Published Date All 2025-07-14 2025-07-13 2025-07-12 2025-07-11 2025-07-10 2025-07-09 2025-07-08 2025-07-07 2025-07-06 2025-07-05 2025-07-04 2025-07-03 2025-07-02 2025-07-01 2025-06-30 2025-06-29 2025-06-28 2025-06-27 2025-06-26 2025-06-25
Tags All .es Domain 0-day 0-Day Vulnerability 2G Vulnerabilities Access Broker Access Control Account Compromise Account Takeover ACME Active Directory (AD) Active Directory Reconnaissance ActiveReports.NET Adobe Adobe Acrobat Adobe Acrobat Reader Advanced Protection Advertising Adware AES Africa Age Verification Agent Hijacking Agent Tesla Ahold Delhaize AI AI Agents AI Automation AI Bias AI Chatbot AI coding tools AI Crawlers AI Ethics AI evasion AI Governance AI in Security AI Investigator AI Jailbreak AI Model Evaluation AI Policy AI Policy Enforcement AI Regulation AI Safety AI Security AI Tools AI Voice Cloning AI Web Agents AI-Driven Development AI-powered alerts AI-powered Attacks AI-Powered Security AIoT Air Conditioning Systems Airline Security Airlines Alert Fatigue AlertMedia Algorithms Amazon Prime Day AMOS Amplifier Anatsa Android Android 16 Android Adware Android Malware Android Security Anthropic Antianalysis Antitrust Antivirus Software ANY.RUN API API Integration API Security App Permissions App Store App Store Security APP_KEY Application Permissions Application Security Application Security (AppSec) Application Virtualization APT APT28 APT35 APT42 APT45 Arbitrary Code Execution Arbitrary File Deletion Arbitrary File Write Arcanum Cyber Security Bot Arrest Artificial Intelligence Artificial Intelligence (AI) Artificial Intelligence (AI) Security Asus Armoury Crate AT&T Atomic macOS Stealer Attack Surface Management Attack Surface Reduction Attribution Authentication Authentication Bypass Authentication Not Required Authenticators Authorization Authorization Bypass Automated Certificate Management Environment (ACME) Automatic Content Recognition (ACR) automation Automation Automotive Cybersecurity Automotive Security AV-Comparatives AV/EDR Evasion Avast Aviation Aviation Industry Azure Machine Learning B2B Technology Distributor backdoor Backdoor background checks Backward Compatibility Banking Trojan Banking Trojans Barracuda Networks bcrypt BEC BianLian Biometric Authentication biometric_data Bitcoin Bitdefender Bitwarden Black Basta BlackBasta BlackSprut BlackSuit Blue Screen of Death Bluetooth Bot Attacks Bot Detection Botnet Botnets Bots Brand Impersonation Brand Protection Braodo Stealer BreachForums Browser Automation Browser Extensions Browser Fingerprinting Browser Hijacking Browser Security Brute Force Attack Brute-Force Attacks Buffer Overflow bug bounty Bug Bounty Bug Bounty Program Bug Fixes Bulletproof Hosting Bulletproof Hosting (BPH) Burnout Business Email Compromise (BEC) Business Logic Vulnerabilities ByBit BYOD ByteDance Call Center Fraud Call of Duty Call of Duty: WWII Cambodia CAN Bus Canada CAPEC CAPTCHA Case Management CCTV CDN Censorship Certificate Authority CertiK Cetus Protocol Charming Kitten Chatbot Chatbots ChatGPT Check Point China China-aligned Actors China-linked China-linked APT China-Nexus Chinese Hackers Chrome Chrome Extensions Chrome Renderer Sandbox Chromium CISA Cisco Cisco Identity Services Engine (ISE) Cisco ISE Cisco ISE Passive Identity Connector (ISE-PIC) Cisco Talos Cisco Unified Communications Manager CISO CISOs Citrix Citrix NetScaler ADC Citrix NetScaler Gateway CitrixBleed CitrixBleed 2 CitrixBleed2 Civil Liberties Cl0p Cl0p Ransomware Classified Information Cleartext CLI ClickFix ClickOnce Clop Ransomware Cloud Computing Cloud Repatriation Cloud security Cloud Security Cloud-Native Cloudflare Cloudflare Tunnel CNAPP Co-op Cobalt Strike Code Refactoring Code Review Collaboration Command and Control Command and Control (C2) Command and Control Server Command Injection Compliance Compliance Reporting Compromised Accounts Compromised Credentials Computer Fraud Computer Hacking Computer Misuse Act Computer Misuse Act 1990 Configuration Management Connected Cars Connectors Consumer Protection Containerization Content Scraping Conti Ransomware Copyright COVID-19 Research Credential Harvesting Credential Phishing Credential Stuffing Credential Theft Credit Card Theft Critical Infrastructure Critical National Infrastructure (CNI) Cross-Site Scripting (XSS) CrowdStrike cryptocurrency Cryptocurrency Cryptocurrency Fraud Cryptocurrency Theft Cryptography cryptominers CSRF CTF Cursor Customer Data CVE CVE-2018-15133 CVE-2023-34362 CVE-2023-36934 CVE-2024-30088 CVE-2024-3094 CVE-2024-51978 CVE-2024-8190 CVE-2024-8963 CVE-2024-9380 CVE-2025-20264 CVE-2025-20281 CVE-2025-20282 CVE-2025-20309 CVE-2025-32462 CVE-2025-32463 CVE-2025-3509 CVE-2025-3699 CVE-2025-47812 CVE-2025-47980 CVE-2025-47981 CVE-2025-48822 CVE-2025-48927 CVE-2025-48928 CVE-2025-49695 CVE-2025-49696 CVE-2025-49697 CVE-2025-49698 CVE-2025-49701 CVE-2025-49702 CVE-2025-49703 CVE-2025-49704 CVE-2025-49717 CVE-2025-49724 CVE-2025-49735 CVE-2025-5777 CVE-2025-6463 CVE-2025-6521 CVE-2025-6522 CVE-2025-6543 CVE-2025-6554 CVE-2025-6642 CVE-2025-6645 CVE-2025-6650 CVE-2025-6657 CVE-2025-6794 CVE-2025-6795 CVE-2025-6796 CVE-2025-6798 CVE-2025-6801 CVE-2025-6802 CVE-2025-6803 CVE-2025-6804 CVE-2025-6805 CVE-2025-6806 CVE-2025-6807 CVE-2025-6808 CVE-2025-6809 CVE-2025-6810 CVE-2025-6811 CVE-ID CVSS 7.5 CVSS 8.2 CVSS 9.8 CVSS Score CVSS Score 7.8 CVSS Score 9.8 CVSS:3.3 CVSS:7.5 CVSS:8.2 CVSS:9.8 Cyber Attack Cyber Command cyber espionage Cyber Espionage Cyber Extortion Cyber Geopolitics Cyber Incident Cyber Insurance Cyber Offense Cyber Reasoning System (CRS) Cyber Resilience Cyber Security and Resilience Bill Cyber Threat Cyber Warfare Cyberattack Cyberattacks cybercrime Cybercrime Cybercrime Forum Cybercrime in Africa Cybercriminal Cybercriminals Cyberespionage cybersecurity Cybersecurity Cybersecurity Advisory Cybersecurity and Infrastructure Security Agency (CISA) cybersecurity awareness Cybersecurity Awareness Cybersecurity Charter Cybersecurity Fatigue Cybersecurity Incident Cybersecurity Incidents Cybersecurity Infrastructure Cybersecurity Jobs Cybersecurity Resilience Cybersecurity Services Cybersecurity Talent Shortage Cybersecurity Threat Assessment Cybersecurity Training D-Link Dark Angels Ransomware Dark Patterns Dark Web DARPA AI Cyber Challenge (AIxCC) Data Backup data breach Data Breach Data Breaches Data Brokers Data Collection Data Deletion Data Encryption Data Exfiltration Data Extortion Data Integrity Data Leak Data Leakage Data Leakage Prevention Data Loss Data Loss Prevention Data Poisoning Data Privacy data protection Data Protection Data Reconnaissance Data Removal Services Data Resilience Data Roaming Data Security Data Sharing Data Sovereignty Data Stealer data theft Data Theft Data Visualization Data Wiping DDoS DDoS Attacks Decoherence Decryption Key Decryption Keys Deepfake Deepfakes DeepSeek Default Credentials default password Default Password Default Passwords Defendnot DeleteMe Delivery Scam Denial of Service Dependency Analysis Deserialization Deserialization of Untrusted Data Desktop Virtualization Detection Detection Engineering Developer Tools Development Environment DevOps DHS Digital Assets Digital Certificate Digital Certificates Digital Footprint Digital Forensics digital literacy Digital Markets Act (DMA) Digital Millennium Copyright Act (DMCA) Digital Services Act (DSA) Digital Sextortion Digital Sovereignty Digital Transformation Direct Send Direct-TCP Directory Traversal Disaster Recovery Disinformation DLL Injection DLL side-loading DNS Encryption DNS Hijacking Do Not Call Registry Docker DocuSign DOD DOJ Domain Abuse Domain Analysis Domain Name System (DNS) Domain Scoring Domain Spoofing Double Extortion DPC DragonForce Drive-by Compromise Driver Exploitation E-commerce Fraud EASM Eavesdropping Eclipse Foundation Economic Impact EDR Elastic Security Labs Election Security Electron Elevation of Privilege ELK SIEM eLoran Email Bombing email security Email Security Email Spoofing Employee Data Employment Scams Encryption End of Life End of Life (EOL) End-of-Life End-to-End Encryption Endpoint Protection endpoint security Endpoint Security Energy Sector Enterprise Password Manager enumeration EoP Error-Correcting Code (ECC) eSIM Espionage Estimated Billing Ethereum Ethical Hacking European Commission European Union (EU) Europol Evasion Techniques Executive Impersonation Executive Order Exploit Exploit Development (ED) Exploit Public-Facing Application Exploitation Exploits Export Controls Exposure Management Extended Security Updates (ESU) extension marketplace Extortion Extradition F-35A Facebook Facial Recognition Facial Recognition Technology facial_recognition Fake Antivirus Fake IT Workers Fake News FAPI 2.0 FBI FBI Alert FBI Cyber Division FBI Warning Federal Aviation Administration (FAA) Federal Policy Federal Regulation Federal Reserve System FIDO Alliance FIDO Security Keys FIDO2 File Deletion FileFix Filename FIN7 Financial Crime Financial Data Financial Fraud Financial Loss Financial Security Financial Services Fines Finfluencers Firewall Firmware Firmware Downgrade Firmware Security Firmware Tampering firmware update Firmware Update Forminator Fortinet FortiWeb Fortnite Forum-1 Fourth-Party Risk Framework France Fraud Fraud Detection Fraud Prevention Frequent Flyer Program Frida FTC Funding Funding Cuts Fuzzing Gamaredon Game Hacking Game Pass Gamification Gatekeeper GDPR Gemini Gemini AI GenAI GenAI Security Generative AI Genetic Data Geolocation Tracking getAppFileBytes Gh0stRAT GhostTap GitHub GitHub Abuse GitHub Actions GitHub Enterprise Server Global Reach Technology GlobalProtect GlobalProtect VPN Golang GOLD REBELLION Google Google Chrome Google Cloud Google Drive Google Gemini Google Play Google Play Protect Google Play Store Google Threat Analysis Group (TAG) Governance Governance, Risk, and Compliance (GRC) Government Government Officials Government Policy Government Services GPS Jamming GPU GPU Security Grafana GravityZone GreyNoise Grok HackerOne hacking Hacking Hacking Group Hacks Hacktivism Hafnium HAFNIUM Hardcoded Credentials Hardware Analysis Hardware Security Harrods Hashing Headphones Healthcare Healthcare Cybersecurity Healthcare Data Healthcare Data Breach Healthcare Fraud Heap Overflow Hellcat Ransomware Group Help Desk Help Desk Scams Hikvision Hiring Practices Home Automation Home Security Honeypot HTML Smuggling HTTP HTTPS Human Resources Human Rights Human Trafficking Human-Centric Security Hunters International Hybrid Cloud Hybrid Warfare IBM X-Force ICANN CZDS ICO ICS ICS Security IDE Extensions IDE Security Identity Check Identity Management Identity Protection Identity Theft Identity Verification Identity-Based Attacks IDOR IEC 61850 IIoT Security Immutable Storage Impersonation Imposter Scam IMSI Catchers In-App Purchases INC Ransom incident response Incident response Incident Response Incident Response (IR) Incogni Incognito Mode Indicators of Compromise Industrial Control Systems (ICS) Information Commissioner's Office (ICO) Information Disclosure Infosec infostealer Infostealer Infostealer Malware infostealers Infotainment System infrared_tracking Initial Access insider threat Insider Threat Insider Threats Insurance Insurance Industry IntelBroker Intellectual Property Theft Intelligence Gathering Interlock Ransomware Internal Systems Inaccessible