mitre-ta0005
206 articles with this tag
HIGH
HIGH
CRITICAL
CRITICAL
HIGH
HIGH
HIGH
HIGH
CRITICAL
CRITICAL
CRITICAL
MEDIUM
MEDIUM
HIGH
HIGH
HIGH
MEDIUM
HIGH
HIGH
HIGH
HIGH
MEDIUM
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
CRITICAL
HIGH
HIGH
MEDIUM
HIGH
HIGH
HIGH
MEDIUM
HIGH
MEDIUM
HIGH
CRITICAL
CRITICAL
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
CRITICAL
HIGH
HIGH
HIGH
CRITICAL
HIGH
CRITICAL
CRITICAL
HIGH
HIGH
HIGH
CRITICAL
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
CRITICAL
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
CRITICAL
MEDIUM
HIGH
CRITICAL
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
CRITICAL
INFO
HIGH
MEDIUM
HIGH
HIGH
HIGH
HIGH
HIGH
CRITICAL
HIGH
HIGH
Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack
Laravel Lang Supply Chain Advisory
Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer
The Gentleman Ransomware | Defense Evasion TTPs Uncovered | Huntress
Grafana Labs Says Code Breach Stemmed from TanStack Attack
Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft
Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack
Grafana Labs Confirms Hackers Stole Source Code
Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer
Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
Threat Actor Defense Evasion: How Attackers Disable AV & EDR
TanStack weighs invitation-only pull requests after supply chain attack
TanStack Supply Chain Attack (And How to Lock Down GitHub Actions)
TeamPCP releases ‘vibe coded’ Shai-Hulud source code, issues challenge
TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates
OpenAI Hit by TanStack Supply Chain Attack
OpenAI caught in TanStack npm supply chain chaos after employee devices compromised
OpenAI confirms security breach in TanStack supply chain attack
House committee chair calls on Instructure to testify in Canvas hack
Mini Shai-Hulud Hits TanStack npm Packages
Fake Claude Code takes the IElevator to your browser secrets
State of ransomware in 2026
Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants
Australian Cyber Security Centre Issues Alert Over ClickFix Attacks
Chinese-linked Salt Typhoon suspected in Italy's Sistemi Informativi breach
Backdoored PyTorch Lightning package drops credential stealer
New software supply chain attack uses sleeper packages for credential theft and CI tampering
Sophisticated Deep#Door Backdoor Enables Espionage, Disruption
Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft
Why You Must Check Your Password Manager Immediately | THREAT WIRE
That AI Extension Helping You Write Emails? It’s Reading Them First
TeamPCP Hits SAP Packages With 'Mini Shai-Hulud' Attack
FBI links cybercriminals to sharp surge in cargo theft attacks
Three Arrested for Hacking Over 610,000 Roblox Accounts
Official SAP npm packages compromised to steal credentials
Iranian Cyber Group Handala Targets US Troops in Bahrain
Dozens of Open VSX Extension Clones Linked to GlassWorm Malware
CISA’s Advisory On Botnets: Why Banning SOHO Routers Won’t Fix Critical Infrastructure Cyber Risk
GlassWorm attackers activate new ‘sleeper’ extensions on Open VSX
Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks
LMDeploy vulnerability exploited, highlighting AI infrastructure risks
Ongoing supply-chain attack 'explicitly targeting' security, dev tools
Crime crew impersonates help desk, abuses Microsoft Teams to steal your data
Mirax RAT Expands Mobile Banking and Surveillance Threats
Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain ...
GoGra backdoor targets Linux, abuses Microsoft Graph API for stealthy attacks
Namastex npm packages compromised in ‘CanisterWorm’ supply chain attack
Vercel Finds More Compromised Accounts in Context.ai-Linked Breach
The LiteLLM attack was a warning shot for Agentic AI supply chains
New NGate variant hides in a trojanized NFC payment app
North Korean Blamed for $290m KelpDAO Crypto Heist
Hackers Abuse QEMU for Defense Evasion
Formbook Malware Campaign Uses Multiple Obfuscation Techniques to Avoid Detection
Hackers Abuse QEMU for Defense Evasion
Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials
North Korea targets macOS users in latest heist
Android Bankers: 4 Campaigns In A Row
Malicious Chrome Extensions Campaign Exposes User Data
North Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware
Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise
US Disrupts Russian Espionage Operation Involving Hacked Routers and DNS Hijacking
US Thwarts DNS Hijacking Network Controlled by Russian APT28 Hackers
Russia's Fancy Bear still attacking routers to boost fake sites, NCSC warns
Support platform breach exposes Hims & Hers customer data
North Korean hackers abuse LNKs and GitHub repos in ongoing campaign
npm-sentinel: 21 malicious npm packages in 24h including LLM API MITM, encrypted skill backdoors, and Redis weaponization via postinstall
UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack
Detailed analysis of a sophisticated firefox extension malware found in the wild using browser-xpi-malware-scanner.py
Defending Your Software Supply Chain: What Every Engineering Team Should Do Now
AI Interview startup, Mercor Al breached via LiteLLM supply chain attack. Lapsus$ claims 4TB data breached including 211 GB candidate records and 3TB of video interviews
New DeepLoad Malware Dropped in ClickFix Attacks
Google Addresses Vertex Security Issues After Researchers Weaponize AI Agents
Cisco source code stolen in Trivy-linked dev environment breach
AI-Powered 'DeepLoad' Malware Steals Credentials, Evades Detection
Researchers say credential-stealing campaign used AI to build evasion ‘at every stage’
DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials
LangDrained: Path traversal, SQL injection, and Deserialization of untrusted data in LangChain
World Leaks data extortion: What you need to know
LiteLLM supply chain compromise - a complete analysis
From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI
Handala Group Tied to Iranian Hack‑and‑Leak Operations, FBI Reveals
Stryker Says Malicious File Found During Probe Into Iran-Linked Attack
Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper
EmEditor Supply Chain Analysis: Why "Publisher Authorization" isn't the silver bullet we think it is
Extended Rapid Response: Zimperium’s Zero-Day Coverage of Oblivion RAT
Trivy vulnerability scanner breach pushed infostealer via GitHub Actions
From Scanner to Stealer: Inside the trivy-action Supply Chain Compromise
EDR killers explained: Beyond the drivers
New “Darksword” iOS exploit used in infostealer attack on iPhones
SideWinder Espionage Campaign Expands Across Southeast Asia
Android OS-Level Attack Bypasses Mobile Payment Security
Offensive Cases about Credential Guard & Detection Strategies
Your KVM is the Weak Link: How $30 Devices Can Own Your Entire Network
GlassWorm Malware Evolves to Hide in Dependencies
New Malware Highlights Increased Systematic Targeting of Network Infrastructure
New Malware Highlights Increased Systematic Targeting of Network Infrastructure
Free real estate: GoPix, the banking Trojan living off your memory
Rust-Based VENON Malware Targets 33 Brazilian Banks with Credential-Stealing Overlays
Seedworm: Iranian APT on Networks of U.S. Bank, Airport, Software Company
Polyfill Supply Chain Attack Impacting 100k Sites Linked to North Korea