mitre-t1105
127 articles with this tag
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
MEDIUM
HIGH
HIGH
HIGH
CRITICAL
MEDIUM
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
CRITICAL
HIGH
CRITICAL
HIGH
HIGH
HIGH
MEDIUM
HIGH
MEDIUM
MEDIUM
CRITICAL
HIGH
CRITICAL
MEDIUM
HIGH
HIGH
CRITICAL
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
MEDIUM
CRITICAL
MEDIUM
CRITICAL
MEDIUM
MEDIUM
HIGH
HIGH
MEDIUM
MEDIUM
MEDIUM
MEDIUM
MEDIUM
CRITICAL
CRITICAL
CRITICAL
HIGH
MEDIUM
CRITICAL
HIGH
HIGH
HIGH
CRITICAL
CRITICAL
MEDIUM
MEDIUM
HIGH
MEDIUM
MEDIUM
MEDIUM
MEDIUM
CRITICAL
CRITICAL
HIGH
MEDIUM
MEDIUM
HIGH
MEDIUM
MEDIUM
HIGH
HIGH
MEDIUM
MEDIUM
MEDIUM
MEDIUM
MEDIUM
MEDIUM
MEDIUM
MEDIUM
MEDIUM
CRITICAL
HIGH
CRITICAL
CRITICAL
CRITICAL
HIGH
MEDIUM
MEDIUM
Iranian Hackers Deploy MiniFast and MiniJunk V2 via Phishing and SEO Poisoning
New Linux malware 'Showboat' targets Middle East telecom provider
Expired domain leads to supply chain attack on node-ipc npm package
Malicious node-ipc versions published to npm in suspected maintainer account compromise
Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America
ConsentFix v3 attacks target Azure with automated OAuth abuse
Novel Minecraft-targeting stealer tapped by reemergent LofyGang
Checkmarx Confirms Data Stolen in Supply Chain Attack
Chinese National Extradited Over Silk Typhoon Cyber Campaign
GopherWhisper: China-linked hackers target governments with custom Go toolkit
LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure
China-Backed Hackers Are Industrializing Botnets
Bissa Scanner Exposed: AI-Assisted Mass Exploitation and Credential Harvesting
When Wi-Fi Encryption Fails: Protecting Your Enterprise from AirSnitch Attacks
Iran‑linked PLC attacks cause real‑world disruption at critical US infra sites
Iran‑Backed Threat Actors Hit US CNI Providers via Internet‑Facing OT Assets
Cracks in the Bedrock: Escaping the AWS AgentCore Sandbox
US warns of Iranian hackers targeting critical infrastructure
‘GrafanaGhost’ bypasses Grafana’s AI defenses without leaving a trace
Zero‑click Grafana AI attack can enable enterprise data exfiltration
European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack
Critical ShareFile Flaws Lead to Unauthenticated RCE
You Patched LiteLLM, But Do You Know Your AI Blast Radius?