International Criminal Court (ICC) International Law Enforcement Cooperation Internet Censorship Internet Explorer Internet Security Research Group (ISRG) Internet Service Providers (ISPs) Interoperability Interpol INTERPOL Intune Investment Fraud Investment Scam Invoker Scripts IoT IoT Hacking IoT Security IOT security IP Address IP Scanning Iran Iran Cyber Threat Iranian Cyber Operations Iranian Threat Actor Iranian Threat Actors ISACA Islamophobia ISO 27017 ISO 27018 Isolated Recovery Environment (IRE) Israel IT Distributor IT Management IT Outage IT Systems IT Worker Scam IT Worker Scheme ITOI Ivanti Jailbreaking JavaScript JavaScript Engine Jira Job Displacement Journalists JPCERT/CC JScript JScript9Legacy JSON Kasm Kaspersky Password Manager KB5062554 Kernel Exploitation Kernel Security Key Vault Keylogger Keylogging Knox Matrix Koi Security Kubernetes Laptop Farms Laravel Large Language Models Large Language Models (LLMs) Law Enforcement Law Enforcement Action Law Enforcement Operation Lawsuit Lazarus Group Le Chat Leak Least Privilege Legacy Software Legal Action Legal Forum Legislation Let's Encrypt Linux Living Off the Land Living Off The Land Living Off The Land (LOTL) LLM LLM Security Lua Injection Lumma Stealer LVMH Machine Identities macOS macOS Security MacOS Security Malicious App Malicious Extension Malvertising malware Malware malware analysis Malware Analysis Malware Protection malware-as-a-service Malware-as-a-Service Malwarebytes Managed Identity Managed Service Provider (MSP) Managed Service Providers Managed Service Providers (MSPs) Marks & Spencer Marvell Marvell QConvergeConsole MellowTel Memory Leak Memory Overflow Memory Overread Memory Safe Languages Memory-Safe Languages Mescius Messaging Meta Meta AI Metadata MFA Abuse MFA Bypass MFA Fatigue MFA Reset Microsoft Microsoft 365 Microsoft Authenticator Microsoft Azure Microsoft Configuration Manager Microsoft Defender Microsoft Defender for Office 365 Microsoft Edge Microsoft Entra Microsoft Entra ID Microsoft Exchange Server Microsoft Exchange Server Hack Microsoft Insider Program Microsoft Intune Microsoft Office Microsoft Patch Tuesday Microsoft SharePoint Microsoft SQL Server Middle East Misinformation Mitigation Techniques MITRE ATT&CK MITRE D3FEND Mitsubishi Electric MLS (Messaging Layer Security) Mobile App Security Mobile Phone Security Mobile Security Mobile Threats Monero Monero Mining Money Laundering Money Mules MOVEit MOVEit Transfer MSI Installer MSR Registers Mullvad Browser Multi-Factor Authentication Multi-Factor Authentication (MFA) Multi-Factor Authentication Bypass Multi-Tenant Architecture Mustang Panda Narrative Attacks Nation-State Actor Nation-State Actors National Crime Agency (NCA) National Security NATO NCC Group NCSC Negotiation Negotiator NetScaler NetScaler ADC NetScaler ADC and Gateway NetScaler Gateway Netsh.exe NetSupport RAT network Network Performance Network Rail network security Network Security New Hires NFC NHS NIST no-defender Non-Human Identities (NHI) North Korea North Korean Cyber Threat North Korean Cybercrime North Korean hackers North Korean IT Workers North Korean Scam IT Workers npm NPM NSA NSO Group NTLM Relay nuclear weapons Null Byte Injection NVIDIA OAuth Obfuscation Ollama Olostep Onboarding One UI 8 Online Fraud Online Safety Act Online Scam Online Scams Open Source Open Source Security Open Source Tool Open Source Vulnerabilities Open VSX Open VSX Registry Open-Source Open-Source Models Open-Source Software Open-source tool OpenAI OpenID Foundation OpenSSL OpenVSX Operational Resilience Operational Technology (OT) Operational Technology (OT) Security OpSec Organized Crime OSINT OT Security Out-of-bounds Read Out-Of-Bounds Read Out-of-Bounds Read Vulnerability Outage OWASP Juice Shop Packet Blocking Packet Injection Palo Alto Networks Parking Fine Scam Partnerships passkeys Passkeys Password Audit Password Cracking Password Hashing Password Management Password Manager Password Managers Password Reset password security Password Security Password Spraying Passwordless Passwordless Authentication passwords Passwords Patch Patch Available Patch Management Patch Tuesday Path Traversal Patient Data Patient Safety Pay-Per-Crawl Payment Gateway Security PDF PDF Tampering PDF-XChange Editor Peer-to-Peer Networking Pen Test Partners Penetration Testing Perception Hijacking Permissions Persistence Personal Data Personalized Advertising Personally Identifiable Information (PII) PHASR (Proactive Hardening and Attack Surface Reduction) phishing Phishing Phishing Kit Phishing Protection Phishing Resistance Phishing Triage PHP PHPGGC Pig Butchering Scam PII PII (Personally Identifiable Information) Plugin Plugin Vulnerability Policy-as-Code Pornography Positioning, Navigation and Timing (PNT) Post-Quantum Cryptography Post-Quantum Cryptography (PQC) Potentially Unwanted Apps (PUAs) powershell PowerShell PowerShell.exe PRC File Parsing Pricing Printer Security printer vulnerability Printers privacy Privacy Privacy Concerns Privacy Policies Privacy Regulations Privacy Settings privacy violation Private DNS Mode privilege escalation Privilege Escalation Privileged Access Management Privileged Access Management (PAM) Product Ban Prometei prompt injection Prompt Injection Proof of Concept Proof-of-Concept Prophet Security Protection Relay Proxy Public Key Cryptography public-private partnerships Python Qantas QConvergeConsole Qihoo 360 Qilin QR Code QR Code Phishing Quantum Computing Quantum Key Distribution (QKD) Qubit Race Condition RAF Ransom ransomware Ransomware Ransomware (Suspected) Ransomware-as-a-Service Ransomware-as-a-Service (RaaS) Rapid7 RAT RAT (Remote Access Trojan) RBAC RCE RDP Rebranding reconnaissance Red Hat Enterprise Linux Red Team Red Team Tools Red Teaming RedDirection refueling Reg.exe Regulation Regulatory Compliance ReliaQuest Remcos Remote Access Remote Access Trojan Remote Access Trojan (RAT) Remote Attack remote code execution Remote Code Execution Remote Code Execution (RCE) Remote Command Execution Remote IT Workers Remote Work Renault Clio Report Residential Proxies Responsible Disclosure Retail Retail Industry Retail Sector Retail Security reverse engineering Reverse Engineering Reverse Shell Rickrolling Risk Management Risk Management Framework (RMF) Risk Mitigation Romance Scam Romance Scams Root Access Root Privilege rootkit Rootkit Rowhammer Rowhammer Attack ruby Runtime Analysis Runtime Monitoring Russia Russia-aligned Actors Russia-Ukraine War Rust (programming language) SaaS SaaS Security Safepay SafePay SafePay Ransomware Salt Typhoon Samsung Sanctions Sanctions Evasion Sanctions Violation sandbox evasion Sandboxing SAP Sarcoma Ransomware Sarcoma Ransomware Group Saudi Arabia SC3 SCADA Scalability Scam Scam Detection Scam Protection Scams Scanning Activity Scanning Tool Scareware Scattered Spider ScreenConnect SD-WAN Secret Scanning Secure Boot Secure Code Review Secure Coding Practices Security Security Baselines Security Descriptor Security Development Lifecycle (SDL) Security Incident Response security keys security operations Security Operations Security Patches Security Risks Security Software Security Strategy Security Update Security Updates Security Vulnerability SeDebugPrivilege Seed Funding SEO poisoning Service Disruption Session Hijacking Settlement Sextortion Shadowserver SharePoint Shellter Shellter Elite Shiny Hunters ShinyHunters Shodan Side-loading Sight Bulb Pro Signal Signal (Messaging App) Silk Typhoon Silver Fox SIM Swapping Single Sign-On (SSO) Skills Gap skills shortage Slack Smallstep Smart Contracts Smart Devices Smart Lock Smart TV Smart TV Security Smart TVs SMB Smishing SMS SMS Blasting SMS OTP SMS Phishing SMS Scam SnakeStealer Snort Rules Snowflake SoC SOC social engineering Social Engineering Social Media Social Media Scams Social Network Analysis Software Dependencies Software Development Software Packaging Software Supply Chain Security Software Vulnerability SOHO Devices Solidity SparkKitty Spear Phishing Spear-phishing Spear-Phishing Spearphishing Spoofing Spyware SQL SQL Injection SQL Server SSH SSH Tunneling SSL/TLS Certificates SSRF Stack Overflow stalkerware Stalkerware Standards State Laws State Legislation State-Sponsored Attack Stealer Stolen Credentials Storage Account strace Stuxnet subdomain enumeration Subscription Service Substation Security Sudo SuperCard X Supply Chain supply chain attack Supply Chain Attack Supply Chain Attacks Supply Chain Security surveillance Surveillance Suspension Suspicious Domains Switzerland Symlink TA829 Taiwan Takedown Request Talent Shortage Tapjacking Targeted Advertising Targeted Attack Task Scams Taskmgr.exe Tech Support Scam Telecommunications Telecommunications Sector Telefónica telegram Telegram Telemarketing TeleMessage Telnet Third-Party Breach Third-Party Investigation Third-Party Risk Third-Party Vendor Third-party Vulnerability Threat Actor Threat Actors Threat Detection threat hunting Threat Hunting Threat Intelligence Threat Landscape Threat Modeling Threat Report Throttling TikTok tips TLA+ TLS TLS Certificate Transparency TLS/SSL Certificates TOAD TOCTOU tool sprawl tor Tor Browser Trademark Infringement Training Platform Transparency Transportation Industry Trend Micro Trend Micro Zero Day Initiative Trojan TruGrid Trusted Locations Two-Factor Authentication Two-Factor Authentication (2FA) bypass Tycoon 2FA Type Confusion U3D File Parsing Ubiquitous Technical Surveillance (UTS) Ubuntu UDP Flood UI/UX UK National Crime Agency Ukraine Ukraine War Unauthenticated Unauthenticated Access Unauthenticated Vulnerability Unauthorized Access UNC3944 UNC5174 Undersea Cables United Kingdom United States UNK_GreenSec Unrestricted File Upload UPS Upskilling US CLOUD Act US Defense Industrial Base (DIB) US Treasury Use-After-Free User Experience User Prompts Utilities V8 V8 JavaScript Engine Varonis Video Surveillance Virtual Currency VirusTotal Visual Studio VMware ESXi VoIP VPN VPN Security VS Code Vulnerabilities vulnerability Vulnerability Vulnerability Analysis Vulnerability Assessment Vulnerability Detection Vulnerability Disclosure Vulnerability Exploitation Vulnerability Fix vulnerability management Vulnerability Management Vulnerability Patch Vulnerability Patching Vulnerability Research Vulnerability Research (VR) Vulnerability Scanning WAF Wallet Compromise Weak Credentials Web Application Security Web Scraping web security Web Security WebAuthn Webflow WebRTC WeChat Applet Whatsapp WhatsApp Wi-Fi Hacking Wi-Fi Security Windows Windows 10 Windows 11 Windows Kernel Windows Product Key Windows Security Center (WSC) API Windows Update Windsurf Wing FTP Server Wireless Account Lock Wordfence WordPress World Leaks WormGPT WSUS XBOW XDR XSS youth empowerment ZDI ZDI-25-427 ZDI-25-442 Zero Day Initiative zero trust Zero Trust Zero-day Zero-Day Zero-day Exploit Zero-Day Exploit Zero-Day Exploitation zero-day vulnerability Zero-day vulnerability Zero-day Vulnerability Zero-Day Vulnerability Zero-Knowledge Architecture
