Tag index
Generated from page-level ## Tags sections. Each tag below links to the pages that currently use it.
All tags
- .NET (2)
- .pth (1)
- 3CX (1)
- 4sync (1)
- Ababil of Minab (1)
- Accellion (1)
- account-takeover (1)
- ACTINIUM (1)
- active exploitation (21)
- active-exploitation (1)
- actor (3)
- actors (5)
- Adaptix C2 (1)
- Admin API key theft (1)
- administrator account creation (2)
- Adobe Commerce (1)
- Adspect (1)
- adversary-in-the-middle (2)
- adware (3)
- Afghanistan (2)
- agent frameworks (2)
- agent skills (1)
- agent state (1)
- agentic AI (1)
- agentic malware (1)
- Agentjacking (1)
- AGENTPSD (2)
- AI (3)
- AI agents (8)
- AI assistants (3)
- AI brand impersonation (1)
- AI chatbot abuse (1)
- AI credential theft (1)
- AI data exfiltration (1)
- AI gateway (1)
- AI search poisoning (1)
- AI tooling (10)
- ai-abuse (1)
- ai-agent (1)
- AI-augmented operations (1)
- AI-generated malware (1)
- AiTM (1)
- Albania (1)
- Android (4)
- Android spyware (1)
- Apex One (1)
- API abuse (1)
- AppDomainManager (1)
- AppleJeus (1)
- AppleSeed (1)
- appliance (1)
- APT (4)
- APT27 (1)
- APT28 (1)
- APT29 (1)
- APT32 (1)
- APT36 (2)
- APT37 (1)
- APT43 (1)
- APT45 (1)
- arbitrary file write (1)
- Arch Linux (1)
- Arista EOS (1)
- Armageddon (1)
- Artifact Signing (1)
- ASP.NET (2)
- ASP.NET machineKey (1)
- Astro (1)
- Atlas RAT (1)
- AUDIOFIX (2)
- AUR (1)
- authentication bypass (5)
- authentication stack (2)
- authentication-coercion (1)
- AUTODYN (1)
- AutoHotKey (1)
- AWS (3)
- AWS CloudTrail (1)
- AWS S3 (1)
- AWS Secrets Manager (1)
- axios (1)
- Azure (3)
- Backblaze (1)
- backdoor (7)
- backup disruption (1)
- backups (1)
- banking (1)
- banking malware (1)
- Barracuda (1)
- Bash Uploader (1)
- BeaverTail (1)
- Bedrock (1)
- behavioral integrity verification (1)
- Belarus (2)
- BinaryFormatter (1)
- binding.gyp (1)
- BirdCall (1)
- Bitbucket (1)
- Bitwarden (1)
- BlackFile (1)
- blockchain C2 (1)
- blockchain-dead-drop (1)
- BLUEBEAM (1)
- botnet (3)
- branch-compromise (1)
- branch-name-injection (1)
- brand-impersonation (1)
- Brazil (2)
- BreachForums (1)
- BRICKSTORM (2)
- browser credential theft (5)
- browser extension (1)
- browser hijacking (1)
- browser zero-day (1)
- browser-extensions (1)
- browser-security (1)
- BTMOB (1)
- build-time compromise (1)
- Bun (1)
- Bun runtime abuse (1)
- C2 (7)
- Canada (1)
- CANFAIL (1)
- Catalyst SD-WAN Manager (1)
- CCleaner (1)
- CDN (1)
- certificate theft (1)
- ChatGPT (1)
- Chatty Spider (1)
- Check Point (1)
- Check Point Research (1)
- Checkmarx (1)
- checkpointers (1)
- China (2)
- China-linked (2)
- China-nexus (6)
- China-speaking ecosystem (1)
- Chinese-language cybercrime (1)
- Chisel (3)
- Chrome Web Store (1)
- ChromElevator (1)
- Chromium (1)
- CI-CD (1)
- CI/CD (28)
- CircleCI (1)
- CISA KEV (8)
- Cisco (1)
- Cisco Nexus (1)
- Citrine Sleet (1)
- Citrix (1)
- CL-CRI-1089 (1)
- Claude (2)
- Claude Code (2)
- ClickFix (3)
- client-side exploitation (1)
- Cloaked Ursa (1)
- cloaking (1)
- cloud (5)
- cloud C2 (1)
- cloud credential theft (3)
- Cloud Files Mini Filter Driver (1)
- Cloud Filter driver (1)
- cloud IAM (1)
- cloud identity (2)
- cloud infrastructure (1)
- cloud logging (1)
- cloud secrets (3)
- cloud security (2)
- cloud service abuse (1)
- Cloudflare (1)
- Cloudflare tunnels (1)
- Cloudflare Workers (2)
- CMS (4)
- Cobalt Strike (2)
- code sandbox scraping (1)
- code signing (3)
- Codecov (1)
- Codex (2)
- Coinbase (1)
- collaboration-tool phishing (1)
- command execution (2)
- command injection (3)
- command-execution (1)
- command-injection (1)
- Composer (3)
- compromised accounts (1)
- compromised credentials (1)
- ConnectWise (1)
- consumer devices (1)
- Contagious Interview (2)
- container (1)
- container escape (1)
- continuous visibility (1)
- control panel compromise (1)
- control plane (1)
- Coruna (1)
- cPanel (2)
- CrackMapExec (1)
- Crates.io (1)
- credential exposure (1)
- credential spraying (1)
- credential theft (17)
- credential-theft (40)
- criminal infrastructure (1)
- critical infrastructure (2)
- critical-infrastructure (2)
- crypto (2)
- crypto-wallets (1)
- cryptocurrency (9)
- cryptocurrency theft (2)
- cryptojacking (1)
- cryptominer (2)
- Curious Serpens (1)
- Cursor (2)
- Curve25519 (1)
- custody APIs (1)
- CVE-2020-17103 (1)
- CVE-2022-0492 (1)
- CVE-2023-2868 (1)
- CVE-2023-4966 (1)
- CVE-2024-1708 (1)
- CVE-2024-1709 (1)
- CVE-2024-20399 (1)
- CVE-2024-21182 (1)
- CVE-2024-3094 (2)
- CVE-2025-32975 (1)
- CVE-2025-34291 (1)
- CVE-2025-48595 (1)
- CVE-2025-8088 (3)
- CVE-2026-0257 (1)
- CVE-2026-10520 (1)
- CVE-2026-10523 (1)
- CVE-2026-11645 (1)
- CVE-2026-20127 (1)
- CVE-2026-20182 (1)
- CVE-2026-20245 (1)
- CVE-2026-20253 (1)
- CVE-2026-23111 (1)
- CVE-2026-26980 (1)
- CVE-2026-28318 (1)
- CVE-2026-3300 (1)
- CVE-2026-33017 (1)
- CVE-2026-34926 (1)
- CVE-2026-35273 (2)
- CVE-2026-35616 (1)
- CVE-2026-39987 (1)
- CVE-2026-41091 (1)
- CVE-2026-41940 (1)
- CVE-2026-42271 (1)
- CVE-2026-44338 (1)
- CVE-2026-45247 (1)
- CVE-2026-45498 (1)
- CVE-2026-48172 (1)
- CVE-2026-50751 (1)
- CVE-2026-50752 (1)
- CVE-2026-5426 (1)
- CVE-2026-7473 (1)
- CVE-2026-8732 (1)
- CVE-2026-9082 (1)
- CWE-77 (1)
- CWE-78 (1)
- cybercrime (11)
- cybercrime ecosystem (2)
- Cython (1)
- Czech Republic (1)
- data exfiltration (2)
- data exposure (1)
- data leak site (2)
- data theft (4)
- data-exfiltration (1)
- DAYLIGHT (1)
- DDoS (1)
- dead drop resolver (1)
- DeepSeek (1)
- Defender evasion (2)
- defense (1)
- defense evasion (4)
- DeFi (4)
- denial of service (1)
- Deno (2)
- dependency confusion (1)
- deployment_status (1)
- deserialization (1)
- destructive operations (1)
- developer endpoints (1)
- developer machines (6)
- developer targeting (2)
- developer tooling (1)
- developer workstations (1)
- developer-targeting (9)
- developer-tools (1)
- developer-workstations (1)
- device registration (1)
- device-code phishing (1)
- DEWMODE (1)
- Digital Knowledge (1)
- digital wallets (1)
- DigitalOcean (1)
- Dindoor (1)
- diplomatic targeting (1)
- Discord (2)
- discovery (1)
- DLL side-loading (2)
- DLL sideloading (6)
- DNS C2 (2)
- DNS tunneling (1)
- Docker (1)
- document theft (3)
- domestic espionage (1)
- DotNetNuke (1)
