alto Networks Palo Alto Networks firewalls Palo Alto Networks GlobalProtect remote access software Palo Alto Networks PAN-OS Palo Alto Networks PAN-OS GlobalProtect Palo Alto Networks PAN-OS GlobalProtect Gateway Perplexity Pip PLAY Play ransomware Play Ransomware Playwright PlugX RAT Polara Field Service app Polara Pedestrian Signal Systems PowerPoint (wine.exe) PowerSchool PowerShell Proofpoint's email security defenses Protecto for Chrome™ Proxies PSExec, AnyDesk and ScreenConnect PteroLNK Public-facing applications Puppeteer PuTTY's SCP utility (pscp.exe) PyPI and npm packages PyTorch Qilin ransomware Quasar RAT Quick Assist Raccoon stealer RACCOON STEALER Rack Rack Ruby web server interface RafaelConnect.exe (LONEFLEET installer) Rainmeter (version 4.5.22) RansomHub RansomHub ransomware RansomHub Ransomware Ray AI framework RCS RCS (Rich Communication Services) RCS and iMessage RDP RDP (Remote Desktop Protocol) Reader Reader app (malicious) Real-world open-source software Redline RedLine REDLINE RedTail RegAsm.exe RegSvcs.exe Remcos RAT Remote Access Software Remote Desktop Protocol (RDP) Remote Utilities for Windows Admin (RMS Remote Admin) Resepro Rhadamanthys Infostealer RisePro RISEPRO Roku RPAC RSA-2048 Salesforce SAP SAP Landscape Transformation SAP NetWeaver SAP NetWeaver Visual Composer SAP NetWeaver Visual Composer Framework version 7.50 SAP S/4HANA SAP Visual Composer Schneider Electric ConneXium Network Manager Schneider Electric Modicon PLCs (various models including Modicon Premium, Modicon Momentum, Unity M1E Processor) Schneider Electric SAGE RTU Schneider Electric Wiser Home Controller WHC-5918A SectopRAT (aka ArechClient2) Secure Email Gateways (SEGs) Securify for Chrome™ Server software SharePoint ShinyHunters ransomware Siemens Application (Unaffected Version Unspecified) Siemens TeleControl Server Basic Signal Skype Slack SlackAI Smartphones (with biometric unlock) SMB, HTTP, or RDP SMS Applications Snowflake SocGholish Social Media Networking Sites Social Security System SonicWALL Connect Tunnel SonicWall Gen 6 and Gen 7 firewalls SonicWall Secure Mobile Access (SMA) 100 series SonicWall Secure Mobile Access (SMA) 100 series appliances SonicWall Secure Mobile Access (SMA) 100 Series gateways SonicWall Secure Mobile Access (SMA) 100 Series Management Interface SonicWall Secure Mobile Access (SMA) appliances SonicWall Secure Mobile Access 100 Series gateways SonicWall SMA 100 series SonicWall SMA 1000 Series appliances SonicWall SMA appliances SonicWall SMA100 Appliance SonicWall SMA1000 secure access gateways SonicWall SonicOS Soralink SPAWN Specops Password Policy Specops Secure Access SplatCloak SplatCloak EDR evasion driver SSH SSL.com Certificate Authority System SSL.com Domain Validation System Starlink GenV1 antenna Starlink Rev3/GenV2 User Terminal Antenna (UTA) StarProxy Stealc SuperCard X SuperCard X (io.dxpay.remotenfc.supercard) Tapper Telegram Third-party software development kits (SDKs) TikTok TONESHELL ToneShell backdoor Total Safety for Chrome™ TOTOLINK devices TOTOLINK Routers Tracking Cookies (Unspecified) Treasury Department's payment systems Trend Micro Triada TRON and Solana Wallets/Platforms tvOS UNI-NMS-Lite Unified Access Gateway (UAG) Unitree GO2 Robot Dog (firmware versions 1.1.1 and earlier) Unitree GO2 Robot Dog WebRTC Client (unitreeWebRTCClientMaster) Unitronics Vision Series PLCs Unity Pro Software Unspecified AI Agent Memory Systems Unspecified Android Application Unspecified Applications Unspecified Electric Vehicle Charger Software Unspecified Government Systems Unspecified Malware Unspecified Mobile Browsers Unspecified Mobile Network Infrastructure Software Unspecified Mobile Phones of Officials Unspecified Municipal Water Plant SCADA Systems Unspecified OEM Software Unspecified Python and JavaScript packages Unspecified Ransomware Unspecified SAP Software Unspecified SMS Applications Unspecified Software (SAP) Unspecified Software Packages (via GenAI) Unspecified Software with 2015 Vulnerabilities Unspecified Software with Unpatched Vulnerability Unspecified software with vulnerabilities Unspecified Telephone Networks Unspecified US Government Systems UPX Various Browsers (Chrome, Firefox, etc.) Various Browsers (via XSS) Various Cryptocurrency Trading Software Applications Vasion Print (formerly PrinterLogic) Veeam Verifica Carta (io.dxpay.remotenfc.supercard11) Vestel AC Charger Vidar VIDAR Video Conferencing Software ViPNet ViPNet secure networking software visionOS Visual Studio Code (insiders.vscode.dev) Visual Studio Code (insiders.vscode[.]dev) VMware ESXi VMware ESXi hypervisor VMware ESXi zero-days VMware Horizon VMware Unified Access Gateway VMware vCenter Server VPN Appliances VPN Gateway Products VPNs Web Application (FAA) Web