mitre-t1059
853 articles with this tag
HIGH
CRITICAL
MEDIUM
HIGH
HIGH
HIGH
MEDIUM
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
CRITICAL
CRITICAL
HIGH
HIGH
CRITICAL
HIGH
MEDIUM
HIGH
HIGH
HIGH
MEDIUM
CRITICAL
MEDIUM
HIGH
CRITICAL
HIGH
CRITICAL
HIGH
HIGH
HIGH
HIGH
CRITICAL
HIGH
CRITICAL
MEDIUM
CRITICAL
HIGH
MEDIUM
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
MEDIUM
MEDIUM
HIGH
HIGH
HIGH
MEDIUM
HIGH
HIGH
HIGH
HIGH
HIGH
MEDIUM
MEDIUM
HIGH
CRITICAL
MEDIUM
HIGH
CRITICAL
CRITICAL
CRITICAL
HIGH
HIGH
HIGH
MEDIUM
HIGH
MEDIUM
HIGH
MEDIUM
CRITICAL
HIGH
CRITICAL
CRITICAL
HIGH
HIGH
MEDIUM
HIGH
HIGH
CRITICAL
HIGH
HIGH
HIGH
HIGH
MEDIUM
CRITICAL
HIGH
HIGH
CRITICAL
CRITICAL
HIGH
HIGH
HIGH
CRITICAL
Feeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub Repos
KnowledgeDeliver flaw exploited as a zero-day to install web shells
The Hackers Behind Shai-Hulud: Lucky or Skilled?
From Cookies to Keys: The Threat of Session Hijacking
North Korea's Lazarus Group uses new RemotePE malware against financial targets
Zero-day vulnerability in Japanese LMS exploited to deploy Cobalt Strike
MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries
Iranian APT Targets Aviation, Software Companies With Updated Tools
700+ education and tech websites hijacked in huge ClickFix malware campaign
Iran-Linked Hackers Target US Aviation with Phishing and SEO Poisoning Campaign
KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike
Laravel-Lang Packages Poisoned for Malware Delivery
Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms
TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO
Exploitation of KnowledgeDeliver via ViewState Deserialization Vulnerability
Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign
Laravel Lang packages hijacked to deploy credential-stealing malware
Laravel Lang Supply Chain Advisory
Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer
Analyzing Void Dokkaebi’s Cython-Compiled InvisibleFerret Malware
Belarus-linked Ghostwriter group targets Ukraine using Prometheus learning platform lures
Megalodon chums the waters in 5.5K+ GitHub repo poisonings
Fast and Furious – Nimbus Manticore Operations During the Iranian Conflict
Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns
Making Vulnerable Drivers Exploitable Without Hardware - The BYOVD Perspective
Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows
Paved With Intent: ROADtools and Nation-State Tactics in the Cloud
New Linux malware 'Showboat' targets Middle East telecom provider
The Gentleman Ransomware | Defense Evasion TTPs Uncovered | Huntress
GitHub Actions Cache Poisoning is eating open source
Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor
GitHub, Grafana Labs breaches traced back to TanStack supply chain compromise
Chinese APTs Share Linux Backdoor in Central Asia Telco Attacks
Chinese hackers target telcos with new Linux, Windows malware
Nine-Year-Old Linux Kernel Flaw Leaks SSH Keys and Password Hashes
[NEU] [hoch] Budibase: Mehrere Schwachstellen
A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale
9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros
Webworm: New burrowing techniques
GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension
How a Webmail Log File Became a Root-Level Backdoor
Ukraine identifies infostealer operator tied to 28,000 stolen accounts
New Mini Shai-Hulud attack targets npm ecosystem
Inside the RaaS Ecosystem: Operators, Affiliates & Attack Tradecraft | Huntress
Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft
Grafana breach caused by missed token rotation after TanStack attack
Android Malware Campaign Used Hundreds of Fake Apps to Silently Charge Users
Mini Shai-Hulud Hits Hundreds of npm Packages in AntV Ecosystem
GitHub says internal repositories were taken in poisoned VS Code extension attack
SHub Reaper impersonates Apple, Google, and Microsoft in one MacOS attack chain
Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack
Typosquatting Is No Longer a User Problem. It's a Supply Chain Problem
Exploit released for new PinTheft Arch Linux root escalation flaw
Tracking TamperedChef Clusters via Certificate and Code Reuse
GitHub Confirms Hack Impacting 3,800 Internal Repositories
Microsoft Self-Service Password Reset abused in Azure data theft attacks
Stealer Spoofs Google, Microsoft & Apple, Then Backdoors macOS
GitHub Actions workflow compromised to steal CI/CD credentials
Mini Shai-Hulud returns, compromising hundreds of npm packages
Internet Explorer may be dead, but its ghost still runs malware
Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks
Inside SHADOW-WATER-063’s Banana RAT: From Build Server to Banking Fraud
SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access
From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat
RCE and arbitrary file write in Vitess vtbackup via untrusted MANIFEST fields
Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer
Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
GitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD Credentials
How Storm-2949 turned a compromised identity into a cloud-wide breach
Shai-Hulud copycat worm infects yet another npm package
Leaked Shai-Hulud malware fuels new npm infostealer campaign
FIFA World Cup scams target fans and businesses
Turla group evolves Kazuar backdoor into modular P2P botnet
TanStack weighs invitation-only pull requests after supply chain attack
‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor Delivery
TanStack Supply Chain Attack (And How to Lock Down GitHub Actions)
[NEU] [hoch] Budibase: Mehrere Schwachstellen
The Canvas breach proved that prevention is no longer enough
Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
When prompts become shells: RCE vulnerabilities in AI agent frameworks
When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps
Russian hackers turn Kazuar backdoor into modular P2P botnet
Hackers use PyInstaller to hide XWorm malware
ESET details new Ghostwriter activity targeting Ukrainian government
Expired domain leads to supply chain attack on node-ipc npm package
Funnel Builder WordPress plugin bug exploited to steal credit cards
Kazuar: Anatomy of a nation-state botnet
Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access
Popular node-ipc npm package compromised to steal credentials
Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence
Gremlin Stealer Evolves into Modular Threat with Advanced Evasion Capabilities
New Linux privilege escalation flaw ‘Fragnesia’ disclosed; PoC available
TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code
China-Linked Hackers Deploy New TencShell Malware Against Global Manufacturer
Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026
CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits
Nobody believes the 'criminals and scumbags' who hacked Canvas really deleted stolen student data
Threat Actors Weaponize Tiflux RMMs in Malspam Attacks
Meet Fragnesia, the third Linux kernel vulnerability in a month
Fragnesia (CVE-2026-46300): Frequently asked questions about new Linux Kernel XFRM ESP-in-TCP privilege escalation