- double extortion (1)
- DPAPI (1)
- DPAPILoader (1)
- DPRK (2)
- DroneLink (1)
- Dropbox (1)
- Drupal (1)
- Dutch Police (1)
- DWAgent (1)
- dynamic DNS (1)
- Dynu (1)
- e-commerce (1)
- eBPF (2)
- edge appliance (6)
- edge appliances (2)
- edge application server (1)
- edge devices (1)
- edge service (2)
- EDR evasion (1)
- education (1)
- Egnyte (1)
- EKZ Infostealer (1)
- Elasticsearch (1)
- email (1)
- email gateway (1)
- Emerald Sleet (1)
- endpoint management (1)
- endpoint management abuse (1)
- endpoint response (1)
- endpoint-security (2)
- energy-sector (1)
- engineering software (1)
- Entra ID (2)
- Environment Management Hub (1)
- environment variables (1)
- environmental keying (1)
- Epsilon Stealer (1)
- ESG (1)
- espionage (29)
- ETW patching (1)
- Eurojust (1)
- Europe (3)
- Europol (1)
- Everest Forms Pro (1)
- EvilAI (1)
- exfiltration (3)
- exploit-development (1)
- exploit-kit (1)
- Exploit.in (1)
- exploitation (10)
- external federation (1)
- extortion (5)
- F5 BIG-IP (1)
- fake CAPTCHA (1)
- fake dating lures (1)
- fake plugin (1)
- fake recruiting (1)
- fake update (2)
- FakeCaptcha (1)
- Fakeset (1)
- faketivism (1)
- FallSpy (1)
- FAMOUS CHOLLIMA (2)
- Fancy Bear (1)
- Fast16 (1)
- FastCGI (1)
- FBI (1)
- file-system filter (1)
- FileFiend (1)
- filemanager (1)
- filename-injection (1)
- finance (2)
- financial fraud (1)
- financial sector (3)
- financial services (2)
- financial theft (3)
- FireAnt MetaKit (1)
- Flutter (1)
- FlutterShell (1)
- Forest Blizzard (1)
- FortiClient EMS (1)
- Fortinet (1)
- Fox Tempest (2)
- FreeBSD (2)
- FSB (2)
- FTA (1)
- ftp.exe (1)
- Funnull (1)
- Gamaredon (2)
- GammaLoad (1)
- GammaPhish (1)
- GammaSteel (1)
- GammaWorm (1)
- Garble (1)
- GCS (1)
- Ghost CMS (1)
- GHSA-6rmh-7xcm-cpxj (1)
- GIFTEDCROOK (1)
- GitHub (14)
- GitHub abuse (1)
- GitHub Actions (16)
- GitHub API (1)
- GitHub App (1)
- GitHub issue spam (1)
- GitHub OAuth (1)
- GitHub Security Advisories (1)
- GitHub tokens (1)
- GitLab (1)
- gitleaks (1)
- Gleaming Pisces (1)
- gleeze.com (1)
- GlobalProtect (1)
- Go (4)
- Godzilla (1)
- GoEdge (1)
- Google Ads (1)
- Google Chrome (1)
- Google Cloud Logging (1)
- Google Drive (1)
- Google Play (1)
- government (2)
- government targeting (2)
- government-impersonation (1)
- Grandoreiro (1)
- GRE (1)
- GREYVIBE (1)
- group (3)
- groups (10)
- GS-Netcat (1)
- GUE (1)
- hack-and-leak (1)
- hacktivist persona (1)
- Hades (1)
- HappyDoor (1)
- HAR files (1)
- hard-coded secrets (1)
- HashiCorp Vault (1)
- healthcare (1)
- HelloDoor (1)
- HellsGate (1)
- high explosives (1)
- higher education (2)
- HONESTCUE (1)
- hosting provider (1)
- HR lures (1)
- HTA (3)
- HttpMalice (1)
- HTTPSpy (1)
- Hugging Face (2)
- Hunt.io (1)
- ICE (1)
- ICONICSTEALER (1)
- ICS (1)
- IDE extension (1)
- identity (3)
- identity security (1)
- IDEs (1)
- IFEO persistence (1)
- IIOP (1)
- IIS (1)
- IKEv1 (1)
- iMessage (1)
- Impacket (2)
- impersonation (1)
- import-time execution (1)
- in-memory DLL loading (1)
- incident response (11)
- indirect prompt injection (1)
- industrial control (1)
- infostealer (9)
- infrastructure (3)
- initial-access (1)
- install-time execution (1)
- InvisibleFerret (1)
- iOS (1)
- IoT (2)
- IP-in-IP (1)
- Iran (5)
- Iran-nexus (1)
- Israel (2)
- Ivanti Sentry (1)
- Japan (1)
- JavaScript (3)
- JavaScript bridge (1)
- JavaScript injection (1)
- JavaScript loader (1)
- JavaScript malware (1)
- JavaScript tampering (1)
- JDY (1)
- JetStream (1)
- JFrog Security Research (1)
- JINX-0164 (2)
- JSCoreRunner (1)
- JSON:API (1)
- JSONPing (1)
- JSP web shell (1)
- Kaspersky (2)
- kernel driver (1)
- KEV (3)
- KeyHunter (1)
- keylogger (2)
- keylogging (1)
- Kimsuky (1)
- KnowledgeDeliver (1)
- Kubernetes (1)
- KV-botnet (1)
- L2TP/IPSec (1)
- LA Metro (1)
- LangChain (2)
- Langflow (2)
- LangFlow (1)
- LangGraph (1)
- Laravel (2)
- lateral movement (2)
- lateral-movement (1)
- Latin America (2)
- launchctl (1)
- law enforcement (1)
- Lazarus (4)
- LD_PRELOAD (1)
- legacy infrastructure (1)
- legacy software (1)
- legal sector (1)
- LegionRelay (1)
- liblzma (1)
- libp2p (1)
- libpeconv (1)
- lifecycle hooks (1)
- LinkedIn (2)
- Linux (15)
- LiteLLM (3)
- LiteSpeed (1)
- living off the land (1)
- living-off-the-land (1)
- LLM (4)
- LLMjacking (1)
- LMS (1)
- LNK (6)
- LNK files (1)
- loader (1)
- local LLMs (1)
- local privilege escalation (1)
- log poisoning (1)
- long-lived tokens (1)
- long-term access (1)
- LONGSTREAM (1)
- LOOKVALJS (1)
- LOOKVALPS (1)
- LPE (1)
- LS-DYNA (1)
- LSASS (1)
- Lua (1)
- Lumen Black Lotus Labs (1)
- Luna Moth (1)
- MacCMS (1)
- macOS (6)
- Magento (1)
- mailbox theft (1)
- maintainer compromise (1)
- maintainer persona (1)
- maintainer-compromise (1)
- malicious releases (2)
- malvertising (3)
- malware (13)
- malware delivery (1)
- Malware-as-a-Service (1)
- malware-signing-as-a-service (1)
- managed file transfer (1)
- managed service provider (1)
- management plane (1)
- manufacturing (1)
- marimo (1)
- marketplace abuse (1)
- Maven Central (1)
- MCP (4)
- memory-only malware (1)
- MeshCentral (2)
- MEV bot lure (1)
- Mexico (1)
- MFA bypass (4)
- MFA fatigue (1)
- MFA-bypass (1)
- Miasma (2)
- Microsoft (2)
- Microsoft .NET (1)
- Microsoft 365 (2)
- Microsoft Defender (1)
- Microsoft Graph (2)
- Microsoft SQL Server (1)
- Microsoft Teams (2)
- Middle East (1)
- middleware (1)
- Midnight Blizzard (1)
- MiniJunk (1)
- MiniPlasma (1)
- MINIRAT (2)
- Ministry of Finance (1)
- MiniUpdate (1)
- MITRE ATT&CK T1005 (1)
- MITRE ATT&CK T1562 (1)
- mobile (1)
- Mobile Access (1)
- mobile device management (1)
- mobile devices (1)
- mobile malware (1)
- MobileIron Sentry (1)
- Model Context Protocol (2)
- model-provider abuse (1)
- module-proxy (1)
- MOIS (3)
- Monero (1)
- MPR network provider (1)
- Mr_Rot13 (1)
- msgpack (1)
- mshta (3)
- MSP (3)
- mTLS (1)
- MuddyWater (2)
- named pipes (1)
- namespace recycling (1)
- nation-state (1)
- NATS (1)
- NCSC-NL (1)
- Nebo (1)
- Neo-reGeorg (1)
- Netherlands (1)
- NetScaler (1)
- network infrastructure (1)
- nf_tables (1)
- nftables (1)
- Nginx (1)
- Nginx module (1)
- node-gyp (1)
- node-ipc (1)
- Node.js (1)
- North Korea (8)
- notarized malware (1)
- npm (29)