Applications Web Applications (with XSS, CSRF, SSRF) Web Browsers (Unspecified) Webex App WebKit WGS-4215-8T2S WGS-80HPT-V2 WhatsApp Windows Windows (CVE-2025-24054) Windows 11 24H2 Windows Defender Windows Kernel Drivers Windows NTLM Windows OpenSSH package (sshd.exe) Windows Process Activation (WPA) Windows Server 2019 Windows Server 2022 Windows Server 2025 Windows Servicing Stack Windows Update Windows Win32k kernel driver Windsurf Wineloader WineLoader WINELOADER WinSCP WireGuard (AmneziaWG variant) WordPress WordPress plugins WPSafeLink Writer.com XLoader XorDDoS (various versions) xrpl (NPM package) xrpl.js xrplpackage xz-utils Yale New Haven Health IT Systems Yii framework Yokogawa recorder products Yu Idea Zimbra Zoom Zyxel
Involved Countries All Algeria Angola Asia-Pacific Australia Austria Bahrain Beirut Belgium Bhutan Brazil Britain Bulgaria California Cambodia Canada China Cisco Colombia Colorado Commonwealth of the Northern Mariana Islands (CNMI) Countries within Europe Cuba Cyprus Czechia Delaware Democratic People's Republic of Korea (DPRK) Denmark Dominican Republic DPRK Eastern Europe Ecuador El Salvador Ericsson Estonia EU Europe European Countries European Union European Union (implied) Fiji Florida France Georgia Germany Ghana Greece Haiti Hong Kong Hungary Illinois India Indonesia Iran Iraq Ireland Israel Italy Japan Kenya Korea (South) Laos Luxembourg Maine Malaysia Mexico Mongolia Morocco Myanmar Namibia Neighboring Southeast Asian Country 1 (Unspecified) Neighboring Southeast Asian Country 2 (Unspecified) Netherlands Nevada New Jersey New Zealand Nicaragua Nigeria North Carolina North Korea Oregon Pakistan Palau Philippines Poland Qatar Romania Russia Rwanda Saudi Arabia Scandinavia Senegal Serbia Singapore South Africa South Dakota South Korea Southeast Asia Southeast Asian Country (Unspecified) Spain Sri Lanka Switzerland Syria Taiwan Texas Thailand Tonga Turkey Türkiye U.S. UK Ukraine United Arab Emirates United Kingdom United States US USA Uzbekistan Vanuatu Vatican City Venezuela Vietnam Yemen Zambia
Affected Industries All Academia Academia/Science Accounting Administration Advertising Advertising and Analytics Advertising Technology Aerospace Agriculture AI Companies AI Development and Deployment AI/GenAI Air Freight Air Traffic Control Air Transportation Airline Industry (US) Airlines Ambulance Services Antivirus Antivirus Software Antivirus Software Industry API Development Artificial Intelligence Artificial Intelligence (AI) Automotive Automotive Rental Background Screening Backup and Replication Software Backup Software Industry Banking Banking and Financial Institutions Banking, Finance and Insurance Benefits Administration Biotechnology and Chemicals Blockchain/Cryptocurrency Building Automation Systems Business and Professional Services Business Services Businesses Car Rental Casinos Cloud Computing Cloud Computing Industry Cloud Computing/Cloud Storage Cloud Data Warehousing Cloud Services Commercial Real Estate Communications Communications and Telecommunications Computing & IT Construction Consulting Consumer Electronics Consumer Electronics Manufacturing Consumer Electronics/Networking Equipment Consumer Services Content Creation Content Management Systems Corporate Executives Corporations Critical Infrastructure Cryptocurrency Cryptocurrency (specifically XRP) Cryptocurrency and Decentralized Finance Cryptocurrency Exchanges Cryptocurrency Industry Cryptocurrency Mining Cryptocurrency/Fintech Cryptocurrency/Web3 Development Cryptography Customer Service Cybersecurity Cybersecurity Consulting Cybersecurity Research and Consulting Dark Web Marketplaces Data Analytics/Marketing Data Backup and Recovery Data Backup and Replication Data Processing and Analytics Data Protection and Backup Infrastructure Database Management Databases Dating Defense Defense/Arms Manufacturing Dialysis Services Diplomacy Diplomatic Sector Drug Trafficking E-commerce Edge Computing Education Education (Universities) Educational Services Elections Electric Vehicle Charging Electric Vehicle Charging Infrastructure Email Security Email Services Email/Messaging Services Energy Energy (Power Plants) Energy and Utilities Energy Sector Energy/Fuel Supply Engineering Enterprise Enterprise Printer Management Enterprises Entertainment Finance Finance (implied) Finance and Insurance Financial Financial and Insurance Financial Institutions Financial services Financial Services Financial Services (Cryptocurrency Trading) Financial Services (Virtual Currency Exchanges) Financial Technology (FinTech) Fintech Firewall Vendors Firmware Fleet Management Food & Beverage Food and Beverage Food and Beverage Services Food Service Gambling Gaming Gig Economy Platforms Government Government (Federal