ChatGPT Security Issue Enabled Data Theft via Single Prompt
New RoadK1ll WebSocket implant used to pivot on breached networks
European Commission admits attackers broke into public web systems, but says little else
TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files
From Vectors to Verdicts: Web App Testing with Vector Command
New Whitepaper: Exploiting Cellular-based IoT Devices
23rd March – Threat Intelligence Report
Authorities disrupt four IoT botnets behind record DDoS attacks
DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks
Security Flaw in AWS Bedrock Code Interpreter Raises Alarms
AI-generated Slopoly malware used in Interlock ransomware attack
PhantomRaven returns to npm with 88 bad packages
APT28 Uses BEARDSHELL and COVENANT Malware to Spy on Ukrainian Military
Threat Actor Exploits Flaws and Uses Elastic Cloud SIEM to Manage Stolen Data
Iran's MuddyWater Hackers Hit US Firms with New 'Dindoor' Backdoor
Malicious AI Assistant Extensions Harvest LLM Chat Histories
As War Continues, Pro-Iranian Actors Launch Barrage of Cyberattacks
Hackers Weaponize Claude Code in Mexican Government Cyberattack
Fake Next.js job interview tests backdoor developer's devices
Arkanix Stealer pops up as short-lived AI info-stealer experiment
BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration
ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT RAT
CISA gives federal agencies three days to patch actively exploited Dell bug
Android Malware Hijacks Google Gemini to Stay Hidden
Crims create fake remote management vendor that actually sells a RAT
Remcos RAT Expands Real-Time Surveillance Capabilities
“ZeroDayRAT” Emergence Signals Advanced Mobile Spyware Threats
Nigerian man gets eight years in prison for hacking tax firms
Arkanix Stealer: a C++ & Python infostealer
CRESCENTHARVEST Campaign Targets Iran Protest Supporters With RAT Malware
Nigerian man sentenced to 8 years in prison for running phony tax refund scheme
CRESCENTHARVEST: Iranian protestors and dissidents targeted in cyberespionage campaign
Chinese hackers exploited zero-day Dell RecoverPoint flaw for 1.5 years
Dell's Hard-Coded Flaw: A Nation-State Goldmine
Dell RecoverPoint for Virtual Machines Zero Day Attack
Cryptojacking Campaign Exploits Driver to Boost Monero Mining
New Keenadu Android Malware Found on Thousands of Devices
China-linked snoops have been exploiting Dell 0-day since mid-2024, using 'ghost NICs' to avoid detection
Supply Chain Attack Embeds Malware in Android Devices
China remains embedded in US energy networks 'for the purpose of taking it down'
Flaws in popular VSCode extensions expose developers to attacks
Critical Vulnerabilities in Ivanti EPMM Exploited
From BRICKSTORM to GRIMBOLT: UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day
Hackers Offer to Sell Millions of Eurail User Records
Infostealer Targets OpenClaw to Loot Victim’s Digital Life
Divide and conquer: how the new Keenadu backdoor exposed links between major Android botnets
Infostealer Steals OpenClaw AI Agent Configuration Files and Gateway Tokens
OysterLoader Evolves With New C2 Infrastructure and Obfuscation
ClickFix added nslookup commands to its arsenal for downloading RATs
New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS
Active Exploitation of SolarWinds Web Help Desk (CVE-2025-26399) | Huntress
darktrace.com
Rsync vulnerabilities allow remote code execution on servers, patch quickly! - Help Net Security
Lazarus Group | Bugcrowd
Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems - Live Threat Intelligence - Threat Radar | OffSeq.com
Lazarus Group exploits npm and PyPI with fake recruitment campaign
Ransomware crews abuse bossware to blend into networks
Active Lumma Stealer Campaign Impacting U.S. SLTTs
Breaking Down ZeroDayRAT - New Spyware Targeting Android and iOS
Worm-driven TeamPCP campaign targets cloud environments for large-scale exploitation
CTM360: Lumma Stealer and Ninja Browser malware campaign abusing Google Groups
Microsoft Discloses DNS-Based ClickFix Attack Using Nslookup for Malware Staging
UAT-9921 Deploys VoidLink Malware to Target Technology and Financial Sectors
Who's the bossware? Ransomware slingers like employee monitoring tools, too
Crazy ransomware gang abuses employee monitoring tool in attacks
APT36 and SideCopy Launch Cross-Platform RAT Campaigns Against Indian Entities
Exposed Training Open the Door for Crypto-Mining in Fortune 500 Cloud Environments
LOTUSLITE: Targeted espionage leveraging geopolitical themes
RATs in the Machine: Inside a Pakistan-Linked Three-Pronged Cyber Assault on India
SolarWinds WHD zero-days from January are under attack
Unpatched SolarWinds WHD instances under active attack
Someone's attacking SolarWinds WHD to steal high‑privilege credentials - but we don't know who or how
Threat actors exploit SolarWinds WDH flaws to deploy Velociraptor
SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers
DKnife targets network gateways in long running AitM campaign
Bloody Wolf Targets Uzbekistan, Russia Using NetSupport RAT in Spear-Phishing Campaign
Fake 7-Zip downloads are turning home PCs into proxy nodes