- npm lifecycle hook (1)
- npx (1)
- NTFS ADS (2)
- NTLM (1)
- nuclear weapons (1)
- NuGet (1)
- NVGRE (1)
- OAuth (2)
- OAuth tokens (1)
- obfuscation (1)
- OFAC (1)
- OIDC (4)
- Okta (4)
- Ollama (1)
- Oman (1)
- OneDrive (3)
- OpenAI Codex (1)
- OpenConnect (1)
- OpenSearch (1)
- OpenSSH (2)
- OpenVPN (1)
- OpenVSX (1)
- Operation DangerousPassword (1)
- Operation Highland (2)
- operational resilience (1)
- operations (112)
- OpFauxSign (1)
- ops (111)
- opsec failure (1)
- Oracle PeopleSoft (2)
- Oracle WebLogic Server (1)
- OTP interception (1)
- Outlook (1)
- OX Security (1)
- OYSTERBLUES (1)
- OYSTERFRESH (1)
- OYSTERSHUCK (1)
- P2P (1)
- package registry (2)
- package-takeover (1)
- Packagist (3)
- page poisoning (1)
- Pakistan-linked (2)
- Palo Alto Networks (1)
- PAM (2)
- PAN-OS (1)
- Pastebin (1)
- patch management (1)
- patterns (14)
- payment fraud (1)
- payment-card theft (1)
- payment-card-theft (2)
- payroll lures (1)
- pe_to_shellcode (1)
- PebbleDash (1)
- people (1)
- PeopleTools (1)
- persistence (16)
- pfSense (1)
- PhaaS (2)
- Phantom Gyp (1)
- PhantomClick (1)
- PhantomMail (1)
- PhantomRelay (1)
- Philippines (1)
- phishing (11)
- phishing-as-a-service (2)
- PHP (2)
- PHP code injection (1)
- PHP object injection (1)
- PicassoLoader (1)
- pig-butchering (1)
- piracy (1)
- Piriform (1)
- PKGBUILD (1)
- PLENET (2)
- poisoned-branch (1)
- PolinRider (1)
- Polymarket (1)
- portmap (1)
- Portugal (1)
- post-exploitation (3)
- postal-impersonation (1)
- PostgreSQL (3)
- postinstall (5)
- PowerCloud (1)
- PowerShell (8)
- PowerShower (1)
- PPtP (1)
- PraisonAI (1)
- PRC (1)
- PRC-aligned (1)
- pre-authentication (1)
- Primitive Bear (1)
- PrincessClub (1)
- privacy (1)
- private-key theft (1)
- privilege escalation (7)
- process hollowing (2)
- process injection (2)
- professional services (1)
- prompt injection (2)
- prompt-injection (4)
- PROMPTFLUX (1)
- PROMPTSPY (1)
- protestware (1)
- proxy (5)
- ProxyChains (1)
- PSEMHUB (1)
- psychological operations (1)
- public exploit (1)
- public file-transfer exfiltration (1)
- public sector (1)
- pull requests (1)
- PUP (1)
- pwn-request (1)
- PyPI (8)
- Python (3)
- Python extension modules (1)
- Qilin (1)
- query injection (1)
- Quest KACE SMA (1)
- RaaS (1)
- RAM disk (1)
- ransomware (4)
- rapid exploitation (2)
- RAT (15)
- RC4 (2)
- RCE (4)
- Rclone (1)
- RCS (1)
- RDP (1)
- Reality (1)
- Reaper (1)
- reconnaissance (1)
- recovery denial (1)
- recruitment lures (1)
- Redis (1)
- Redis backdoor (1)
- RediSearch (1)
- refresh tokens (1)
- registry persistence (3)
- release tampering (1)
- remote access (2)
- Remote Access VPN (1)
- remote code execution (3)
- remote-access (1)
- RemotePE (1)
- RemotePELoader (1)
- repository poisoning (1)
- residential proxies (1)
- REST C2 (1)
- ReverseSocks (1)
- reviewdog (1)
- RingH23 (1)
- RMM (1)
- RMM abuse (1)
- ROADrecon (1)
- ROADtools (1)
- roadtx (1)
- RokRAT (1)
- RomulusLoader (1)
- root execution (1)
- rootkit (3)
- RSA (1)
- RubyGems (2)
- Runner.Worker (1)
- Russia (6)
- Russia-linked cybercrime (1)
- Russia-nexus (2)
- Russian-speaking forums (1)
- Rust (4)
- SaaS (2)
- sabotage (2)
- Safari (1)
- Salesforce (1)
- ScarCruft (1)
- scheduled tasks (3)
- ScreenConnect (2)
- script-injection (1)
- SD-WAN (1)
- secret exposure (1)
- secrets (5)
- secrets management (1)
- security platform (1)
- Seedworm (1)
- segmented networks (1)
- self-hosted AI services (1)
- self-propagation (1)
- sendit.sh (1)
- Sentry (1)
- Sentry abuse (1)
- SEO poisoning (2)
- Serv-U (1)
- service accounts (1)
- ServiceNow (1)
- session hijacking (2)
- session theft (1)
- SHADOW-AETHER-040 (1)
- SHADOW-AETHER-064 (1)
- SHADOW-EARTH-066 (1)
- ShadowPad (1)
- Shai-Hulud (5)
- share propagation (1)
- shared hosting (2)
- shared secrets (1)
- SharePoint (1)
- ShinyHunters (2)
- Shuckworm (1)
- SideCopy (1)
- signed malware (1)
- signed updates (1)
- signed-binary (1)
- Silent Ransom Group (1)
- SilentCryptoMiner (1)
- SilentRunLoader (1)
- simulation tampering (1)
- sleeper packages (1)
- Sliver (1)
- SLSA (1)
- SmartScreen (1)
- SMB (1)
- SMB egress (1)
- smishing (4)
- sms-phishing (1)
- SMTP (1)
- social engineering (10)
- social-engineering (2)
- Socket Security Research (1)
- SOCKS5 (3)
- SOCKS5 tunneling (1)
- software impersonation (1)
- SOHO routers (1)
- Solana (1)
- SolarWinds (1)
- source-code compromise (1)
- source-package drift (1)
- source-package mismatch (1)
- source-repository poisoning (2)
- South Africa (1)
- South Asia (1)
- South Korea (2)
- Southeast Asia (3)
- spam (1)
- spear phishing (4)
- spear-phishing (2)
- spearphishing (1)
- SPECTRALVIPER (1)
- Splunk (1)
- SQL injection (3)
- SQLite (1)
- SSH (2)
- SSH bastion (1)
- SSH key persistence (1)
- SSH persistence (1)
- SSH tunnels (1)
- SSRF (1)
- state-linked (1)
- Static Kitten (1)
- stdio (2)
- stealer (1)
- stock exchange (1)
- storage deletion (1)
- Storm-2697 (1)
- Storm-3075 (1)
- STUN (1)
- Stuxnet lineage (1)
- subject claim (1)
- supply chain (1)
- supply chain compromise (1)
- supply-chain (60)
- Synology (1)
- SYSTEM (1)
- T3 (1)
- TA427 (1)
- tag rewrite (1)
- tag tampering (2)
- Taiwan (1)
- takedown (3)
- TamperedChef (1)
- targeted operations (1)
- TartarusGate (1)
- TeamPCP (8)
- TeamPCP-adjacent (1)
- TeamViewer (1)
- TEASOUP (1)
- telecom (2)
- telecom-impersonation (1)
- Telegram (5)
- telegram (1)
- Telegram C2 (1)
- telemetry (1)
- Telnyx (1)
- Temp Zagros (1)
- Tenet Security (1)
- The Gentlemen (1)
- threat hunting (1)
- tj-actions (1)
- token replay (1)
- token theft (2)
- token-theft (1)
- tool output injection (1)
- tooling (5)
- tools (7)
- Tor (2)
- Trading Technologies (1)
- traffic hijacking (1)
- traffic-fraud (1)
- transaction authority (1)
- transnational repression (1)
- Transparent Tribe (2)
- Trend Micro (2)
- TrendAI (1)
- TrickBot (1)
- Trident Ursa (1)
- trusted publishing (1)
- tunnel decapsulation (1)
- Twilio (1)
- typosquat (1)
- typosquatting (8)
- UAC (1)
- UAC-0010 (2)
- UAC-0098 (1)
- UAC-0226 (1)
- Udev persistence (1)
- Ukraine (7)
- unauthenticated access (1)
- unauthenticated RCE (1)
- UNC2814 (1)
- UNC3753 (1)
- UNC4736 (1)
- UNC6240 (2)
- UNC6671 (1)
- UNC6692 (2)
- UNC6780 (1)
- Unit 42 (1)
- United States (2)
