mitre-ta0010
216 articles with this tag
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
MEDIUM
CRITICAL
HIGH
HIGH
CRITICAL
HIGH
MEDIUM
HIGH
HIGH
HIGH
HIGH
CRITICAL
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
MEDIUM
HIGH
HIGH
HIGH
MEDIUM
HIGH
MEDIUM
CRITICAL
HIGH
MEDIUM
CRITICAL
HIGH
HIGH
HIGH
HIGH
HIGH
MEDIUM
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
MEDIUM
MEDIUM
HIGH
HIGH
HIGH
MEDIUM
HIGH
HIGH
CRITICAL
HIGH
CRITICAL
HIGH
MEDIUM
HIGH
MEDIUM
MEDIUM
HIGH
CRITICAL
HIGH
CRITICAL
CRITICAL
HIGH
HIGH
HIGH
CRITICAL
HIGH
HIGH
HIGH
HIGH
CRITICAL
HIGH
HIGH
HIGH
CRITICAL
HIGH
HIGH
CRITICAL
HIGH
HIGH
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
HIGH
CRITICAL
CRITICAL
CRITICAL
HIGH
HIGH
HIGH
Laravel-Lang Packages Poisoned for Malware Delivery
Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada
GitHub, Grafana Labs breaches traced back to TanStack supply chain compromise
WantToCry ransomware evades detection through SMB abuse, remote encryption
New Mini Shai-Hulud attack targets npm ecosystem
Grafana breach caused by missed token rotation after TanStack attack
GitHub says internal repositories were taken in poisoned VS Code extension attack
GitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD Credentials
When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps
Expired domain leads to supply chain attack on node-ipc npm package
Funnel Builder WordPress plugin bug exploited to steal credit cards
Popular node-ipc npm package compromised to steal credentials
Gremlin Stealer Evolves into Modular Threat with Advanced Evasion Capabilities
Malicious node-ipc versions published to npm in suspected maintainer account compromise
Nobody believes the 'criminals and scumbags' who hacked Canvas really deleted stolen student data
Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets
Foxconn factories resume operations after ransomware attack
Critical Quest KACE SMA flaw exploited after 10 months
When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps
New CRPx0 malware campaign uses OnlyFans lure for crypto theft and ransomware
WaSteal: 126 Chrome extensions, 148K installs, one Brazilian operator silently sending WhatsApp user data and ad cookies to its servers
Foxconn Attack Highlights Manufacturing's Cyber Crisis
GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data
Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America
Instructure confirms hackers used Canvas flaw to deface portals
Cyber Espionage Group Targets Aviation Firms to Steal Map Data
ShinyHunters Escalates Canvas Extortion with School by School Ransom Campaign
ShinyHunters claims nearly 9,000 schools affected by Canvas data breach
New ConsentFix v3 attack automates Microsoft Azure account hijacking
How to exfiltrate data using only numeric outputs
ConsentFix v3 attacks target Azure with automated OAuth abuse
15-year-old detained over French govt agency data breach
Two Cybersecurity Professionals Get 4-Year Sentences in BlackCat Ransomware Attacks
1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom
Novel Minecraft-targeting stealer tapped by reemergent LofyGang
LiteLLM exploited within 36 hours of disclosure via SQL injection bug
Malicious npm Dependency Linked to AI Assisted Commit Targets Crypto Wallets
Checkmarx Confirms Data Stolen in Supply Chain Attack
Medtronic Confirms Data Breach After ShinyHunters Claims
Alleged Chinese State Hacker Extradited to US
Chinese National Extradited Over Silk Typhoon Cyber Campaign
French police arrest hacker 'HexDex' for alleged widespread data theft
Alleged Silk Typhoon hacker extradited to US for cyberespionage
BlackFile Group Targets Retail and Hospitality with Vishing Attacks
China-Linked APT GopherWhisper Abuses Legitimate Services in Government Attacks
‘AiFrame’ browser attacks continue with fake authenticator, converter extensions
GopherWhisper: China-linked hackers target governments with custom Go toolkit
Trigona ransomware attackers use novel tool for data exfiltration
Bitwarden NPM Package Hit in Supply Chain Attack
China-Backed Hackers Are Industrializing Botnets
AI-driven cloud attacks reach ‘functional’ maturity, says Unit 42
Trigona ransomware attacks use custom exfiltration tool to steal data
New Checkmarx supply-chain breach affects KICS analysis tool
Trivy, KICS, and the shape of supply chain attacks so far in 2026
USN-8199-1: OpenStack Glance vulnerabilities
UK ransomware attacks shift to targeted methods, small businesses most affected
Botnet Alert - Mirai Botnet Targets End-of-Life D-Link Routers
China-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go Backdoors
Extensive Citizens Financial Group, Frost Bank breaches claimed by Everest ransomware
Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API
When Wi-Fi Encryption Fails: Protecting Your Enterprise from AirSnitch Attacks
Former ransomware negotiator pleads guilty to BlackCat attacks
DFIR Report – The Gentlemen & SystemBC: A Sneak Peek Behind the Proxy
Cracks in the Bedrock: Escaping the AWS AgentCore Sandbox
Analysis of the April 2026 Booking.com Supply Chain Breach and ClickFix Tactics
Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking
VU#915947: SGLang is vulnerable to remote code execution when rendering chat templates from a model file
DFIR Report – The Gentlemen & SystemBC: A Sneak Peek Behind the Proxy
Payouts King ransomware uses QEMU VMs to bypass endpoint security
Why the Stryker Attack Still Matters. And Five Steps You Can Take Today
QEMU abused to evade detection and enable ransomware delivery
100 Chrome Extensions Steal User Data, Create Backdoor
Mailbox Rule Abuse Emerges as Stealthy Post-Compromise Threat
Critical Marimo Flaw Exploited Hours After Public Disclosure
Google Warns of New Campaign Targeting BPOs to Steal Corporate Data
SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks
Google Warns of New Threat Group Targeting BPOs and Helpdesks
Google: New UNC6783 hackers steal corporate Zendesk support tickets
Russian GRU Exploiting Vulnerable Routers to Steal Sensitive Information 07 April 2026
Forest Blizzard leverages router compromises to launch AiTM attacks, target Outlook sessions
Cracks in the Bedrock: Escaping the AWS AgentCore Sandbox
Hundreds of orgs compromised daily in Microsoft device code phishing attacks
Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign
Russian APT28 Hackers Hijack Routers to Steal Credentials, UK Security Agency Warns
SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks
GrafanaGhost Exploit Bypasses AI Guardrails for Silent Data Exfiltration
GrafanaGhost: Attackers Can Abuse Grafana to Leak Enterprise Data
‘GrafanaGhost’ bypasses Grafana’s AI defenses without leaving a trace
Zero‑click Grafana AI attack can enable enterprise data exfiltration
Medusa Ransomware Fast to Exploit Vulnerabilities, Breached Systems
China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware
Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations
Microsoft links Medusa ransomware affiliate to zero-day attacks
Hackers exploit React2Shell in automated credential theft campaign
Critical ShareFile Flaws Lead to Unauthenticated RCE
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images
CERT-EU: European Commission hack exposes data of 30 EU entities
You Patched LiteLLM, But Do You Know Your AI Blast Radius?
Researchers Observe Sub-One-Hour Ransomware Attacks