Categories All Access Control Access Management access_control Account Security Advanced Persistent Threat Advanced Persistent Threats (APT) Advisory AI and Machine Learning AI Governance AI Security AI-Powered Development Tools AI/ML Security Application Security Application Security (AppSec) APT APT (Advanced Persistent Threat) APT Analysis APT/Nation-State Attacks Artificial Intelligence Artificial Intelligence (AI) Artificial Intelligence (AI) in Cybersecurity Artificial Intelligence (AI) Security Artificial Intelligence and Machine Learning Security Artificial Intelligence in Cybersecurity Artificial Intelligence Security Attack Detection Attack Surface Management Attack Surface Reduction Authentication Authentication and Access Management Authentication Methods Authentication Security Automated Security Automotive Cybersecurity Automotive Security Blockchain Security Bot Management Brand Security Browser Security Bug Bounty Programs Business Continuity Censorship Cloud Computing Cloud Computing Security Cloud Security Code Execution Compliance Compliance and Governance Configuration Management Consumer Protection Container Security Critical Infrastructure Security Cryptography Cyber Attack Cyber Attack Reports Cyber Attack Trends Cyber Crime Cyber Espionage Cyber Incident Response Cyber Law & Legislation Cyber Law and Legislation Cyber Risk Management Cyber Risk Quantification Cyber Threat Actors Cyber Threat Intelligence Cyber Threat Landscape Cyber Warfare Cybercrime Cybercrime Groups Cybercrime Investigation Cybercrime Investigations Cybercrime Trends and Analysis Cybersecurity Cybersecurity Awareness Cybersecurity Awareness and Training Cybersecurity Education and Training Cybersecurity Funding Cybersecurity Governance Cybersecurity Incident Cybersecurity Incident Management Cybersecurity Incident Response Cybersecurity Incidents Cybersecurity Law and Policy Cybersecurity News Cybersecurity Policy Cybersecurity Policy and Governance Cybersecurity Policy and Law Cybersecurity Policy and Regulation Cybersecurity Risk Management Cybersecurity Risks Cybersecurity Threat Intelligence Cybersecurity Threats Cybersecurity Training Data Backup and Recovery Data Breach Data Breach Analysis Data Breach Investigation Data Breach Investigation and Response Data Breach Notification Data Breaches and Incidents Data Governance Data Integrity Data Loss Prevention Data Privacy Data Privacy and Security Data Protection Data Security Data Security and Compliance Data Security and Privacy Data Security Incident data_privacy Device Security DevSecOps Digital Certificates Digital Forensics Disaster Recovery Domain Security Email Security Embedded Systems Security Emergency Response Endpoint Detection and Response (EDR) Endpoint Management Endpoint Protection Endpoint Security Espionage Evasion Techniques Exploit Exploit Analysis Exploit and Threat Intelligence Exploit and Threat Research Exploit Development Exploit Mitigation Extended Detection and Response (XDR) File Manipulation Financial Crime Financial Sector Cybersecurity Financial Security Fraud Fraud and Financial Crime Fraud Detection Fraud Detection and Prevention Fraud Management Fraud Prevention Gaming Security Geopolitics Geopolitics of Cybersecurity Global Cyber Attack Reports Government Government Cybersecurity Government Regulation Government Regulations Government Security Hardware Hacking Hardware Security Healthcare Healthcare Cybersecurity Healthcare Security Honeypots Human Risk Management Identity and Access Management Identity and Access Management (IAM) Incident Management Incident Response Incident Response and Forensics Industrial Control Systems (ICS) Security Industrial Control Systems Security Industrial Cybersecurity Information Security Infrastructure Security International Cooperation International Law Enforcement International Relations Internet of Things (IoT) Security Intrusion Detection and Prevention IoT Security Law Enforcement Law Enforcement Cybersecurity Legal and Compliance Legal and Regulatory Legal and Regulatory Compliance Legal and Regulatory Issues Legal Technology Malware Malware Analysis Malware Detection and Analysis Military Cybersecurity Military Procurement Mobile Device Security Mobile Security Nation-State Actors Nation-State Attack Nation-State Threat Actor National Security Navigation Security Network Management Network Security Online Censorship and Freedom of Speech Online Fraud Online Security Open Source Intelligence (OSINT) Operating System Security Operational Technology (OT) Security OT Security Password Management Password Security Patch Management Patching Patching and Mitigation Phishing Phishing & Social Engineering Phishing and Social Engineering Phishing Awareness Phishing Defense Phishing Detection and Prevention PKI (Public Key Infrastructure) Plugin Security Policy and Governance Policy and Regulation Privacy Privacy & Data Protection Privacy and Data Security Privacy and Surveillance Privacy Compliance Privacy Controls Privacy Engineering Privacy Enhancing Technologies Privacy Law Privacy Violations Privilege Escalation Product Security Product Security Advisory Quantum Cryptography Quantum Cybersecurity Ransomware Ransomware Attack Ransomware Attacks Ransomware Defense Ransomware Groups Ransomware Incident Response Ransomware Protection Ransomware Response and Recovery Reconnaissance Red Teaming Regulatory Compliance Remote Access Vulnerability Remote Code Execution (RCE) Retail Cybersecurity Reverse Engineering Risk Management Sandbox Evasion Scams and Fraud Scripting Engine Security Secure Coding Practices Security Advisories and Alerts Security Automation Security Awareness Security Awareness Training Security Information and Event Management (SIEM) Security Management Security Operations Center (SOC) Security Orchestration, Automation and Response (SOAR) Security Patching Security Policy Security Program Management Security Strategy Security Testing and Validation Smart Home Devices Social Engineering Social Engineering & Phishing Social Engineering Defense Social Media Security Software Development Software Security Software Supply Chain Security Software Updates Supply Chain Risk Management Supply Chain Security Surveillance Technology Third-Party and Supply Chain Security Third-Party Risk Management Threat Actor Threat Actor Activity Threat Actor Analysis Threat Actor Tracking Threat Actors Threat Detection Threat Detection and Prevention Threat Detection and Response Threat Intelligence Threat Intelligence and Incident Response Threat Landscape Threat Modeling Training and Awareness Vulnerability & Exploit Vulnerability Advisory Vulnerability Analysis Vulnerability and Exploit Vulnerability and Exploit Analysis Vulnerability and Patch Management Vulnerability and Threat Management Vulnerability Assessment Vulnerability Detection and Mitigation Vulnerability Disclosure Vulnerability Exploitation Vulnerability Management Vulnerability Research Vulnerability Scanning Vulnerability/Breach Web Application Security Web Browser Security Web Security Workforce Development
Threat Actor All Access Broker Advanced persistent threat (APT) actors Agrius Akira Akira ransomware group Alexandre Cazes Anatsa Operators Andariel Anthropic APT Salt Typhoon APT-Q-14 APT28 APT34 APT35 APT42 Attacker Number Four Authenticated attackers Banished Kitten Baphomet BianLian Birdie Kingston Bitcoin Depot Attackers Black Hat Operator hired by Sinaloa Cartel BlackBasta BlackBasta ransomware group Blacksprut BlackSuit Bluenoroff Call Center Fraud Gang CanadianKingpin12 Chang Nam Il Charming Kitten China China’s National Computer Virus Emergency Response Center (CVERC) Chinese Communist Party (CCP) Chinese Hack-for-Hire Industry Chinese hackers Chinese Hackers Chinese intelligence and security agencies Cl0p Clop Conor Fitzpatrick Creators of WormGPT Criminal bots Criminal network Criminal Organization Criminals Cryptocurrency Investment Fraud Ring Cyber actors affiliated with the Iranian government Cyber Army of Russia Reborn Cyber Fattah Cyberattackers CyberAv3ngers Cybercriminal CyberN Daniil Kasatkin Dark Angels Dark Storm Team DarkHotel Data Thieves Data-greedy Bots David Franklin Slater Deepfake Actor Impersonating Marco Rubio DeepSeek Dire Wolf Dodgy Used Car Dealer DoNot APT DoppelPaymer DragonForce Educated Manticore Eleven11bot botnet es3n1n EvilConwi FIN7 Financially motivated cybercriminal groups Four American Students Fraudsters Fraudulent Actors Gamaredon GOLD BLADE GOLD REBELLION Golem Google Gorilla operators Group of alleged hackers behind Breachforums Group-IB Hacker-for-hire Hackers backing Tehran Head of Legal (ex-convict) Hector Monsegur Hellcat Hellcat Ransomware group Hive0154 HomeLand Justice Hunters International Imperial Kitten INC Ransom Initial Access Broker IntelBroker Interlock International organization Iran Iran-aligned threat group Iran-backed cyber actors Iran-backed hackers and hacktivists Iran's Islamic Revolutionary Guard Corps Iranian nation-state actors Iranian ransomware crew Iranian state-sponsored hacking group associated with the Islamic Revolutionary Guard Corps (IRGC) Iranian threat actors Iranian-affiliated cyber actors IRGC-affiliated Iranian threat actors IT Army of Russia Jailbreaking users John Andreas Wik Jong Pong Ju Kai Logan West Kai West Kang Tae Bok Kejia "Tony" Wang KillNet Kim Kwang Jin Kim Kwang Jin, Kang Tae Bok, Jong Pong Ju, and Chang Nam Il LapDogs Large criminal syndicates based in Africa Lazarus group Lazarus Group Lizard Squad LockBit Lumma Lumma Stealer operators Malicious actors exploiting Shellter Elite Malicious Cyber Actors Marko Polo Massgrave hacking collective Meduza Meta Mexican drug cartel hacker Mohammed Umar Taj mommy Money Mule Operators MrBruh MuddyWater Mustang Panda Nation-State Actor Nation-state spies and ransomware groups Nation-State Threat Groups Nation-state-aligned threat actors Nicholas Kloster Nicholas Michael Kloster Nigerian Scammers NoName057(16) North Korea North Korean cyber operatives North Korean IT workers North Korean IT Workers North Korean scam IT workers North Korean state-sponsored threat actors North Korean state-sponsored threat groups North Korean threat actor North Korean threat actors NSO Group OilRig Olostep Omnipotent OneClik OpenAI Organized Cybercriminal Groups Organized fraud groups Other threat actors Ourmine Paedophiles Pay2Key.I2P People's Liberation Army (PLA) Phisherfolk Phishers Phone Scammers Pioneer Kitten Play Play ransomware gang Play ransomware group Pompompurin Potential Cybercriminal Private cyber actors working for personal gain or perceived state intelligence requirements. Pro-Iranian hacktivists Professionals Prompt injection attackers Qihoo 360 Qilin Qilin ransomware group RansomHub Ransomware affiliates Ransomware Crews Ransomware gangs Ransomware groups Ransomware operators Ransomware Operators RedLine Remote attackers REvil Rhysida Rogue Ring workers Romance Scammers Romanian cybercriminals Ross Ulbricht Russia Russian Hackers Russian ISPs Safepay SafePay SafePay ransomware gang Salt Typhoon Sandworm Sarcoma Sarcoma ransomware group Scammers Scammers in Nigeria and Ivory Coast Scattered Spider Sednit ServerKillers Shellter Elite Leaker Shiny Hunters ShinyHunters Silk Typhoon Silver Fox Sinaloa Cartel Sinaloa Cartel Hacker Single Bad Actors Skynet Smishing Scammers Sophisticated attackers State-affiliated actors State-controlled actors State-sponsored adversaries TA829 Tencent The Actors behind the Trojanized SonicWall NetExtender App Third-party aggregators and competitive entities Threat actors exploiting CVE-2025-5777 Threat groups in West Africa TradeTraitor TwoNet Tycoon 2FA users UAC-0226 UAT-5918 UNC5135 UNC5174 UNC5691 UNC6040 Unidentified Threat Actors Exploiting CVE-2025-5777 Unidentified Threat Actors Exploiting CVE-2025-6543 UNK_GreenSec Unknown Individual Impersonating Marco Rubio Unnamed ransomware gang UnsolicitedBooker Unspecified Threat Actor Exploiting CVE-2025-5777 Unspecified Threat Actor exploiting Ollama vulnerability Worok Xu Zewei Z-PENTEST ALLIANCE Zachary Shames Zhenxing "Danny" Wang