- unsafe deserialization (1)
- uranium compression (1)
- USB worm (2)
- UTA0355 (1)
- uTLS (1)
- V8 (1)
- ValleyRAT (1)
- VBCloud (1)
- VBScript (3)
- Velvet Ant (2)
- VELVETSHELL (1)
- vendor credentials (1)
- Vercel (1)
- Vidar Stealer (1)
- Vietnam (2)
- Vietnam-aligned (1)
- Views (1)
- ViewState deserialization (1)
- virtualization (1)
- vishing (2)
- VLESS (1)
- vManage (1)
- VMware (2)
- Volt Typhoon (1)
- VPN (3)
- VS Code (5)
- VS Code tunnels (1)
- VSIX (1)
- vSphere (2)
- vulnerability (7)
- vulnerability-research (1)
- VXLAN (1)
- w3wp.exe (1)
- wallet infrastructure (1)
- wallet replacement (1)
- wallet theft (2)
- wallet-drainer (1)
- wallet-theft (3)
- Wasabi (1)
- watchdog (1)
- watering-hole (2)
- web application (3)
- web hosting (2)
- web IDE (1)
- web shell (3)
- web supply chain (1)
- web-shells (1)
- WebKit (1)
- WebLogic (1)
- WebRTC (1)
- webshell (1)
- WebSocket C2 (1)
- WebView (1)
- Webworm (1)
- WhatsApp (1)
- WHM (2)
- Windows (13)
- Windows persistence (1)
- Winos4.0 (1)
- WinRAR (3)
- wiper (2)
- wiper-adjacent (1)
- WireGuard (2)
- WordPress (2)
- workflow backdoor (1)
- worm (9)
- WP Maps Pro (1)
- X_TRADER (1)
- XChaCha20 (1)
- XenoRAT (2)
- XMRig (3)
- XSS.is (1)
- xz (1)
- Yanbian (1)
- ZAPiXDESK (1)
- Zendesk (1)
- Zero Trust (1)
- zero-click (1)
- zero-day (3)
.NET
.pth
3CX
4sync
Ababil of Minab
Accellion
account-takeover
ACTINIUM
active exploitation
- Arista EOS CVE-2026-7473 tunnel decapsulation exploitation
- Check Point VPN CVE-2026-50751 exploitation
- Chrome V8 CVE-2026-11645 exploitation
- Cisco Catalyst SD-WAN Manager CVE-2026-20245 exploitation
- Drupal Core CVE-2026-9082 exploitation
- Everest Forms Pro CVE-2026-3300 exploitation
- FortiClient EMS CVE-2026-35616 EKZ Infostealer campaign
- Ghost CMS CVE-2026-26980 ClickFix poisoning
- Ivanti Sentry CVE-2026-10520 exploitation
- KnowledgeDeliver CVE-2026-5426 ViewState exploitation
- LiteLLM CVE-2026-42271 MCP stdio command injection
- LiteSpeed cPanel CVE-2026-48172 exploitation
- MiniPlasma Windows Cloud Filter LPE exploitation
- Mr_Rot13 cPanel CVE-2026-41940 backdoor campaign
- Oracle PeopleSoft CVE-2026-35273 ShinyHunters exploitation
- Oracle WebLogic CVE-2024-21182 exploitation
- PAN-OS GlobalProtect CVE-2026-0257 exploitation
- PraisonAI CVE-2026-44338 rapid exploitation
- ServiceNow instance unauthenticated table-query exploitation
- SolarWinds Serv-U CVE-2026-28318 exploitation
- WP Maps Pro CVE-2026-8732 exploitation
active-exploitation
actor
actors
Adaptix C2
Admin API key theft
administrator account creation
Adobe Commerce
Adspect
adversary-in-the-middle
- AI-brand impersonation phishing and malvertising
- Chinese-language PhaaS wallet-tokenization ecosystem
adware
- Chrome live-wallpaper extension ad-fraud network
- Operation FlutterBridge FlutterShell macOS malvertising
- TamperedChef-style productivity malware clusters
Afghanistan
agent frameworks
agent skills
agent state
agentic AI
agentic malware
Agentjacking
AGENTPSD
AI
AI agents
- Agent skill marketplace poisoning
- Langflow CVE-2025-34291 exploitation
- LangGraph checkpointer injection and unsafe deserialization
- Marimo CVE-2026-39987 LLM-agent post-exploitation
- MCP stdio command-execution boundary
- NATS-as-C2 KeyHunter credential-harvesting operation
- PraisonAI CVE-2026-44338 rapid exploitation
- Sentry MCP Agentjacking
AI assistants
- binding.gyp npm CI/CD worm
- Claude Code GitHub Action prompt-injection boundary
- Developer-tool config auto-execution
AI brand impersonation
AI chatbot abuse
AI credential theft
AI data exfiltration
AI gateway
AI search poisoning
AI tooling
- codexui-android OpenAI token stealer
- LangGraph checkpointer injection and unsafe deserialization
- Malware-Slop Claude user-data npm infostealer
- MCP stdio command-execution boundary
- Ollama P2P cryptominer RAT campaign
- Polymarket npm wallet-drainer packages
- PraisonAI CVE-2026-44338 rapid exploitation
- SANDWORM_MODE AI-toolchain npm worm
- Sentry MCP Agentjacking
- TrapDoor crypto-stealer cross-ecosystem campaign
ai-abuse
ai-agent
AI-augmented operations
AI-generated malware
AiTM
Albania
Android
- Android Framework CVE-2025-48595 exploitation
- codexui-android OpenAI token stealer
- Grandoreiro and BTMOB Latin America / Europe malware campaigns
- ScarCruft Yanbian game-platform supply-chain attack
Android spyware
Apex One
API abuse
AppDomainManager
AppleJeus
AppleSeed
appliance
APT
APT27
APT28
APT29
APT32
APT36
APT37
APT43
APT45
arbitrary file write
Arch Linux
Arista EOS
Armageddon
Artifact Signing
ASP.NET
ASP.NET machineKey
Astro
Atlas RAT
AUDIOFIX
AUR
authentication bypass
- Check Point VPN CVE-2026-50751 exploitation
- Ivanti Sentry CVE-2026-10520 exploitation
- Mr_Rot13 cPanel CVE-2026-41940 backdoor campaign
- PAN-OS GlobalProtect CVE-2026-0257 exploitation
- PraisonAI CVE-2026-44338 rapid exploitation
authentication stack
authentication-coercion
AUTODYN
AutoHotKey
AWS
- CircleCI 2023 customer secret exposure incident
- NATS-as-C2 KeyHunter credential-harvesting operation
- vpmdhaj OpenSearch npm cloud-secret stealer
AWS CloudTrail
AWS S3
AWS Secrets Manager
axios
Azure
Backblaze
backdoor
- DAEMON Tools Lite supply-chain compromise
- Mr_Rot13 cPanel CVE-2026-41940 backdoor campaign
- Ollama P2P cryptominer RAT campaign
- Operation FlutterBridge FlutterShell macOS malvertising
- shopsprint/decimal Go typosquat DNS backdoor
- Showboat
- Telnyx PyPI TeamPCP compromise
backup disruption
backups
banking
banking malware
Barracuda
Bash Uploader
BeaverTail
Bedrock
behavioral integrity verification
Belarus
BinaryFormatter
binding.gyp
BirdCall
Bitbucket
Bitwarden
BlackFile
blockchain C2
blockchain-dead-drop
BLUEBEAM
botnet
- Dutch Police / NCSC 17-million-device botnet disruption
- Glassworm developer supply-chain botnet
- JDY SOHO / IoT reconnaissance botnet
branch-compromise
branch-name-injection
brand-impersonation
Brazil
- Grandoreiro and BTMOB Latin America / Europe malware campaigns
- SHADOW-AETHER AI-augmented Latin America intrusions
BreachForums
BRICKSTORM
browser credential theft
- FortiClient EMS CVE-2026-35616 EKZ Infostealer campaign
- GREYVIBE
- Seedworm / MuddyWater
- UAC-0226 / SHADOW-EARTH-066
- Void Dokkaebi
browser extension
browser hijacking
