mitre-t1078
515 articles with this tag
MEDIUM
HIGH
HIGH
HIGH
HIGH
HIGH
MEDIUM
HIGH
HIGH
HIGH
MEDIUM
HIGH
HIGH
MEDIUM
HIGH
HIGH
HIGH
HIGH
MEDIUM
MEDIUM
MEDIUM
HIGH
MEDIUM
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
CRITICAL
HIGH
HIGH
HIGH
HIGH
HIGH
CRITICAL
HIGH
MEDIUM
MEDIUM
HIGH
HIGH
HIGH
MEDIUM
HIGH
MEDIUM
MEDIUM
HIGH
HIGH
MEDIUM
CRITICAL
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
MEDIUM
CRITICAL
HIGH
HIGH
HIGH
HIGH
MEDIUM
HIGH
CRITICAL
MEDIUM
MEDIUM
HIGH
CRITICAL
HIGH
HIGH
HIGH
HIGH
HIGH
CRITICAL
HIGH
HIGH
HIGH
CRITICAL
HIGH
CRITICAL
HIGH
CRITICAL
HIGH
HIGH
HIGH
CRITICAL
MEDIUM
HIGH
CRITICAL
HIGH
HIGH
HIGH
HIGH
MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries
MFA Prompt Bombing: Why Your Second Factor Isn't Saving You
Security experts caution MFA alone can no longer stop threat actors
Laravel-Lang Packages Poisoned for Malware Delivery
Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack
Laravel Lang packages hijacked to deploy credential-stealing malware
Paved With Intent: ROADtools and Nation-State Tactics in the Cloud
Mini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaign
Chinese APTs Share Linux Backdoor in Central Asia Telco Attacks
Grafana Labs Says Code Breach Stemmed from TanStack Attack
One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud ‘Patriot Bait’ Campaign
GitHub links repo breach to TanStack npm supply-chain attack
How a Webmail Log File Became a Root-Level Backdoor
Ukraine identifies infostealer operator tied to 28,000 stolen accounts
New Mini Shai-Hulud attack targets npm ecosystem
Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft
Storm-2949 actor targets Microsoft 365 and Azure environments
Grafana breach caused by missed token rotation after TanStack attack
Webworm APT targets European government organizations with new backdoors
GitHub says internal repositories were taken in poisoned VS Code extension attack
SHub Reaper impersonates Apple, Google, and Microsoft in one MacOS attack chain
Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack
Tracking TamperedChef Clusters via Certificate and Code Reuse
AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks
Mini Shai-Hulud returns, compromising hundreds of npm packages
How Storm-2949 turned a compromised identity into a cloud-wide breach
New Shai-Hulud malware wave compromises 600 npm packages
Critical Microsoft Vulnerabilities Doubled: From Exposure to Escalation
New macOS infostealer impersonates Apple, Microsoft, and Google in a single attack chain
Grafana Labs Confirms Hackers Stole Source Code
Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Published via Compromised Maintainer Account
Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
Malaysian government-linked campaign used hidden infrastructure for years
Shai-Hulud copycat worm infects yet another npm package
'Claw Chain' Vulnerabilities Threaten OpenClaw Deployments
Shai-Hulud Worm Clones Spread After Code Release
Turla group evolves Kazuar backdoor into modular P2P botnet
4 vulnerabilities in OpenClaw AI agent put thousands of servers at risk
The Canvas breach proved that prevention is no longer enough
Kazuar: Anatomy of a nation-state botnet
201 arrested in INTERPOL disruption of phishing and fraud networks
When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps
Russian hackers turn Kazuar backdoor into modular P2P botnet
TeamPCP releases ‘vibe coded’ Shai-Hulud source code, issues challenge
Undermining the trust boundary: Investigating a stealthy intrusion through third-party compromise
Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access
[local] Windows Snipping Tool - NTLMv2 Hash Hijack
NCSC-2026-0162 [1.00] [M/H] Kwetsbaarheden verholpen in F5 BIG-IP en BIG-IQ producten
TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates
OpenAI Hit by TanStack Supply Chain Attack
OpenAI caught in TanStack npm supply chain chaos after employee devices compromised
CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits
dMSA Ouroboros: Self-Sustaining Credential Extraction in Windows Server 2025
OpenAI confirms security breach in TanStack supply chain attack
When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps
Mustang Panda Linked to Updated FDMTP Backdoor in Asia-Pacific Espionage Campaign
VELVET CHOLLIMA Infostealer Campaign Using Trading App as Lure
Over 70% of organizations hit by identity breaches
Analyzing TeamPCP’s Supply Chain Attacks: Checkmarx KICS and elementary-data in CI/CD Credential Theft
Iranian hackers targeted major South Korean electronics maker
House committee chair calls on Instructure to testify in Canvas hack
ClickFix finds a backup plan in PySoxy proxy chains
Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub
‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack
‘Mini’ Shai-Hulud attack compromises hundreds of npm, PyPI packages
CVE-2026-41086 Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability
Undermining the trust boundary: Investigating a stealthy intrusion through third-party compromise
Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware
Attackers Combine ClickFix With PySoxy Proxying to Maintain Persistence
Fake Claude Code takes the IElevator to your browser secrets
cPanel flaw exposes enterprises to hosting supply-chain risks
1 in 8 employees have sold company logins or know someone who has
Stolen Canvas data was “returned” after hacker agreement, Instructure says
Official CheckMarx Jenkins package compromised with infostealer
Inside AD CS Escalation: Unpacking Advanced Misuse Techniques and Tools
TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack
New PamDOORa Linux backdoor sold on cybercrime forum
Malicious Hugging Face model masquerading as OpenAI release hits 244K downloads
Breaking the code: Multi-stage ‘code of conduct’ phishing campaign leads to AiTM token compromise
Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads
Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia
Technical Analysis of EagleSpy V6.0 (CraxsRAT Rebrand) Distributed Through Odysee and Telegram
New Quasar Linux implant targets developers with rootkit and backdoor capabilities
Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants
Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise
Australian Cyber Security Centre Issues Alert Over ClickFix Attacks
New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials
PCPJack Campaign Boots TeamPCP Off Compromised Machines
‘PCPJack’ Worm Removes TeamPCP Infections, Steals Credentials
Small Defense Firms Lack Network Data to Stop Nation-State Hackers, Analyst Says
Chinese-linked Salt Typhoon suspected in Italy's Sistemi Informativi breach
Quasar Linux (QLNX) – A Silent Foothold in the Supply Chain: Inside a Full-Featured Linux RAT With Rootkit, PAM Backdoor, Credential Harvesting Capabilities
Weaver E-cology critical bug exploited in attacks since March
RMM Tools Fuel Stealthy Phishing Campaign
Backdoored PyTorch Lightning package drops credential stealer
Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks
"AccountDumpling": Hunting Down the Google-Sent Phishing Wave Compromising 30,000+ Facebook Accounts
New software supply chain attack uses sleeper packages for credential theft and CI tampering
Clandestine Deep#Door stealer facilitates long-term data compromise
Komari Red: The Monitoring Tool with a Built-in Reverse Shell