Actor Aliases All 0ktapus 18th Center of Information Security of Russia’s Federal Security Service (FSB) 3AM ransomware affiliate Agent Daniels with the DOGE Coordination Unit Agent Serpens ALPHV ALPHV/BlackCat AMOS APT-C-06 APT-C-35 APT33 APT35 APT42 APT45 Autumn Breeze Pte. Ltd BlackCat BladedFeline Br0k3r xplfinder Bryan Cho CALANQUE Charming Kitten CharmingCypress Citrix Bleed 2 CitrixBleed CitrixBleed 2 CL-CRI-1014 CL-STA-0240 Co-Conspirator 1 Cobalt Illusion Conor Fitzpatrick Crooks Cyber Fattah CyberArmyRussia CyberAv3ngers DeceptiveDevelopment Defendnot Depressed DEV#POPPER Diogo Santos Coelho DPRK operatives Dunghill Leaks Earth Simnavaz Earth Vetala Educated Manticore El Chapo Facebook Faketivist Famous Chollima finfluencers FirstIdea Fox Kitten FraudGPT friendly advisor gg GIFTEDCROOK Gorilla gpu001 gpu002 GreenCharlie Gwisin Gang hacker Hafnium HAFNIUM Helix Kitten HIUPAN Hollow Hopana Tech Houken INC Ransom INC Ransomware Independent Lab Intelbroker IntelBroker ITG18 Jasper Sleet Kai Logan West Kai West Kyle Northern Lazarus Lemon Sandstorm LockBit Magic Hound Marco.Rubio@state.gov MarsSnake Megafon Mephobia MERCURY MGTS Mint Sandstorm Mint Sandstorm (formerly Phosphorus) Mint Tempest MISTCLOAK Miya Miyako Moonstone Sleet MTS Muddled Libra MuddyWater Mule as a Service Newscaster NICKEL TAPESTRY NNM057(16) no-defender Noct North Korean state actor notachancethisisreal Octo Tempest OilRig Oktapus Onyx Sleet Origami Elephant Parisite Peter Xiao Phishing Gangs Phosphorus Pink Sandstorm pompompurin Pseudo Hunter RedDirection Rey Rory Andrew Godfrey Rostelecom RUBIDIUM Russian cybercriminal group Ryan King Sabu Salt Typhoon scadaadmin Scalper bots Scammers posing as legitimate health insurers and their investigative team members Scatter Swine Scattered Spider SECTOR02 Seedworm Serpens ShinyCorp ShinyHunters Silent Chollima Silk Typhoon SingleCamper Snake Keylogger SnakeStealer SnipBot Star Fraud Starfraud Static Kitten Storm-0287 Storm-1877 TA453 TEMP.Zagros Tenacious Pungsan The Boys The Com The Com (aka Comm) Tony WKJ Two pro-Palestinian hacking groups Tycoon 2FA customer U2DiskWatch UAC-0001 UNC3944 UNC5342 UNC757 UNC788 Uteus Vanilla Tempest Viceroy Tiger Vimpelcom Void Arachne Void Dokkaebi Volt Typhoon World Leaks WormGPT Yellow Garuda your assigned personal agent from the Department of Government Efficiency (DOGE) ZEROLOT Народная Cyberармия
Exploit Method All 2FA Relay Attacks Abuse of Azure Service Principal Identities for Privilege Escalation Access Token Theft Access-based Attacks via Stolen Credentials and Insufficient Access Controls Account Compromise via Lack of MFA Account Takeover via Social Engineering ACR Data Misuse ACR Data Misuse/Exploitation Active Directory Reconnaissance Active Directory Reconnaissance Post-Exploitation Adjacent Network Root Command Execution via Port 16668 Adobe Platform Abuse Age Verification Bypass using VPNs AI Agent Deception and Threat AI Chatbot Phishing/Malware AI Jailbreaks AI Model Poisoning AI Web Scraping as Resource Exhaustion AI-assisted Boilerplate Code Generation AI-Driven Misinterpretation and Bias AI-Driven Smart Contract Exploitation AI-Enhanced BEC AI-Enhanced Scams AI-Generated Phishing/Scam Content AI-Powered Deepfake Cryptocurrency Investment Scam AI-Powered Impersonation for Social Engineering AI-Powered Misinformation Campaigns AI-Powered Multi-Channel Phishing Targeting New Hires AI-powered Phishing and Scam Generation AI-Powered Phishing/Social Engineering AI-Powered Scams via Friends and Family Transactions AI-powered Social Engineering and Malware AI-Powered Vulnerability Exploitation AiTM (Adversary-in-The-Middle) Phishing Alert Fatigue Leading to Missed Incidents Algorithmic Amplification of Misinformation AMI MegaRAC BMC HTTP POST Request AML Invoker Script Modification Privilege Escalation AMOS Backdoor Anatsa Banking Trojan via Google Play Infiltration and Cloud Escalation and Data Exfiltration and RDP exploitation API Endpoint Discovery and Exploitation API Flaw App Store Monopoly Abuse for Data Harvesting APP_KEY Brute-Force APT28 Signal Malware Campaign APT42 Phishing Campaign Arbitrary Code Execution Arbitrary Code Execution via Mazda Connect Vulnerability Arbitrary File Deletion via Form Submission Arbitrary File Upload to Privileged Directories Arbitrary Read and Write Operations via Crafted Web Pages Arbitrary Read/Write via Crafted HTML Page ARBITRARY_FILE_UPLOAD_ROOT_EXECUTION Atomic macOS infostealer Backdoor Attacks on Critical Infrastructure Authentication Bypass and Firmware Tampering Authorization Bypass via Hardlinks Authorized Push Payment (APP) scams Automated Vulnerability Discovery of Low-to-Medium Severity Bugs AWS Reconnaissance via Backup Service Enumeration Azure App Services Information Disclosure Backdoored LLMs Backdoored LLMs via Python Deserialization (Pickle Module) Baiting News Site Investment Fraud BitLocker Data Harvesting Black Market Operations Boot Disk Bypass Authentication Browser Extension Hijacking via Malicious Updates Browser Fingerprinting Browser Hijacking via Malicious Browser Extensions Browser Hijacking via Malicious Extensions Brute-Force Attacks BSS buffer overflow in ParseGLInfoData Buffer Overflow Business Email Compromise (BEC) Business Email Compromise (BEC) Using AI Business Email Compromise (BEC) via Tycoon 2FA Business Logic Vulnerabilities Bypass of Application Folder Check Bypassing Multi-Factor Authentication (MFA) via Social Engineering Bypassing Perimeter-Based Security Camera System Exploitation CAN Bus Injection Cascading Effects in Multi-Agent Workflows Catwatchful Data Exposure Censorship and Removal of Privacy Tools Certificate Expiration Leading to Service Outages Chaining Vulnerabilities Change Healthcare Hack Childcare CCTV Hacking Chrome Remote Desktop PIN Bypass chroot arbitrary shared library load Circumventing Security Camera Login Circumventing with Advanced Bots CitrixBleed CitrixBleed 2 CitrixBleed 2 - Session Token Theft CitrixBleed 2 Exploitation CitrixBleed 2 Memory Leak CitrixBleed 2 Session Hijacking CitrixBleed2 Session Token Theft Cl0p Data Exfiltration Tool RCE Clearing command history for obfuscation ClickFix ClickFix Attack ClickFix Social Engineering ClickOnce Abuse CLOUD Act Data Access Cloud Misconfigurations Cloud Resource Consumption Abuse Cloud Service Disruptions Code Injection via Insecure Development Sites CoinMarketCap and Cointelegraph Phishing Pop-ups Command and Control (C2) Operations Command Injection Command Injection via Malicious Symlink Communications Network Hijacking (El Al flights) Compromise of Public-Facing Portals Compromised AI Chatbot Compromised Camera and Mobile Phone Surveillance Compromised Chrome Extensions Supply Chain Compromised Credentials and Password Spraying via VPN Compromised IoT Devices for Botnets Compromised MikroTik Routers Compromised Non-Human Identities via Leaked Secrets Compromised Password Bypass with Passkeys Compromised Passwords leading to email interception Compromised Remote Management Tools for Persistence and Security Control Disablement Compromised Second-Hand Computer Compromised Smart Home Devices for Botnet DDoS Attacks Compromised Trezor Support System used for Phishing Compromised US Identities for Remote Access Compromising VS Code extensions via OpenVSX token exfiltration ConnectWise Context Leakage and Unauthorized Data Access Context Poisoning Attacks via MCPs Control Flow Flattening in JavaScript to deliver Remcos Copyright Law Violation COVID-19 Research Data Theft Crafted API Request (CVE-2025-20281) Crafted API Request Privilege Escalation crafted HTML page leading to remote code execution Credential Access Attempts Credential Dumping with Mimikatz Credential Harvesting Credential Harvesting via Spear-Phishing Credential Phishing Credential Phishing via .es TLD Credential Stuffing Credential Stuffing for Loyalty Account Takeover Credential Stuffing via Residential Proxies Credential Stuffing/Brute-forcing with common usernames and passwords Credential Stuffing/Reuse Credential Theft Credential Theft for Proxy Setup Credential Theft via Infostealer Malware Cross-Platform Keylogger Cross-Site Manipulation via Prompt Injection Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) in Webmail Services Cross-Site Scripting (XSS) via KaTeX Cross-Site Scripting (XSS) via Security Header Removal Cryptocurrency Laundering via Obfuscation Channels Custom Phishing Kits Cyber Espionage Attack (September 2023) Cyber Offensive Operations Cyber-attacks of a very high degree of technical complexity Cyberattack Cyberattack leading to data exfiltration Cyberattack on UNFI Cyberattacks following air strikes Cyberespionage for Intellectual Property Theft Cybersecurity Fatigue leading to Increased Attack Risk D-Link DIR-859 Account Credential Theft D-Link DIR-859 Path Traversal for Account Dumping Dark Patterns Data Access Via Support Personnel Data Breach of ID Verification Company Data Breach via Third-Party Platform Data Breach via Unspecified Vulnerability Data Breaches and Leaks Data Broker Database Leak Data Broker Exploitation for Profit Data Collection and Transfer to China Data Collection and Usage for Model Training Data Collection and Usage for Model Training (Privacy Violation) Data Collection without Explicit Consent Data Corruption Malware Data Exfiltration Data Exfiltration and Browser Redirection Data Exfiltration and Extortion Data Exfiltration and Sale Data Exfiltration and Sale on Dark Web Marketplaces Data Exfiltration and Source Code Theft Data Exfiltration and System Sabotage Post-Compromise Data Exfiltration of Site Metadata Data Exfiltration via Chinese-Owned VPNs Data Exfiltration via Malicious Packages Data Exfiltration via Slack Connector Data Exfiltration via Telegram Channel Data Exfiltration via Unauthorized Access Data Exfiltration via Unsecured File Sharing Data Exfiltration via VPN Apps Data Exfiltration with Infostealer Malware Data Exfiltration-based Extortion Data Exploitation via ACR Data Extortion (Encryption-less) Data Leakage Data Leakage via AI Applications Data Leakage via GenAI Prompts Data Poisoning Data Poisoning Attacks Data Poisoning in Retrieval Augmented Generation (RAG) Data Sharing Through Shared Photos Data Theft and Sale Data Theft and Sale on BreachForums Data Theft of Chat Logs and Metadata DDoS DDoS Attack DDoS Attacks DDoS Attacks (mentioned, no details) DDoS Attacks and Website Defacement Decrypt Later Decryption of Encrypted Passcodes Deepfake Impersonation Deepfake Video Manipulation Deepfake-based attacks Deepfake-enabled Financial Fraud Default Admin Password Generation Default Credentials Default Credentials Exploit - School Projectors and Audio Systems Default Credentials Exploit - Traffic Light Audio Buttons Default Password Exploitation Default Password Generation Default_Password_Reconstruction Defendnot/no-defender exploit Windows Security Center (WSC) API