Agencies) Government (Federal, State, Local) Government (Federal) Government (Local) Government (specifically Election Administration) Government (specifically, national defense) Government (US Federal) Government (US) Government Agencies Government/Diplomatic Services Grocery Retail Gun Trafficking Health Health Insurance Healthcare Healthcare (HIPAA) Healthcare (Hospitals) Healthcare (Kidney Dialysis) Heating Services High Tech Home Automation/Smart Home Hospitality Hospitality (Hotels) Hospitality/Hotel Industry Hosting Providers Hotels Human Resources Human Resources (HR) Human rights non-governmental organizations Human Trafficking Humanitarian aid organizations ICT Identity Verification Industrial Industrial Control Systems (ICS) Information Information Security Information Security Services Information Technology Information Technology (IT) Infosec Insurance Internet Forums (4chan) Internet of Things (IoT) Internet Service Providers (ISPs) Investment IoT (Internet of Things) IT IT Administration IT and Cloud Services IT and Cybersecurity IT/Network Infrastructure IT/Software Development IT/Technology Journalism Law Enforcement Legal Legal Services Live Events Local Government Logistics/Delivery Services Machine Learning Machine Learning (ML) Managed Detection and Response (MDR) providers Managed Service Providers (MSPs) Managed Services Manufacturing Manufacturing (specifically, industrial automation) Maritime Transportation Media Media and Journalism Messaging Applications Messaging Apps Messaging Platforms/Software Messaging Services Microsoft Users Military Military/Defense Mining Mobile Application Development Mobile Gaming Mobile Network Providers Mobile Security Municipal Government Municipal Governments National Security/Defense Network Edge Devices Network Security Networking Networking Equipment Manufacturing News Media NFT NGOs Non-governmental Organizations (NGOs) Non-Governmental Organizations (NGOs) Non-profit Nuclear Oil & Gas Oil and Gas Online Advertising Online Casinos Online Forums Open-Source Software Operating Systems Ophthalmology Organizations using SonicWall Secure Mobile Access (SMA) Payment Processing/Card Issuers Payroll Services Pedestrian Signal System Manufacturing Pharma PKI (Public Key Infrastructure) Postal Services Printing/Enterprise Printer Management Private Companies Private Institutions Private Investigations Private Sector Professional Services Professional, Business and Consumer Services Public Sector/Government Public Transport Public/Private Healthcare Recorded Music Market (US) Recruitment/Employment Recruitment/Human Resources Renewable Energy Retail Robotics SaaS SaaS (Software as a Service) Satellite Internet Satellite Surveillance Search Engine Security Semiconductor Semiconductor Manufacturing Server Hardware Server Software Services Shipping and Transportation Signal Jamming Technology Small and Medium Businesses (SMBs) Small and Medium Enterprises (SMEs) Small and Medium-sized Businesses (SMBs) Small and Medium-sized Enterprises (SMEs) Small-to-Mid-sized Businesses (SMBs) Smart Home Security Smartphone Manufacturing Social Media Software Software (Microsoft Products) Software and IT Software and Technology Software as a Service (SaaS) Software Development Software Development/AI Services Software Development/IT Software Development/IT Services Software Development/NPM Package Management Software Development/Open Source Software Development/Supply Chain Software Development/Technology Software Engineering Software Industry Software Industry (Specifically, Adobe and Microsoft) Software Security Software Supply Chain Security Software Vendors (Palo Alto Networks, Mitel, D-Link, Fortinet) Software, Internet, and Technology Software/App Development Software/Application Security Software/Chrome Extension Development Software/IT Software/SaaS Software/Technology Sports and Entertainment Spyware Industry Streaming Services Supply Chain Supply Chain Technology Supply Chains Tech Companies Tech Support Technology Technology (Software Development) Technology Hardware Technology Support Technology/Network Security Technology/Networking Industry Telecom Telecommunications Telecommunications (implied through Telit) Telecoms Telecoms and ISPs Think Tanks Toll Road Operators Tourism Transportation Travel Travel Agencies Unspecified industry affected by credential-based attacks US Box Office Utilities Venture Capital Video Game Industry Video Surveillance Virtualization VPN VPN Services Water Water and Wastewater Services Water Management/Municipal Water Plants Web Application Development Web Application Development/Hosting Web Browsers Web Development/Website Hosting Web Hosting and IT Services Web3 Website Development/Hosting Wholesale Trade Window Blind Manufacturing