browser zero-day
browser-extensions
browser-security
BTMOB
build-time compromise
Bun
Bun runtime abuse
C2
- DAEMON Tools Lite supply-chain compromise
- Glassworm developer supply-chain botnet
- NATS-as-C2 KeyHunter credential-harvesting operation
- Oman government Iranian-nexus webshell C2
- Quest KACE SMA CVE-2025-32975 exploitation
- RemotePE
- Showboat
Canada
CANFAIL
Catalyst SD-WAN Manager
CCleaner
CDN
certificate theft
ChatGPT
Chatty Spider
Check Point
Check Point Research
Checkmarx
checkpointers
China
China-linked
China-nexus
- JDY SOHO / IoT reconnaissance botnet
- Operation GriefLure Southeast Asia LNK dropper
- Operation Highland Velvet Ant authentication-stack backdoors
- Velvet Ant
- VerdantBamboo
- VerdantBamboo appliance BRICKSTORM operation
China-speaking ecosystem
Chinese-language cybercrime
Chisel
- Oman government Iranian-nexus webshell C2
- PCPJack cloud SMTP relay network
- SHADOW-AETHER AI-augmented Latin America intrusions
Chrome Web Store
ChromElevator
Chromium
CI-CD
CI/CD
- actions-cool GitHub Actions tag compromise
- Astro config blockchain C2 PR injection
- binding.gyp npm CI/CD worm
- Bitwarden / Checkmarx Shai-Hulud Third Coming campaign
- BufferZoneCorp RubyGems / Go module CI poisoning
- CircleCI 2023 customer secret exposure incident
- Claude Code GitHub Action prompt-injection boundary
- Codecov Bash Uploader compromise
- Crypto supply-chain path to transaction authority
- GitHub Actions deployment poisoning
- GitHub Actions OIDC subject-claim collisions
- HackerBot Claw
- HackerBot Claw GitHub Actions exploitation campaign
- JINX-0164
- JINX-0164 crypto developer infrastructure campaign
- Laravel-Lang Composer tag-rewrite compromise
- LiteLLM compromise
- Megalodon GitHub Actions workflow backdooring
- Mini Shai-Hulud npm/PyPI worm campaign
- oob.moika.tech dependency-confusion environment stealer
- Operation DangerousPassword axios npm compromise
- SANDWORM_MODE AI-toolchain npm worm
- TeamPCP
- Telnyx PyPI TeamPCP compromise
- tj-actions and reviewdog compromise
- Trivy compromise
- Trivy → TeamPCP → CanisterWorm: compromise timeline
- vpmdhaj OpenSearch npm cloud-secret stealer
CircleCI
CISA KEV
- Android Framework CVE-2025-48595 exploitation
- Arista EOS CVE-2026-7473 tunnel decapsulation exploitation
- Ivanti Sentry CVE-2026-10520 exploitation
- Linux Kernel CVE-2022-0492 cgroup release_agent exploitation
- LiteLLM CVE-2026-42271 MCP stdio command injection
- Microsoft Defender CVE-2026-41091 / CVE-2026-45498 exploitation
- Mirasvit Cache Warmer CVE-2026-45247 exploitation
- Trend Micro Apex One CVE-2026-34926 exploitation
Cisco
Cisco Nexus
Citrine Sleet
Citrix
CL-CRI-1089
Claude
Claude Code
ClickFix
- Ghost CMS CVE-2026-26980 ClickFix poisoning
- GREYVIBE
- JINX-0164 crypto developer infrastructure campaign
client-side exploitation
Cloaked Ursa
cloaking
cloud
cloud C2
cloud credential theft
- AI-augmented adversary operations
- Marimo CVE-2026-39987 LLM-agent post-exploitation
- NATS-as-C2 KeyHunter credential-harvesting operation
Cloud Files Mini Filter Driver
Cloud Filter driver
cloud IAM
cloud identity
cloud infrastructure
cloud logging
cloud secrets
- JINX-0164 crypto developer infrastructure campaign
- oob.moika.tech dependency-confusion environment stealer
- vpmdhaj OpenSearch npm cloud-secret stealer
cloud security
cloud service abuse
Cloudflare
Cloudflare tunnels
Cloudflare Workers
CMS
- Drupal Core CVE-2026-9082 exploitation
- Everest Forms Pro CVE-2026-3300 exploitation
- Ghost CMS CVE-2026-26980 ClickFix poisoning
- WP Maps Pro CVE-2026-8732 exploitation
Cobalt Strike
code sandbox scraping
code signing
- AI-brand impersonation phishing and malvertising
- Fox Tempest
- TamperedChef-style productivity malware clusters
Codecov
Codex
Coinbase
collaboration-tool phishing
command execution
command injection
- Cisco Catalyst SD-WAN Manager CVE-2026-20245 exploitation
- Ivanti Sentry CVE-2026-10520 exploitation
- LiteLLM CVE-2026-42271 MCP stdio command injection
command-execution
command-injection
Composer
- Famous Chollima Packagist dev-branch loader
- GitHub / Packagist postinstall hook campaign
- Laravel-Lang Composer tag-rewrite compromise
compromised accounts
compromised credentials
ConnectWise
consumer devices
Contagious Interview
container
container escape
continuous visibility
control panel compromise
control plane
Coruna
cPanel
CrackMapExec
Crates.io
credential exposure
credential spraying
credential theft
- Agent skill marketplace poisoning
- AI-brand impersonation phishing and malvertising
- Browser-based developer IDE OAuth token theft
- Chinese-language PhaaS wallet-tokenization ecosystem
- FortiClient EMS CVE-2026-35616 EKZ Infostealer campaign
- Langflow CVE-2025-34291 exploitation
- LiteLLM compromise
- Mr_Rot13 cPanel CVE-2026-41940 backdoor campaign
- Operation FlutterBridge FlutterShell macOS malvertising
- Operation Highland Velvet Ant authentication-stack backdoors
- PCPJack cloud SMTP relay network
- Seedworm / MuddyWater
- Solana FakeFix npm / PyPI developer stealer
- Stock exchange executive mailbox espionage
- Telnyx PyPI TeamPCP compromise
- Trivy compromise
- UNC6692 SNOW malware social-engineering campaign
credential-theft
- actions-cool GitHub Actions tag compromise
- APT29
- Atomic Arch AUR package hijack
- binding.gyp npm CI/CD worm
- Bitwarden / Checkmarx Shai-Hulud Third Coming campaign
- BufferZoneCorp RubyGems / Go module CI poisoning
- codexui-android OpenAI token stealer
- DAEMON Tools Lite supply-chain compromise
- Developer-tool config auto-execution
- Famous Chollima Packagist dev-branch loader
- faster-axios / turbo-axios Epsilon Stealer npm campaign
- forge-jsxy
- GitHub / Packagist postinstall hook campaign
- Glassworm developer supply-chain botnet
- Grandoreiro and BTMOB Latin America / Europe malware campaigns
- Hunt.io global smishing infrastructure campaign
- IronWorm npm Rust infostealer campaign
- JINX-0164
- JINX-0164 crypto developer infrastructure campaign
- js-logger-pack Hugging Face exfiltration campaign
- Kali365 device-code phishing expansion
- Laravel-Lang Composer tag-rewrite compromise
- Malware-Slop Claude user-data npm infostealer
- Megalodon GitHub Actions workflow backdooring
- Mini Shai-Hulud npm/PyPI worm campaign