Delayed Incident Containment Delayed Security Updates deleteAppFile Directory Traversal Arbitrary File Deletion Denial of Service via CVE-2025-6543 Denial-of-Service (DoS) Attack Denial-of-Service Attacks via CVE-2025-6543 Deserialization Attacks Deserialization of Untrusted Data in ReadValue Method Deserialization of Untrusted Data via readObjectFromConfigFile Destructive Malware (Data Wipers) Digital Sextortion Directory Traversal Arbitrary File Deletion and Information Disclosure Directory Traversal Arbitrary File Deletion in deleteEventLogFile method Directory Traversal Arbitrary File Write Directory Traversal in compressDriverFiles Directory Traversal in compressFirmwareDumpFiles Directory Traversal Information Disclosure via getFileUploadSize method Directory Traversal via getAppFileBytes Directory Traversal via getDriverTmpPath Disruption of Online Services and Data Theft DLL Side-Loading DLL Side-Loading via Shine.exe DLL Sideloading using Rundll32.exe DNS Hijacking - Lenovo Website DNS Interception/Spoofing via Unencrypted DNS Queries DNS-based Attacks Domain Name Spoofing via Certificate Authority Trickery Domain-Based Phishing DoppelPaymer Ransomware Attack DragonForce Ransomware Deployment Eavesdropping and Call Initiation Ecovacs Robot Vacuum Vulnerabilities Email Bombing Email Spoofing Email System Outage Leading to Unsecured Alternatives error-prone processes Espionage Attack on ICC IT Systems (September 2023) EternalBlue Ethereum Attack (ByBit) Evil Twin Fraud (Android) EvilConwi Authenticode Stuffing Excel Backend Vulnerabilities Excessive Container Privileges Excessive Data Collection and Transmission to China Exchange Webmail Command and Control Executable disguised as shortcut using .PIF Extension Execution of PowerShell via LNK files from Cloudflare domains Exfiltration of Secrets from Force-Pushed Git Commits Exploitation of 'Display over other apps' Permission Exploitation of Biased AI systems Exploitation of Code Vulnerabilities in Cloud Applications Exploitation of Electronic Signals (Phone Calls) Exploitation of Expired Certificates Exploitation of Inadequate Legal Framework Exploitation of known vulnerabilities Exploitation of Known/Unknown Vulnerabilities in Unpatched Software Exploitation of Misconfigured Cloud Instances Exploitation of Older Vulnerabilities Exploitation of Open Ports Exploitation of Security Weaknesses Exploitation of stolen credentials Exploitation of Unpatched Vulnerabilities Exploitation of Virtualized Environments for Lateral Movement and Persistence Exploitation of Vulnerable Public Services Exploitation via SSHD process Exploiting AI with Sensitive Data Exploiting Basic Vulnerabilities Exploiting Fragmented Security Ownership and Siloed Tools Exploiting OT Devices Exploiting Vulnerable Applications Exposure of Development Systems via Certificate Transparency Logs Fake Certificate Usage Fake Installer Distribution with Sideloading Fake IT Worker Scheme Fake LinkedIn Job Interview Attack Fake Nginx Web Server and TLS Certificate Impersonation False Positive Exploitation Fare Scraping Faulty Antivirus Update Causing System Crashes FileFix Filename-based Anti-Analysis Firesheep Firmware Downgrade via Nonce Tampering Forced Gemini Integration and Data Access Override Forminator WordPress Plugin Arbitrary File Deletion FortiOS CLI Password Decryption via Hardcoded Key FortiWeb Pre-Auth SQLi to RCE via .pth file injection Fraudulent Websites (Information Stealing) Game Hacking Generative Engine Optimization (GEO) getFileUploadBytes Directory Traversal Gift Card Brute-Forcing GitHub Abuse for Malware Hosting and Staging Gmail Multi-Factor Authentication Bypass Goal Hijacking Google Sites Phishing GoogleFiber Router Settings Access Government Device Ban due to Security Concerns GPS Jamming GPS Spoofing GPUHammer_Rowhammer_Attack Granting Accessibility Permissions to Malicious Apps Gravity Forms Plugin Compromise Hafnium Campaign Exploitation of Microsoft Exchange Zero-Day Vulnerabilities Hallucinations Hardcoded Credentials Exploitation Harvest Now Heap Buffer Overflow in SendGetRecPlan Help Desk Scams HexEval Loader and BeaverTail Stealer Hijacking Amazon EventBridge for Cross-Account Attacks Hijacking Bluetooth connection and issuing commands Houken Intrusion Set HTML Smuggling HTTP to HTTPS Redirection Without HSTS Human Error Human Error in Traditional Risk Management Framework (RMF) Processes ICS Manipulation IDOR on McHire chatbot platform IIS Module Backdoor (PrimeCache) Illegal Collection and Use of Personal Information (Starbucks WeChat Applet) iMessage/iCloud Hacking Impersonation and Social Engineering Improperly Configured Server In-Memory C2 and Lateral Movement/Privilege Escalation Incompatible Refueling Systems Indirect Prompt Injection via Hidden Directives Infiltration Attempt Information Exposure via Developer Tools Information Gathering via HTTP Response Codes and Headers Information Leak via GetCapacity Infostealer Malware-as-a-Service Infostealer Operations Infostealer-enabled credential harvesting Infrared Facial Recognition Disruption Initial Clean Insecure Direct Object Reference (IDOR) Insecure Firmware Update Mechanism Insecure IIoT Device Configuration/Vulnerable Firmware Insecure Outputs Insecure Practices Leading to Cybersecurity Problems Insider Access Exploitation Insider Access/Abuse Insider Threat Exploitation (North Korean Scam IT Workers) Insider Threat/Data Theft Insider Threats via Access Mismanagement and Poor RBAC Hygiene Integrity Level Bypass (SepMediumDaclSd Patch) IntelBroker Data Theft and Sales Intelligence Gathering and Espionage Internal Espionage Attempt - Hostile Spy Internet-Facing Network Device Exploitation IP Tracking Iranian Hacktivist Cyber Attacks on US Critical Infrastructure Jailbreak Prompts for Malicious LLM Use Jailbreaking Jailbreaking Legitimate LLMs Jailbreaking LLMs JavaScript Dependence Jira Misconfiguration Job Object Escape (Code Injection into winlogon.exe) JWT Authentication Attack Kaleidoscope Adware 'Evil Twin' Kernel Driver Crash via Improperly Tested Update Keylogging Functionality (Potential) Lack of Network Segmentation Lack of Prioritization of Vulnerability Data Laptop Farms for IP Address Spoofing Later Malicious Updates Lateral Movement Lateral Movement via Shared Credentials Laundering Stolen Funds via Financial Accounts LDAP Injection Legacy Cryptographic Algorithms Legal Takedown as Censorship Tool Leveraging Chinese Cybersecurity Law for Data Acquisition Limitless Logger Usage Living Off the Land Living Off The Land (LOTL) Exploits Living off The Land (LoTL) Techniques LLM Jailbreak via Guessing Game LLM Jailbreaking LLM-Driven Phishing URL Acquisition Log4Shell Logless Hunt Lookalike Domain Phishing LSASS Dumper Lua_Injection_via_Null_Byte Lumma Stealer via Malicious CAPTCHA Macro-Enabled Phishing Malformed HTTP POST Request Memory Leak Malicious Admin Account Creation Malicious Ads Leading to 'Nudify' App Malicious Browser Extension Backdoor Malicious Browser Extensions Malicious File Upload (CVE-2025-20282) Malicious Open Source Packages Malicious Open VSX Extension Distribution Malicious Payload Execution for Initial Access Malicious URL Injection via Deceptive Code Malware Download and Execution via Certutil Malware Exploitation Malware Introduction by DPRK IT Workers Man-in-the-Middle Attacks Manipulation of Trip Logic Manipulation or Identity Forgery to Access Cloud Services Manual Masquerading Payloads as Legitimate Software Massgrave PowerShell Activation Scripts MCP Extensibility Risks MD5 Sum Authentication Bypass and Root Access Memetic Viruses Memory Corruption Memory Overread leading to Sensitive Data Disclosure Memory-related vulnerabilities MFA Fatigue/Push Bombing Microsoft 365 Direct Send Abuse for Phishing Microsoft 365 Direct Send Phishing Microsoft 365 Exchange Online 'Direct Send' abuse for Phishing Microsoft Exchange Attack 2020 Microsoft Exchange Server Vulnerability Exploitation by HAFNIUM Microsoft Office 365 Unauthorized Access Microsoft Office RCE via crafted documents Microsoft Office RCE via Preview Pane Misidentification by Facial Recognition Leading to False Arrest/Engagement Mobile Phone and Device Exploitation Mobile Phone Exploitation and Geolocation Tracking Money Laundering via Crypto-Transfers Money Laundering via Sanctioned Tools Monster-in-the-Middle (MitM) Attack MOVEit MOVEit SQL Injection Exploitation (2023 Clop Ransomware Campaign) MOVEit Transfer Mass Exploitation MQTT Wildcard Subscription for Tractor Tracking mSpy Multiple Leaks Mule as a service Multi-Stage Malware Infection MyBB 0day Narrative Poisoning Attacks via Generative AI NeighborJack Network Intrusion and Data Exfiltration Network Misconfiguration Network Throttling via Packet Injection/Blocking NFC-Based Fraud NFC-based Fraud/Relay Attacks nOAuth Abuse NTLM Relay Attack Null Byte and Lua Injection Obfuscated BAT files delivering NetSupport RAT October 2023 Data Breach Office Preview Pane Exploitation Older Vulnerabilities OneClik Campaign Open VSX Registry Privilege Escalation via CI/CD Poisoning Open VSX Registry Takeover Open VSX Repository Takeover via Extension Publishing Mechanism OT System Exploitation Outdated Operating Systems Outdated Software and Irregular Patch Releases/Delayed Patch Installation Overlay Attack/UI Redressing Passkey Workflow Complexity leading to User Confusion and Failures Password Bruteforcing Password Guessing/Brute Force Attacks Password Guessing/Brute-forcing Password Reuse Password Sharing Password Sharing/Lending Password Vulnerability Patch_Bypass_via_Functional_Test_Failures Path Parsing Bypass using NT Object Manager prefix PDF Annotation Abuse PDF Phishing PDF Tampering/Forgery Perception Hijacking via DOM/Page Manipulation PerfektBlue chained Bluetooth attack PerfektBlue Exploit Chain Persistence Persistence Mechanisms Phishing Phishing and MFA Bypass Phishing and Scripting via Gemini Phishing and Social Engineering Phishing Attack Phishing Attacks Phishing attacks using scraped personal data Phishing Campaign Impersonating DOGE Phishing Campaign Spoofing Amazon Phishing Campaign Targeting Israeli Academics and Journalists Phishing Domain Generation Phishing Email Triage Automation Phishing Email with Malicious VBE Script Phishing emails with redirection chains Phishing for Credentials via Spoofed Login Pages Phishing via Fake DocuSign Emails Phishing via Microsoft 365 Direct Send Abuse Phishing via SMS (Smishing) Exploiting Service Disruption Phishing via Webflow redirection with fingerprinting Phishing with malicious HTML file Trojan.Agent.FZPI Phishing-as-a-Service (Tycoon 2FA) Phishing-related scams Phishing/Smishing via Password Fallback Phishing/Smishing/Malvertising for Credentials Phishing/Social Engineering Phone Spoofing and VoIP Routing PHP Deserialization via Laravel Encryption Physical Access and Boot Disk Password Reset Physical Access and Camera Access at Gym Physical Access Authentication Bypass Physical Access Bypass Pig Butchering Scams Plaintext Credential Exposure PLC Hacking Poisoned Solana Blockchain API via LLM Promotion Post-Exploitation_File_Enumeration_and_User_Creation Potential Data Exfiltration via Fourth-Party Supplier Vulnerability Potential Ransomware Attack PowerShell code inside LNK files PowerShell file download and execution PRC File Parsing Out-Of-Bounds Read Pre-receive hook port binding Predictable Default Admin Password Generation Predictable Password Generation by LLMs Preloaded Malware on Counterfeit/Gray-Market Devices Privacy risks associated with cloud-based AI processing of user photos Privacy Violation via Facial Recognition Misidentification Privilege Escalation via Compromised C-Suite Accounts Privilege Escalation via PreviousMode Modification Privilege Escalation/Lateral Movement via Over-Permissioned Entra Apps Privilege Misuse/Insider Threats Privileged Access Workstation (PAW) Compromise Privileged Account Abuse and MFA Bypass Privileged Account Abuse Post-Suspension Programmatic Exploitation of CyberArk PAM Vaults Prompt Injection Prompt Injection for AI Evasion Prompt-Based Hijacking via Hidden Prompt Injection Qilin Ransomware Attack QR Code Phishing Quantum Computer Encryption Breaking Qubit Decoherence via Amplifier Heat and Noise Race Condition for Partial Write (CVE-2024-30088 Weaponization) Ransomware Ransomware and Data Wipers Ransomware and Disk Wiping Ransomware as a Service (RaaS) via Bulletproof Hosting Ransomware Attack Ransomware Attack (Dark Angels) Ransomware Attack (INC Ransom) Ransomware Attack (Seattle-Tacoma Airport) Ransomware Attack by Qilin Ransomware Attack Leading to Data Exfiltration and System Disruption Ransomware Attack Leading to Service Disruption and Contributing to Death Ransomware Attack Leading to System Disruption and Data Exfiltration Ransomware Attack via Phishing Ransomware Attacks Ransomware Attacks and Money Laundering Ransomware Attacks on Retailers Ransomware Attacks on UK Retailers Ransomware attacks on US and Israel Ransomware attacks targeting Microsoft Entra ID Ransomware Attacks targeting UK Retail Ransomware Exploitation of SaaS Environments Ransomware Negotiation Fraud/Insider Threat Ransomware targeting backups Ransomware via Malicious Email Ransomware-as-a-Service (RaaS) Ransomware-as-a-Service (RaaS) - Pay2Key.I2P RDP-Based Attacks Reading Currently Playing Media readNICParametersFromFile Deserialization Reconnaissance Redirection Exploit Redirection to Fake Update Pages Reflection Attacks (QOTD, Echo, NTP, RIPv1) Regulatory Vacuum for Harmful AI Deployment Remote Access Trojan (RAT) Distribution via .es TLD Remote Code Execution (RCE) Remote Code Execution (RCE) via Peer-to-Peer Networking Remote Code Execution (RCE) via Publicly Exposed Web Server Remote Code Execution by chaining multiple primitives Remote Code Execution in Cisco ISE/ISE-PIC Remote Code Execution via Crafted HTML Remote Code Execution via eval() in Content Management Tools Remote Code Execution via Unchecked Input Handling and Excessive Permissions Replay Attacks Residential Proxy Abuse Restart Loop Exploit restoreESwitchConfig Directory Traversal Retrieval Augmented Generation (RAG) Poisoning Reusing Legacy Malware (Marai Bot, Qakbot, Emotet) Reverse Shell Creation Reverse Tunneling Ring Account Compromise for Swatting Romance Scams RondoDox botnet exploiting TBK DVRs and Four‐Faith routers Rootfs Modification via Incomplete Secure Boot Rowhammer on Nvidia A6000 GPU SafePay Ransomware Sainbox RAT and Hidden Rootkit Deployment Salt Typhoon GRE Tunneling SAML_SSO_COMMAND_INJECTION Sandbox Evasion SAP GUI Client Vulnerabilities - Unsafe Storage of Sensitive Data saveAsText Directory Traversal Scalper Bots Scanning AWS IP Ranges for Publicly Accessible Neptune Instances Scareware Popup Tech Support Scam Scattered Spider TTPs Scheduled Task Persistence Screen Spying via Chromium --auto-select-desktop-capture-source Search Engine Manipulation in Open VSX Marketplace Seat Spinning Second Stage Delphi-Based Malware Security Baseline Customization Loss Self-Service Password Reset & MFA Manipulation Self-XSS to Stored XSS via Credentialless Iframes and fetchLater API Session Hijacking & Lateral Movement Session Hijacking via CVE-2025-5777 Session Hijacking via MFA Bypass Session Hijacking via Stolen Session Tokens Session Hijacking via stolen tokens (related to CVE-2025-5777 and CitrixBleed CVE-2023-4966) Session Hijacking via Token Theft Session Token Hijacking Session Token Replay via Memory Overread Session Token Theft and MFA Bypass Sextortion Email Scams Shared Secret Vulnerability in Passwords Shellcode Execution from 1.txt Shellter Elite Abused to Deploy Infostealers Shellter Elite AV/EDR Evasion Loader Misuse ShortLeash Backdoor Installation ShortLeash Malware Deployment Side-loading Malicious IDE Extensions by Spoofing Trusted Extension IDs Sideloading Apps Signature Forgery SIM Swap Attack SIM Swapping Single Sign-On (SSO) System Compromise Single-Vendor Monoculture Leading to Widespread Vulnerability Slack Message Crawling Smart Contract Modification SMB flaws SMB Share Script Execution Delay Smishing Smishing (SMS Phishing) SMS Blasting using 2G Vulnerability SMS Message Interception SMS Phishing with Social Engineering and Link Activation SMS-Based 2FA Interception via Roaming Social Engineering Social Engineering and Identity Fraud Social Engineering and MFA Bypass Social Engineering and Spear-Phishing Social Engineering Bypassing MFA Social Engineering Bypassing Multi-Factor Authentication Social Engineering for ESU Enrollment Social Engineering leading to data breach Social Engineering Leading to MFA Bypass and Credential Theft Social Engineering leading to MFA Reset Social Engineering Leading to Password Reset Social Engineering of Help Desks Social Engineering of IT Help Desk Social Engineering Scams Social Engineering Scams (Romance Baiting/Pig Butchering) Social Engineering to Change Default Security Settings Social Engineering via Fake Helpdesk Calls Social Engineering via Fake Job Assignments Social Engineering via Fake News Websites Social Engineering via Finfluencers Social Engineering via IT Help Desk Impersonation Social Engineering via IT Support Impersonation Social Engineering via Phone Scams Social Engineering/Insider Threat Social Engineering/Romance Scams Software Supply Chain Attacks SolarWinds Sophisticated Cyberattack Sophisticated Cyberattack on ICC SparkKitty Trojan Spear Phishing Spear Phishing Campaign Spear-phishing Spear-Phishing Spear-Phishing for Initial Access Spear-Phishing via Malicious Google Drive Link Spear-Phishing with Credential Harvesting and 2FA Relay Spear-Phishing with DLL Side-Loading Spearphishing with malicious attachments SPECIALLY_CRAFTED_API_REQUEST_ROOT_EXECUTION Spoofing Attacks (Deepfakes and Injection Attacks) Spyhide Data Exposure SpyLoan Apps SQL injection SQL Injection (SQLi) SQL Injection in Catwatchful SQL Injection via phpMyAdmin SSH Brute-Force Attack SSH Tunneling for Proxying SSRF via HTTP Redirect Loops Stack overflow in GetUserList Stack Overflow PHP Problem Stealthy Persistence in AWS via Lambda Versioning Stolen API Key Stolen Credentials Stolen Credentials and Fake Identities for IT Employment Stolen Credentials and Trust Exploitation Stolen Identity and Impersonation Scheme Stolen VPN/RDP Credentials Storage of Sensitive Data on Mobile Devices Subdomain Enumeration via Certificate Transparency Logs Subdomain Enumeration via CSP Headers Subtle Coercion for Feature Usage Supply Chain Attack Supply Chain Attack via Unpatched Software/Insecure APIs/Open-Source Vulnerabilities Supply Chain Attacks Supply Chain Attacks Targeting Remote Management Tools and Cloud Services Supply Chain Compromise Surveillance Camera System Access Surveillance Operations System Engineering and Diagnostic Tool Misuse (OT Environment) TapTrap Task Scams Third Stage C++ Data Stealer Third-Party Driver Kernel Vulnerability Third-Party Platform Compromise via Call Center Access Third-Party Platform Data Breach Third-Party Vendor Compromise Leading to Lateral Movement Timing of Attack TOAD/Callback Phishing Token Theft via Malicious Extension Tracking Tech on Android Transient Scheduler Attacks Trezor Phishing Scam via Contact Form Abuse Trojanized NetExtender Distribution (SilentRoute) Trojanized SonicWall NetExtender App Type Confusion in V8 JavaScript Engine Leading to Arbitrary Code Execution TypeResolutionService Deserialization of Untrusted Data Typosquatting and Cheap TLDs U3D File Parsing Out-Of-Bounds Read U3D File Parsing Out-Of-Bounds Read Remote Code Execution U3D File Parsing Use-After-Free U3D_File_Parsing_Use-After-Free_Remote_Code_Execution UAC Weakening via Registry Modification UDP Flood Unauthorized Access Unauthorized Access and Data Exfiltration Unauthorized Access to Computer Systems Unauthorized Access via Trusted Locations Unauthorized Automation Unauthorized Credit Card Use for Hacking Tools Unauthorized Data Access via GenAI-Generated Reports Unauthorized Data Storage Unauthorized Physical Access via Insecure Lock Screen Configuration Unchecked System Commands leading to OS Compromise Uncontrolled Excel Password Storage Undersea Cable Sabotage Unfettered Camera Roll Access and AI Analysis Unintended Data Access via Gemini Extensions Unintended Web Scraping and Botnet Activity Unlawful User Data Transfers to China via DeepSeek Apps Unnecessary Port Exposure Unregistered Data Broker Activity Unrestricted AI Content Scraping Unrestricted File Upload via getFileFromURL Unsecured Public Wi-Fi Unspecified Web Application Vulnerabilities Unvetted Dependency Ingestion Unwarranted Web Scraping by AI Bots US Administration Instructed Service Refusal USB Worm (HIUPAN) for Malware Propagation Use of Default Passwords Use of Shell Companies and Fake Personas Using Windows 10 after End of Life VDI-Related Instability VS Code Project Backdoor via tasks.json VSXPloit Vulnerability_Exploitation_via_Crashing_Programs Wallet Compromise WannaCry Weak Password Attack Weak Password Exploitation Weak Password Leading to ICS Attack Weak Password on Web-Accessible Control Panel Weak/Easily Guessed Passwords Website Defacement Wing FTP Server Null-Byte Authentication Bypass XML Injection XSS (Cross-Site Scripting) XSS Attack Zero-Day DoS Zero-day exploit Zero-day Exploit Production Zero-day exploitation of CVE-2025-6543 ZEROLOT Data Wiper
Vulnerabilities All CVE-2011-5325 CVE-2015-1548 CVE-2017-11774 CVE-2017-17663 CVE-2018-13379 CVE-2018-15133 CVE-2019-0604 CVE-2019-0708 CVE-2019-11510 CVE-2019-19781 CVE-2019-5591 CVE-2019-6693 CVE-2020-12812 CVE-2020-1472 CVE-2021-31207 CVE-2021-34473 CVE-2021-34523 CVE-2021-44228 CVE-2021-45046 CVE-2021-45105 CVE-2022-1388 CVE-2022-26134 CVE-2022-30190 CVE-2022-42475 CVE-2022-47966 CVE-2022-47986 CVE-2023-20198 CVE-2023-27350 CVE-2023-34362 CVE-2023-3519 CVE-2023-36934 CVE-2023-38831 CVE-2023-46805 CVE-2023-4966 CVE-2023-6448 CVE-2024-0769 CVE-2024-21887 CVE-2024-24919 CVE-2024-30088 CVE-2024-3094 CVE-2024-3400 CVE-2024-45347 CVE-2024-45431 CVE-2024-45432 CVE-2024-45433 CVE-2024-45434 CVE-2024-48987 CVE-2024-51977 CVE-2024-51978 CVE-2024-51979 CVE-2024-51980 CVE-2024-51982 CVE-2024-51983 CVE-2024-51984 CVE-2024-54085 CVE-2024-55556 CVE-2024-8190 CVE-2024-8963 CVE-2024-9380 CVE-2025-1533 CVE-2025-20264 CVE-2025-20281 CVE-2025-20282 CVE-2025-20309 CVE-2025-20700 CVE-2025-20701 CVE-2025-20702 CVE-2025-25257 CVE-2025-2783 CVE-2025-27889 CVE-2025-30012 CVE-2025-32462 CVE-2025-32463 CVE-2025-3464 CVE-2025-3509 CVE-2025-3699 CVE-2025-43576 CVE-2025-43578 CVE-2025-4664 CVE-2025-47811 CVE-2025-47812 CVE-2025-47813 CVE-2025-47980 CVE-2025-47981 CVE-2025-48822 CVE-2025-48927 CVE-2025-48928 CVE-2025-49144 CVE-2025-49695 CVE-2025-49696 CVE-2025-49697 CVE-2025-49698 CVE-2025-49701 CVE-2025-49702 CVE-2025-49703 CVE-2025-49704 CVE-2025-49717 CVE-2025-49719 CVE-2025-49724 CVE-2025-49735 CVE-2025-5349 CVE-2025-5777 CVE-2025-6218 CVE-2025-6463 CVE-2025-6521 CVE-2025-6522 CVE-2025-6543 CVE-2025-6554 CVE-2025-6640 CVE-2025-6642 CVE-2025-6645 CVE-2025-6650 CVE-2025-6657 CVE-2025-6793 CVE-2025-6794 CVE-2025-6795 CVE-2025-6796 CVE-2025-6797 CVE-2025-6798 CVE-2025-6799 CVE-2025-6800 CVE-2025-6801 CVE-2025-6802 CVE-2025-6803 CVE-2025-6804 CVE-2025-6805 CVE-2025-6806 CVE-2025-6807 CVE-2025-6808 CVE-2025-6809 CVE-2025-6810 CVE-2025-6811 CVE-2025-XXXXX CVE‐2024‐12856 CVE‐2024‐3721 ICSA-24-095-02