- node-ipc 2026 npm maintainer-account compromise
- Nx Console VS Code extension compromise
- Oman government Iranian-nexus webshell C2
- oob.moika.tech dependency-confusion environment stealer
- Operation DangerousPassword axios npm compromise
- Operation GriefLure Southeast Asia LNK dropper
- Outsider Enterprise smishing PhaaS
- SANDWORM_MODE AI-toolchain npm worm
- Sicoob.Sdk NuGet banking certificate stealer
- StegaBin Pastebin-steganography npm campaign
- TA4922
- TrapDoor crypto-stealer cross-ecosystem campaign
- UNK_DeadDrop developer repository phishing
- vpmdhaj OpenSearch npm cloud-secret stealer
- Xinference PyPI compromise
criminal infrastructure
critical infrastructure
critical-infrastructure
crypto
crypto-wallets
cryptocurrency
- Crypto supply-chain path to transaction authority
- IronWorm npm Rust infostealer campaign
- JINX-0164
- JINX-0164 crypto developer infrastructure campaign
- Polymarket npm wallet-drainer packages
- RemotePE
- SANDWORM_MODE AI-toolchain npm worm
- Solana FakeFix npm / PyPI developer stealer
- UNK_DeadDrop developer repository phishing
cryptocurrency theft
cryptojacking
cryptominer
Curious Serpens
Cursor
Curve25519
custody APIs
CVE-2020-17103
CVE-2022-0492
CVE-2023-2868
CVE-2023-4966
CVE-2024-1708
CVE-2024-1709
CVE-2024-20399
CVE-2024-21182
CVE-2024-3094
CVE-2025-32975
CVE-2025-34291
CVE-2025-48595
CVE-2025-8088
CVE-2026-0257
CVE-2026-10520
CVE-2026-10523
CVE-2026-11645
CVE-2026-20127
CVE-2026-20182
CVE-2026-20245
CVE-2026-20253
CVE-2026-23111
CVE-2026-26980
CVE-2026-28318
CVE-2026-3300
CVE-2026-33017
CVE-2026-34926
CVE-2026-35273
CVE-2026-35616
CVE-2026-39987
CVE-2026-41091
CVE-2026-41940
CVE-2026-42271
CVE-2026-44338
CVE-2026-45247
CVE-2026-45498
CVE-2026-48172
CVE-2026-50751
CVE-2026-50752
CVE-2026-5426
CVE-2026-7473
CVE-2026-8732
CVE-2026-9082
CWE-77
CWE-78
cybercrime
- Dutch Police / NCSC 17-million-device botnet disruption
- First VPN
- Fox Tempest
- Funnull RingH23 and MacCMS supply-chain attacks
- Hunt.io global smishing infrastructure campaign
- JINX-0164
- Operation FlutterBridge FlutterShell macOS malvertising
- Outsider Enterprise smishing PhaaS
- Pirated media SilentCryptoMiner RAT campaign
- TA4922
- The Gentlemen ransomware
cybercrime ecosystem
Cython
Czech Republic
data exfiltration
- Ababil of Minab MOIS-linked recovery-destruction campaign
- SHADOW-AETHER AI-augmented Latin America intrusions
data exposure
data leak site
data theft
- Accellion FTA exploitation campaign
- Malware-Slop Claude user-data npm infostealer
- ShinyHunters
- UNC3753
data-exfiltration
DAYLIGHT
DDoS
dead drop resolver
DeepSeek
Defender evasion
defense
defense evasion
- Cloud logging control-plane tampering
- Ollama P2P cryptominer RAT campaign
- Pirated media SilentCryptoMiner RAT campaign
- ROADtools
DeFi
- JINX-0164
- JINX-0164 crypto developer infrastructure campaign
- RemotePE
- TrapDoor crypto-stealer cross-ecosystem campaign
denial of service
Deno
dependency confusion
deployment_status
deserialization
destructive operations
developer endpoints
developer machines
- Astro config blockchain C2 PR injection
- BufferZoneCorp RubyGems / Go module CI poisoning
- MCP stdio command-execution boundary
- Polymarket npm wallet-drainer packages
- Telnyx PyPI TeamPCP compromise
- Trivy compromise
developer targeting
developer tooling
developer workstations
developer-targeting
- codexui-android OpenAI token stealer
- Famous Chollima Packagist dev-branch loader
- Glassworm developer supply-chain botnet
- JINX-0164
- JINX-0164 crypto developer infrastructure campaign
- Malware-Slop Claude user-data npm infostealer
- Operation DangerousPassword axios npm compromise
- StegaBin Pastebin-steganography npm campaign
- UNK_DeadDrop developer repository phishing
developer-tools
developer-workstations
device registration
device-code phishing
DEWMODE
Digital Knowledge
digital wallets
DigitalOcean
Dindoor
diplomatic targeting
Discord
discovery
DLL side-loading
DLL sideloading
- AI chatbot and SEO poisoning GPU-cryptojacking campaign
- Grandoreiro and BTMOB Latin America / Europe malware campaigns
- Operation Dragon Weave Azure Blob C2 campaign
- Operation GriefLure Southeast Asia LNK dropper
- Screening Serpens
- Seedworm / MuddyWater
DNS C2
DNS tunneling
Docker
document theft
domestic espionage
DotNetNuke
double extortion
DPAPI
DPAPILoader
DPRK
DroneLink
Dropbox
Drupal
Dutch Police
DWAgent
dynamic DNS
Dynu
e-commerce
eBPF
edge appliance
- Check Point VPN CVE-2026-50751 exploitation
- Cisco Catalyst SD-WAN Manager CVE-2026-20245 exploitation
- CitrixBleed session-hijack wave
- Ivanti Sentry CVE-2026-10520 exploitation
- PAN-OS GlobalProtect CVE-2026-0257 exploitation
- Quest KACE SMA CVE-2025-32975 exploitation
edge appliances
edge application server
edge devices
edge service
- SolarWinds Serv-U CVE-2026-28318 exploitation
- Splunk Enterprise CVE-2026-20253 pre-auth file write / RCE
EDR evasion
education
Egnyte
EKZ Infostealer
Elasticsearch
email gateway
Emerald Sleet
endpoint management
endpoint management abuse
endpoint response
endpoint-security
- Microsoft Defender CVE-2026-41091 / CVE-2026-45498 exploitation
- Trend Micro Apex One CVE-2026-34926 exploitation
energy-sector
engineering software
Entra ID
Environment Management Hub
environment variables
environmental keying
Epsilon Stealer
ESG
espionage
- APT29
- Barracuda ESG zero-day backdoor campaign
- Cloud Atlas
- Dragonfly
- Gamaredon
- Gamaredon GammaPhish / GammaWorm / GammaSteel chain
- Ghostwriter
- GREYVIBE
- Kimsuky / Emerald Sleet / TA427
- OceanLotus
- Oman government Iranian-nexus webshell C2
- OP-512
- Operation Dragon Weave Azure Blob C2 campaign
- Operation GriefLure Southeast Asia LNK dropper
- Operation Highland Velvet Ant authentication-stack backdoors
- Operation XENOFISCAL SideCopy XenoRAT campaign
- RemotePE
- ROADtools
- ScarCruft Yanbian game-platform supply-chain attack
- Screening Serpens
- Seedworm / MuddyWater
- Showboat
- SideCopy
- Stock exchange executive mailbox espionage
- UNC6692 SNOW malware social-engineering campaign
- Velvet Ant
- VerdantBamboo
- VerdantBamboo appliance BRICKSTORM operation
- Webworm
ETW patching
Eurojust
Europe
- APT28 LNK SmartScreen bypass and CVE-2026-32202 coercion chain
- Grandoreiro and BTMOB Latin America / Europe malware campaigns
- Webworm
Europol
Everest Forms Pro
EvilAI
exfiltration
- codexui-android OpenAI token stealer
- js-logger-pack Hugging Face exfiltration campaign
- Malware-Slop Claude user-data npm infostealer
exploit-development
exploit-kit
Exploit.in
exploitation
- Android Framework CVE-2025-48595 exploitation
- Langflow CVE-2025-34291 exploitation
- Linux Kernel CVE-2022-0492 cgroup release_agent exploitation
- Linux nftables CVE-2026-23111 public LPE exploits
- Marimo CVE-2026-39987 LLM-agent post-exploitation
- Microsoft Defender CVE-2026-41091 / CVE-2026-45498 exploitation
- Mirasvit Cache Warmer CVE-2026-45247 exploitation
- PraisonAI CVE-2026-44338 rapid exploitation
- Quest KACE SMA CVE-2025-32975 exploitation
- Trend Micro Apex One CVE-2026-34926 exploitation
external federation
extortion
- Accellion FTA exploitation campaign
- BlackFile / UNC6671 vishing extortion operation
- Oracle PeopleSoft CVE-2026-35273 ShinyHunters exploitation
- ShinyHunters
- UNC3753
F5 BIG-IP
fake CAPTCHA
fake dating lures
fake plugin
fake recruiting
fake update
- FortiClient EMS CVE-2026-35616 EKZ Infostealer campaign
- Pirated media SilentCryptoMiner RAT campaign
FakeCaptcha
Fakeset
faketivism
FallSpy
FAMOUS CHOLLIMA
Fancy Bear
Fast16
FastCGI
FBI
file-system filter
FileFiend
filemanager
filename-injection
finance
- oob.moika.tech dependency-confusion environment stealer
- Sicoob.Sdk NuGet banking certificate stealer
financial fraud
financial sector
- RemotePE
- SHADOW-AETHER AI-augmented Latin America intrusions
- Stock exchange executive mailbox espionage
financial services
financial theft
FireAnt MetaKit
Flutter
FlutterShell
Forest Blizzard
FortiClient EMS
Fortinet
Fox Tempest
FreeBSD
FSB
FTA
ftp.exe
Funnull
Gamaredon
GammaLoad
GammaPhish
GammaSteel
GammaWorm
Garble
GCS
Ghost CMS
GHSA-6rmh-7xcm-cpxj
GIFTEDCROOK
GitHub
- Astro config blockchain C2 PR injection
- Browser-based developer IDE OAuth token theft
- BufferZoneCorp RubyGems / Go module CI poisoning
- Crypto supply-chain path to transaction authority
- Developer-tool config auto-execution
- GitHub / Packagist postinstall hook campaign
- Glassworm developer supply-chain botnet
- IronWorm npm Rust infostealer campaign
- JiaT75
- JINX-0164 crypto developer infrastructure campaign
- Malware-Slop Claude user-data npm infostealer
- Nx Console VS Code extension compromise
- UNK_DeadDrop developer repository phishing
- Webworm
GitHub abuse
GitHub Actions
- actions-cool GitHub Actions tag compromise
- binding.gyp npm CI/CD worm
- Bitwarden / Checkmarx Shai-Hulud Third Coming campaign
- BufferZoneCorp RubyGems / Go module CI poisoning
- Claude Code GitHub Action prompt-injection boundary
- GitHub Actions deployment poisoning
- GitHub Actions OIDC subject-claim collisions
- HackerBot Claw
- HackerBot Claw GitHub Actions exploitation campaign
- Megalodon GitHub Actions workflow backdooring
- Mini Shai-Hulud npm/PyPI worm campaign
- SANDWORM_MODE AI-toolchain npm worm
- TeamPCP
- tj-actions and reviewdog compromise
- Trivy compromise
- Trivy → TeamPCP → CanisterWorm: compromise timeline
GitHub API
GitHub App
GitHub issue spam
GitHub OAuth
GitHub Security Advisories
GitHub tokens
GitLab
gitleaks
Gleaming Pisces
gleeze.com
GlobalProtect
Go
- BufferZoneCorp RubyGems / Go module CI poisoning
- Ollama P2P cryptominer RAT campaign
- shopsprint/decimal Go typosquat DNS backdoor
- The Gentlemen ransomware
Godzilla
GoEdge
Google Ads
Google Chrome
Google Cloud Logging
Google Drive
Google Play
government
government targeting
government-impersonation
Grandoreiro
GRE
GREYVIBE
group
groups
GS-Netcat
GUE
hack-and-leak
hacktivist persona
Hades
HappyDoor
HAR files
hard-coded secrets
HashiCorp Vault
healthcare
HelloDoor
HellsGate
high explosives
higher education
HONESTCUE
hosting provider
HR lures
HTA
- Gamaredon GammaPhish / GammaWorm / GammaSteel chain
- Operation XENOFISCAL SideCopy XenoRAT campaign
- SideCopy
HttpMalice
HTTPSpy
Hugging Face
Hunt.io
ICE
ICONICSTEALER
ICS
IDE extension
identity
identity security
IDEs
IFEO persistence
IIOP
IIS
IKEv1
iMessage
Impacket
impersonation
import-time execution
in-memory DLL loading
incident response
- Check Point VPN CVE-2026-50751 exploitation
- Cisco Catalyst SD-WAN Manager CVE-2026-20245 exploitation
- FortiClient EMS CVE-2026-35616 EKZ Infostealer campaign
- Funnull RingH23 and MacCMS supply-chain attacks
- LiteSpeed cPanel CVE-2026-48172 exploitation
- Mr_Rot13 cPanel CVE-2026-41940 backdoor campaign
- Oracle WebLogic CVE-2024-21182 exploitation
- PAN-OS GlobalProtect CVE-2026-0257 exploitation
- ServiceNow instance unauthenticated table-query exploitation
- SolarWinds Serv-U CVE-2026-28318 exploitation
- Splunk Enterprise CVE-2026-20253 pre-auth file write / RCE
indirect prompt injection
industrial control
infostealer
- codexui-android OpenAI token stealer
- Famous Chollima Packagist dev-branch loader
- faster-axios / turbo-axios Epsilon Stealer npm campaign
- IronWorm npm Rust infostealer campaign
- JINX-0164 crypto developer infrastructure campaign
- Malware-Slop Claude user-data npm infostealer
- StegaBin Pastebin-steganography npm campaign
- TamperedChef-style productivity malware clusters
- Telnyx PyPI TeamPCP compromise
infrastructure
- First VPN
- Funnull RingH23 and MacCMS supply-chain attacks
- Hunt.io global smishing infrastructure campaign
initial-access
install-time execution
InvisibleFerret
iOS
IoT
IP-in-IP
Iran
- Ababil of Minab MOIS-linked recovery-destruction campaign
- Handala
- Langflow CVE-2025-34291 exploitation
- Screening Serpens
- Seedworm / MuddyWater
Iran-nexus
Israel
Ivanti Sentry
Japan
JavaScript
- Astro config blockchain C2 PR injection
- Operation DangerousPassword axios npm compromise
- Operation XENOFISCAL SideCopy XenoRAT campaign
JavaScript bridge
JavaScript injection
JavaScript loader
JavaScript malware
JavaScript tampering
JDY
JetStream
JFrog Security Research
JINX-0164
JSCoreRunner
JSON:API
JSONPing
JSP web shell
Kaspersky
kernel driver
KEV
- Drupal Core CVE-2026-9082 exploitation
- Langflow CVE-2025-34291 exploitation
- PAN-OS GlobalProtect CVE-2026-0257 exploitation
KeyHunter
keylogger
keylogging
Kimsuky
KnowledgeDeliver
Kubernetes
KV-botnet
L2TP/IPSec
LA Metro
LangChain
Langflow
LangFlow