MITRE ATT&CK TTP All "Command and Scripting Interpreter: T1059 "context": "" "context": "The North Korean workers obtained employment using fabricated or stolen identities. This represents the use of Valid Accounts to gain access to systems and resources." "contradictions": "" } "contradictions": "The article states the accounts were obtained using stolen or fake identities. While not legitimate credentials by origin "Data Encrypted for Impact: T1486 "Exploit Public-Facing Application: T1190 "independent_analysis": "" "independent_analysis": "The use of stolen or fake identities aligns directly with the definition of using valid accounts. The AI-assisted identity creation further illustrates a deliberate effort to bypass authentication controls." "Ingress Tool Transfer: T1105 "Lateral Tool Transfer: T1570 "Obfuscated Files or Information: T1027 "Remote Services: T1021 Application Layer Protocol: T1071 Brute Force: T1110 Cloud Accounts: T1078.004 Command and Scripting Interpreter: T1059 Compromise: T1195 Content Injection: T1659 Credential Stuffing: T1110.001 Credentials from Password Stores: T1555 Data Encrypted for Impact: T1486 Data Theft: T1083 Denial of Service: T1499 Deobfuscate/Decode Files or Information: T1140 Drive-by Compromise: T1189 Email Forwarding Rule: T1114.003 Exploit Public-Facing Application: T1190 Exploitation for Client Execution: T1203 Exploitation for Privilege Escalation: T1068 Exploitation of Remote Services: T1210 External Remote Services: T1133 File and Directory Discovery: T1083 Impair Defenses: T1562 Indicator Removal: T1070 Information Disclosure: T1535 Ingress Tool Transfer: T1105 Inhibit System Recovery: T1490 Input Capture: T1056 Lateral Tool Transfer: T1570 Modify Registry: T1112 Native API: T1106 Non-Application Layer Protocol: T1095 Obfuscated Files or Information: T1027 OS Credential Dumping: T1003 Persistence Phishing: T1566 Physical Access: T1197 PowerShell: T1059.001 Process Injection: T1055 Proxy: T1090 quotes": [ "North Korean workers use stolen or fake identities created with the help of AI tools to get hired by more than 100 companies in the U.S." ] quotes": [] Remote Services: T1021 Replication Through Removable Media: T1091 Scheduled Task/Job: T1053 Service Stop: T1489 Social Engineering: T1566.001 Social Engineering: T1598 Spearphishing Attachment: T1193 Spearphishing Link: T1192 Spearphishing: T1566 Supply Chain Compromise: T1195 System Information Discovery: T1082 they are 'valid' in the sense that they are used to successfully authenticate and gain access." Trusted Relationship: T1199 ttp": { "items": { "Valid Accounts: T1078 Unsecured Credentials: T1552 Valid Accounts: T1078 Vulnerability Scanning: T1595.002 Web Shell: T1505.003 Windows Command Shell: T1059.003 Windows Management Instrumentation: T1047
Exploited Software All .NET applications using AppDomainManager "solidity" Open VSX extension 23andMe 2G (GSM) communication standard 7z ACME mini_httpd Active Directory Active Directory (AD) Adobe Acrobat Adobe Acrobat Reader Adobe platform Agent Tesla Ahold Delhaize Systems Ahold Delhaize USA Systems Airoha systems on a chip (SoCs) Akira Akira Ransomware Alder Hey AlphV Amazon Login Pages Amazon Web Services (AWS) Elastic Compute Cloud (EC2) instance running a web server AMI BMC AMI MegaRAC firmware AMI MegaRAC SPx Android Android (specifically older versions and/or vendor implementations) Android adware Android Adware Android application package (APK) Android Applications (general) Android operating system (OS) image Android OS AnyDesk Apache Log4j Apache Tika API Key API Keys and Tokens APIs Apple macOS Terminal app Armoury Crate AsIO3.sys ASUS Asus Armoury Crate AsyncRAT Atlassian Confluence Atlassian Confluence Server and Data Center Atomic macOS Stealer Atomic macOS Stealer (AMOS) Australian Childcare Centre CCTV systems AWS CloudTrail AWS Neptune Azure Azure Machine Learning (AML) Baidu Cloud BianLian ransomware BianLian Ransomware Bitsadmin.exe Blue SDK Bluetooth stack used by OpenSynergy Bluetooth audio devices Bluetooth Hands-Free Profile (HFP) Boulanger BreachForums BreachForums (MyBB) Brother Multifunction Printers (MFP) Brother Printer Brother printers Brother Printers Brother printers, scanners, and label-makers browser or operating-system zero-day exploits Browser-Use Buffalo Technology Burger King's Twitter account ByBit C C&M Systems Call of Duty: World War 2 Call of Duty: WWII Call of Duty: WWII (PC version) Catwatchful Cetus Protocol Change Healthcare ChatGPT ChatGPT 4.0 Check Point Security Gateway Christian Dior Couture systems Chrome Chrome browser extensions Chrome extensions Chrome Extensions Chrome Remote Desktop Chrome V8 JavaScript engine Chrome/Edge Browser Extensions Chromium Chromium Embedded Framework (CEF) Chromium-Based Browsers Cisco Identity Services Engine (ISE) Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) Cisco Identity Services Engine (ISE) CVE-2025-20264 Cisco Identity Services Engine (ISE) CVE-2025-20281 Cisco Identity Services Engine (ISE) CVE-2025-20282 Cisco IOS XE Cisco ISE Passive Identity Connector (ISE-PIC) Cisco Unified Communications Manager (CM) and Session Management Edition (SME) Engineering Special (ES) releases Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) Cisco-Linksys Cisco's public-facing DevHub portal Citrix Citrix ADC Citrix Application Delivery Controller (ADC) and Gateway Citrix configuration utilities Citrix NetScaler Citrix NetScaler ADC and Gateway Citrix NetScaler ADC and Gateway appliances Citrix NetScaler ADC and NetScaler Gateway Citrix NetScaler ADC and NetScaler Gateway appliances Citrix NetScaler ADC and/or Gateway Citrix NetScaler devices CitrixBleed CitrixBleed 2 CitrixBleed 2 Vulnerability Cl0p's data exfiltration tool Claimloader Classroom Spy Claude Computer Use Cloud Infrastructure Cloud Resources Cloud Services Cloud-based CCTV systems Cloudflare Tunnel Co-op Co-op IT system Co-op online services Cobalt Strike Cocospy CoinMarketCap Cointelegraph Color Picker, Eyedropper — Geco colorpick Company Networks ConnectWise ConnectWise RAT ConnectWise ScreenConnect corporate computer systems Crater Cross DVR CrowdStrike CrowdStrike Falcon cs.tar archive (UDP flash drive) Csc.exe CVE-2015-1548 CVE-2017-17663 CyberArk CyberArk password vault D-Link D-Link DIR-859 D-Link DIR-859 router D-Link DIR-859 routers Danabot Dark Crystal Data Center GPUs with GDDR6 DC Health Link DDoSia DeepSeek DeepSeek AI DeepSeek's apps Document Viewer – File Reader (Published by ‘Hybrid Cars Simulator, Drift & Racing’) DocuSign DOGE Website DragonForce Ecovacs Deebot X2 Edge browser extensions Edge Extensions Email Emotet Endpoints Entra apps Entra ID Esse Health network systems Ethereum Evilginx (AiTM Phishing Kits) Expired Certificates F5 BIG-IP F5 Networks F5 BIG-IP Face ID Facebook Ads Firefox Firefox Extensions FJD AT2 aftermarket steering system Forminator WordPress plugin Fortinet FortiOS Fortinet FortiWeb FortiOS France Travail Fraudulent Websites French Football Federation (FFF) Frequent Flyer Accounts Fujifilm Printer Fujifilm printers Fujifilm Printers Gemini General Agents ACE Gh0stRAT Gh0stRAT variants GitHub GitHub Enterprise Server GitLab Global Reach Technology systems GlobalProtect VPN GlobalProtect VPN platform Gmail Gmail/Office 365 GoAhead web apps Google Google Accounts Google Ads Google Chrome Google Chrome Extensions Google Drive Google Gemini for Workspace Google Login Page Google Meet Google V8 JavaScript engine Google Workspace GoogleFiber Router GPS Gravity Forms Grok Harrods Harrods online services Harrods websites Help Desk Software Help Desk Software (unspecified) Help Desks and Support Vendors Hewlett Packard Enterprise Hidden rootkit Hikvision Hikvision CCTV systems HIUPAN Horde Horizon Virtual Desktop Infrastructure (VDI) Hotmail HTA Hugging Face Models using Python's pickle module Hunters International Ransomware IBM Aspera Faspex IBM WebSphere Application Server ICC Infrastructure ID verification company Identity Systems IIoT devices with insecure configurations and vulnerable firmware Improperly configured server Industrial Control System (ICS) components for railway management Ingram Micro Internal Systems Ingram Micro Systems Ingram Micro's internal systems Insecure and Common Third-party APIs Internal business systems Internet Information Services (IIS) Internet-connected cameras Invoice Ninja iOS Iranian high-value individuals' credentials and sensitive military info Ivanti Cloud Services Appliance Ivanti Connect Secure and Ivanti Policy Secure javav.exe Jeep vehicles Jenkins Jira JScript (jscript.dll) Kaleidoscope (Android Adware) Kia vehicles Known Open-Source Vulnerabilities Konica Minolta Printer Konica Minolta printers Konica Minolta Printers Kubernetes LDAP Legitimate Domains Lenovo website (lenovo.com) libcef.dll libcef.dll (Chromium Embedded Framework) libFHDEVNet.so liblewei_uartprotol.so liblewei-3.2.2.so liblewei63.so Limitless Logger Linux Linux Kernel Linux systems LLM applications LLMs distributed on platforms like Hugging Face LLMs that use external data sources (Retrieval Augmented Generation or RAG) LNK LockBit Ransomware Log4Shell LogMeIn LoptikMod Louis Vuitton UK operation's systems LSASS (Windows Local Security Authority Subsystem Service) Lumma Info-Stealer Lumma infostealer Lumma Stealer M&S online ordering system macOS Marks & Spencer online services Marks & Spencer online store Marvell QConvergeConsole Mazda Connect McAfee antivirus update McDonald’s AI bot McHire MD5 MDaemon Meduza Info-Stealer Meduza infostealer MegaMedusa MachineDDoS Mercedes-Benz NTG6 system Mescius ActiveReports.NET Mexico City's Camera System Mexico City’s camera system Mexico City’s Camera System MFA (Multi-Factor Authentication) Microsoft Microsoft 365 Microsoft 365 Direct Send Microsoft 365 Exchange Online (Direct Send feature) Microsoft Azure App Services Microsoft ClickOnce Microsoft Cloud environment Microsoft Defender Microsoft Edge Microsoft Edge Extensions Microsoft Entra ID Microsoft Excel Microsoft Exchange Microsoft Exchange Server Microsoft Office 365 Microsoft Outlook Microsoft SharePoint Microsoft SQL Server Microsoft Teams Microsoft Windows (specifically Windows XP) Microsoft Windows Support Diagnostic Tool (MSDT) Microsoft Word Microsoft’s ClickOnce MikroTik routers Mimic Mimikatz Minecraft Mirai UDP flood Misconfigured Cloud Instances Mitsubishi Electric air conditioning systems Mixtral Mobile Phones Mobile Phones and other devices Model Context Protocol (MCP) servers MOVEit MOVEit Transfer Mozilla Firefox Mshta.exe mSpy Multi-Factor Authentication Systems MyBB N-day vulnerabilities NetScaler NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1-37.235, and later releases of 13.1-FIPS and 13.1-NDcPP NetScaler ADC 13.1-FIPS and NDcPP before 13.1-37.236-FIPS and NDcPP NetScaler ADC and Gateway NetScaler ADC and Gateway (CVE-2025-5777) NetScaler ADC and Gateway versions 12.1 and 13.0 NetScaler ADC and NetScaler Gateway NetScaler ADC and NetScaler Gateway 13.1 before 13.1-59.19 NetScaler ADC and NetScaler Gateway 13.1-58.32 and later releases of 13.1 NetScaler ADC and NetScaler Gateway 14.1 before 14.1-47.46 NetScaler ADC and NetScaler Gateway 14.1-43.56 and later releases Netsh.exe NetSupport RAT Network Credentials/Multi-Factor Authentication Settings Network Devices Network Rail public Wi-Fi NFC technology Nginx node-orm-mongoose Nokia Source Code, SSH and RSA Keys Notepad++ installer notflog.exe Nova Scotia Power servers Nova Scotia Power systems npm ntoskrnl.exe NVIDIA A6000 GPU NVIDIA A6000 GPU with GDDR6 Memory Okta Ollama Open Source Packages Open VSX Open VSX Registry OpenSSH OpenSynergy BlueSDK Bluetooth stack OpenSynergy's BlueSDK Bluetooth stack OpenVSX OpenVX Operational Technology (OT) System Engineering and Diagnostic Tools Oracle Cloud Ostrich VPN Outdated software Outlook Outlook Accounts OWASP Juice Shop Palo Alto GlobalProtect VPN Palo Alto Networks GlobalProtect VPN (Potential) Palo Alto PAN-OS Panasonic PaperCut NG Paradox.ai Passwords Pay2Key PC PDF PDF Documents PDF-XChange Editor Pegasus PHP phpMyAdmin Play PoshC2 PowerShell PowerShell.exe Progress MOVEit Transfer Prometei protected computer PUBLOAD Pubshell Pulse Connect Secure Qakbot Qantas Frequent Flyer accounts Qilin Raccoon Stealer Radix Radix systems RansomHub Ransomware Rapid SCADA RAR RARLAB WinRAR RDP RDP (Remote Desktop Protocol) react-plaid-sdk Real Madrid's Twitter account RedLine infostealer rednote Reg.exe Remcos Remote access technologies (e.g. VNC, RDP, SSH) and web management interfaces Remote Desktop Protocol (RDP) Remote Management Tools Retail Ransomware Retrieval Augmented Generation (RAG) LLMs Ricoh Printer Ricoh printers Ring rootfs (Root File System) Roundcube router-parse Ruckus Wireless Safari SafePay ransomware Samba Services Manager Samba Services Manager (embedded in the firmware of certain Sony Bravia TVs) SAP GUI client School infrastructure (projectors, TVs, public address systems) ScreenConnect Seattle-Tacoma International Airport computer systems Security Camera System SEL 700-series protection relays SFR SHA-1 SharePoint SHELLTER Shellter Elite shine.exe Shopifybot Siemens DIGSI 4 Sight Bulb Pro Firmware Signal Signal clone SimpleHelp Single Sign-On (SSO) System Skoda MIB3 system Smart Contracts Smart TVs and other home IoT devices SMS SnakeStealer Snipe-IT Snowflake Social Media Platforms (Facebook, LinkedIn, X, Instagram) Software vulnerabilities Software vulnerabilities (unspecified) SOHO devices running Linux Solana blockchain API SolarWinds Solidity Language Open VSX extension Solidity Smart Contracts SonicWall NetExtender SonicWall VPN App Spyhide Spyic Spyloan Applications Spyzie SQLite Starbucks WeChat Applet Stolen Credentials Structured Query Language (SQL) Sudo sumsub-node-websdk SuperCard X Surveillance cameras, smart plugs, and even smart kettles SWIFT systems Synnovis Pathology Services Synnovis Pathology Services Provider Synology Systems at Norway’s Lake Risevatnet dam Tata Consultancy Services (TCS) systems TBK DVRs and Four‑Faith routers technology companies' platforms Technology Company Platforms Telegram TeleMessage TM SGNL Telnet Tesla vehicles Thermomix TM5 Firmware Third party platform used by a Qantas airline contact centre Third Party Platform used by Qantas contact center systems Third-party customer servicing platform Third-Party Customer Servicing Platform Third-party System Used by Qantas Contact Centre TikTok TONESHELL Toshiba printers Toshiba Printers Toshiba Tec Printer Toshiba Tec printers Traffic Light Audio Buttons Turbo VPN Private Browser U.S. Company Networks UNFI Core Systems Unidentified municipal healthcare provider Unitronics PLC Unitronics programmable logic controllers (PLCs) Unnamed Internet service provider Unnamed US telecommunications provider Unpatched legacy vulnerabilities (general) Unpatched or outdated software Unpatched Software Unspecified Ransomware US Hospitals V8 V8 JavaScript and WebAssembly engine V8 JavaScript engine Vidar Stealer Virtual Currency Platforms/Services Virtual Currency Wallets Visual Basic Encoded script (.VBE) vite-loader-svg vite-plugin-next-refresh VMware ESXi VMware ESXi Hypervisor VMware Horizon Virtual Desktop Infrastructure (VDI) platform VMware vCenter Volkswagen MEB ICAS3 unit VPN Infrastructure VPN Proxy Master VS Code Extensions VS Code Forks (Cursor, Windsurf) Vulnerable applications Vulnerable Public Services Web Applications Web Browsers Web version of an unnamed email platform Web-accessible Control Panel Web-based Services Webcams and Video Recorders Webflow WebView.exe WeChat Weibo Wells Fargo website (fake site) WestJet Airlines app WestJet app WestJet Website and Mobile Application WhatsApp Windows Windows 10 Windows 10 and Windows 11 Windows and Windows Server Windows File Explorer Windows Hello Windows Kernel Windows Netlogon Windows Quick Assist Windows Registry Windows Run dialog Windows XP Wing FTP Wing FTP Server WinRAR Wirral University Teaching Hospitals (WUTH) NHS Trust WMI Wmic.exe WordPress WordPress Websites Workstation GPUs with GDDR6 X (formerly Twitter) X-VPN Xiaomi Mi Connect Service APP XWorm XZ Utils Yahoo Accounts Young Consulting IT environment Zimbra ZIP Zoho ManageEngine Zoom Zyxel Firewalls
Involved Countries All Afghanistan Africa Albania Argentina Asia-Pacific Australia Austria Bahrain Bangladesh Belgium Brazil Britain Bulgaria California Cambodia Cameroon Canada Chile China Czech Republic Debian Denmark Dubai Eastern Europe Egypt El Salvador England Estonia EU Europe European Economic Area (EEA) European Union Finland France Germany Hong Kong Hungary India Indonesia Iran Iraq Ireland Israel Italy Ivory Coast Japan Kazakhstan Kentucky Kenya Korea Latvia Linux Lithuania Luxembourg Maine Malaysia Mexico Microsoft Morocco Namibia Netherlands New York State New Zealand Nigeria North America North Korea Norway Pakistan Peru Philippines Poland Republic of Korea Romania Russia Rwanda Saudi Saudi Arabia Scotland Senegal Serbia Singapore Slovakia South Africa South Korea Spain State of Palestine SUSE Sweden Switzerland Taiwan Tennessee Texas Thailand Togo U.K. U.S. UAE Ubuntu UK Ukraine United Arab Emirates United Kingdom United States US USA Utah Uzbekistan Vietnam Wales Yemen
Affected Industries All Accounting Accounting Software Administrative Services Adult Entertainment Advertising Advertising Technology Aerospace Agriculture AI Airline Airline Industry Airline Sector Airlines Airports All Businesses All industries All Industries Antivirus Software Development Apparel Application Security Artificial Intelligence Artificial Intelligence (AI) Automotive Aviation Aviation and Transportation banking Banking Biotechnology Blockchain Broadband Internet Building Automation Bulletproof Hosting (BPH) Business Computing Business Process Outsourcing Business Services Businesses Chemical Childcare Chip Manufacturing Cloud Computing Cloud Services Cloud Storage Communication Computer Science Consulting Consumer Directory Consumer Electronics Consumer Electronics (Smart TV Manufacturing) Content Creation Corporations Cosmetic Surgery Critical Infrastructure Critical National Infrastructure Crypto Services Cryptocurrency Cryptocurrency Exchange Cryptocurrency Exchanges Cryptocurrency Mining Cryptocurrency/Virtual Currency Customer Service Cyber Insurance Cyber Security Cybersecurity Data Broker Industry Data Brokerage Data Centers Data Removal Services Decentralized Finance (DeFi) Decentralized Finance Platforms Defense Defense Contracting Defense Industrial Base (DIB) Delivery Services Diplomatic Diplomatic Sector Drug Development E-commerce Education Education (Universities) Electrical Electricity Electronics Manufacturing Email Services Employment Services Employment/Recruitment Encrypted Communications Encryption Endpoint Security Software Energy Energy/Power Grid Enterprises Entertainment Federal Government finance Finance Financial Financial Industry Financial Sector financial services Financial Services Financial Services (Banking) Fintech FinTech Firmware Security Food & Beverage Food and Beverage Food Delivery Services Food Distribution Food Industry Food Production Food Service Food Service (Restaurants) Frozen Foods Gaming Gas Government Government (Federal Agencies) Government (Municipalities) Government Agencies Government Organizations Government Services Governmental Institutions Grocery Gym/Fitness Health Health Care Health Clubs/Gyms healthcare Healthcare Heavily Regulated Industries High-Tech Higher Education Home Security Hospitality Hospitality and Gaming Hosting Providers Human Resources ICS (Industrial Control Systems) Industrial Industrial Control Systems Industrial Control Systems (ICS) Industrial Control Systems (ICS)/SCADA Industrial Organizations Industrials Information Services Information Technology Information Technology (IT) Infrastructure Insurance Insurance Sector International Trade Internet Infrastructure Internet of Things (IoT) Internet Service Providers Internet Service Providers (ISPs) Internet Services IT IT (Information Technology) IT Outsourcing IT Service Management IT Services IT Services/Managed Service Providers Job Recruiting/Hiring Journalism Judicial Law Enforcement Legal Legal Services Local Government Logistics Logistics/Delivery Luxury Goods Managed Security Service Providers (MSSPs) Managed Service Providers (MSPs) manufacturing Manufacturing Maritime Media Media & Journalism Medical Product Manufacturing Medical Technology Military Military Technology Mobile Applications Mobile Operators Music Industry Network Security Networking Networking Equipment News and Publishing News Media Non-profit organizations Nonprofit Organizations Oil Oil Industry Online Retail Open Source Software Open Source Software Development Operational Technology (OT) and Industrial Control Systems (ICS) Optics/Eyewear Pathology Services Pensions petrochemical Pharmaceutical Pharmaceutical/Biotechnology Pharmaceuticals Postal Services Private Sector Public Administration Public Sector Publishing Radiology Real Estate Research (COVID-19) retail Retail Satellite Communication Search Engine Security and Surveillance Security Operations Centers (SOCs) Security Solutions Semiconductor Semiconductor Manufacturing Service Providers Small Businesses Smart Home Technology Social Media SOCIAL_MEDIA Software Software Development Software Research and Development Software-as-a-Service (SaaS) Software/Technology Sports Sports/Entertainment Steel Steel Manufacturing Streaming Surveillance Tech technology Technology Technology and Cloud Services Technology Distribution Technology Manufacturing Technology, Media, Telecommunications (TMT) Telecom telecommunications Telecommunications Transportation Transportation/Logistics Travel Travel & Tourism Travel Industry utilities Utilities Utility Companies Video Game Industry Virtual Currency Virtual Currency/Blockchain Virtual Private Network (VPN) VPN (Virtual Private Network) VPN (Virtual Private Network) Services Water Water and Wastewater Systems Website Hosting