LangGraph
Laravel
lateral movement
lateral-movement
Latin America
- Grandoreiro and BTMOB Latin America / Europe malware campaigns
- SHADOW-AETHER AI-augmented Latin America intrusions
launchctl
law enforcement
Lazarus
- Famous Chollima Packagist dev-branch loader
- Operation DangerousPassword axios npm compromise
- RemotePE
- StegaBin Pastebin-steganography npm campaign
LD_PRELOAD
legacy infrastructure
legacy software
legal sector
LegionRelay
liblzma
libp2p
libpeconv
lifecycle hooks
Linux
- Atomic Arch AUR package hijack
- GitHub / Packagist postinstall hook campaign
- IronWorm npm Rust infostealer campaign
- js-logger-pack Hugging Face exfiltration campaign
- Linux Kernel CVE-2022-0492 cgroup release_agent exploitation
- Linux nftables CVE-2026-23111 public LPE exploits
- Ollama P2P cryptominer RAT campaign
- Operation DangerousPassword axios npm compromise
- Operation Highland Velvet Ant authentication-stack backdoors
- PCPJack cloud SMTP relay network
- Showboat
- Velvet Ant
- VerdantBamboo
- VerdantBamboo appliance BRICKSTORM operation
- XZ Utils backdoor
LiteLLM
- LiteLLM CVE-2026-42271 MCP stdio command injection
- MCP stdio command-execution boundary
- Telnyx PyPI TeamPCP compromise
LiteSpeed
living off the land
living-off-the-land
LLM
- AI-augmented adversary operations
- GREYVIBE
- Marimo CVE-2026-39987 LLM-agent post-exploitation
- Ollama P2P cryptominer RAT campaign
LLMjacking
LMS
LNK
- APT28 LNK SmartScreen bypass and CVE-2026-32202 coercion chain
- Gamaredon GammaPhish / GammaWorm / GammaSteel chain
- Operation GriefLure Southeast Asia LNK dropper
- Operation XENOFISCAL SideCopy XenoRAT campaign
- SideCopy
- UAC-0226 / SHADOW-EARTH-066
LNK files
loader
local LLMs
local privilege escalation
log poisoning
long-lived tokens
long-term access
LONGSTREAM
LOOKVALJS
LOOKVALPS
LPE
LS-DYNA
LSASS
Lua
Lumen Black Lotus Labs
Luna Moth
MacCMS
macOS
- 3CX desktop app compromise
- JINX-0164
- JINX-0164 crypto developer infrastructure campaign
- js-logger-pack Hugging Face exfiltration campaign
- Operation DangerousPassword axios npm compromise
- Operation FlutterBridge FlutterShell macOS malvertising
Magento
mailbox theft
maintainer compromise
maintainer persona
maintainer-compromise
malicious releases
malvertising
- AI-brand impersonation phishing and malvertising
- Operation FlutterBridge FlutterShell macOS malvertising
- TamperedChef-style productivity malware clusters
malware
- AI-augmented adversary operations
- binding.gyp npm CI/CD worm
- CanisterWorm
- Fast16
- forge-jsxy
- IronWorm npm Rust infostealer campaign
- RemotePE
- Showboat
- TA4922
- TamperedChef-style productivity malware clusters
- TeamPCP
- The Gentlemen ransomware
- UNC6692 SNOW malware social-engineering campaign
malware delivery
Malware-as-a-Service
malware-signing-as-a-service
managed file transfer
managed service provider
management plane
manufacturing
marimo
marketplace abuse
Maven Central
MCP
- LiteLLM CVE-2026-42271 MCP stdio command injection
- MCP stdio command-execution boundary
- SANDWORM_MODE AI-toolchain npm worm
- Sentry MCP Agentjacking
memory-only malware
MeshCentral
MEV bot lure
Mexico
MFA bypass
- 0ktapus phishing campaign
- Chinese-language PhaaS wallet-tokenization ecosystem
- CitrixBleed session-hijack wave
- ROADtools
MFA fatigue
MFA-bypass
Miasma
Microsoft
Microsoft .NET
Microsoft 365
Microsoft Defender
Microsoft Graph
Microsoft SQL Server
Microsoft Teams
Middle East
middleware
Midnight Blizzard
MiniJunk
MiniPlasma
MINIRAT
Ministry of Finance
MiniUpdate
MITRE ATT&CK T1005
MITRE ATT&CK T1562
mobile
Mobile Access
mobile device management
mobile devices
mobile malware
MobileIron Sentry
Model Context Protocol
model-provider abuse
module-proxy
MOIS
Monero
MPR network provider
Mr_Rot13
msgpack
mshta
- Gamaredon GammaPhish / GammaWorm / GammaSteel chain
- Operation XENOFISCAL SideCopy XenoRAT campaign
- SideCopy
MSP
- ConnectWise ScreenConnect exploitation wave
- VerdantBamboo
- VerdantBamboo appliance BRICKSTORM operation
mTLS
MuddyWater
named pipes
namespace recycling
nation-state
NATS
NCSC-NL
Nebo
Neo-reGeorg
Netherlands
NetScaler
network infrastructure
nf_tables
nftables
Nginx
Nginx module
node-gyp
node-ipc
Node.js
North Korea
- Famous Chollima Packagist dev-branch loader
- Kimsuky / Emerald Sleet / TA427
- Operation DangerousPassword axios npm compromise
- RemotePE
- ScarCruft Yanbian game-platform supply-chain attack
- StegaBin Pastebin-steganography npm campaign
- UNK_DeadDrop developer repository phishing
- Void Dokkaebi
notarized malware
npm
- art-template Coruna-style iOS watering-hole compromise
- Atomic Arch AUR package hijack
- binding.gyp npm CI/CD worm
- Bitwarden / Checkmarx Shai-Hulud Third Coming campaign
- CanisterWorm
- codexui-android OpenAI token stealer
- faster-axios / turbo-axios Epsilon Stealer npm campaign
- forge-jsxy
- GitHub / Packagist postinstall hook campaign
- Glassworm developer supply-chain botnet
- IronWorm npm Rust infostealer campaign
- JINX-0164
- JINX-0164 crypto developer infrastructure campaign
- js-logger-pack Hugging Face exfiltration campaign
- Malware-Slop Claude user-data npm infostealer
- Megalodon GitHub Actions workflow backdooring
- Mini Shai-Hulud npm/PyPI worm campaign
- node-ipc 2026 npm maintainer-account compromise
- oob.moika.tech dependency-confusion environment stealer
- Operation DangerousPassword axios npm compromise
- Polymarket npm wallet-drainer packages
- SANDWORM_MODE AI-toolchain npm worm
- Sentry MCP Agentjacking
- Solana FakeFix npm / PyPI developer stealer
- StegaBin Pastebin-steganography npm campaign
- TeamPCP
- TrapDoor crypto-stealer cross-ecosystem campaign
- Trivy → TeamPCP → CanisterWorm: compromise timeline
- vpmdhaj OpenSearch npm cloud-secret stealer
npm lifecycle hook
npx
NTFS ADS
NTLM
nuclear weapons
NuGet
NVGRE
OAuth
OAuth tokens
obfuscation
OFAC
OIDC
- Claude Code GitHub Action prompt-injection boundary
- GitHub Actions OIDC subject-claim collisions
- Megalodon GitHub Actions workflow backdooring
- Mini Shai-Hulud npm/PyPI worm campaign
Okta
- 0ktapus phishing campaign
- BlackFile / UNC6671 vishing extortion operation
- Kali365 device-code phishing expansion
- Okta support-system compromise
Ollama
Oman
OneDrive
OpenAI Codex
OpenConnect
OpenSearch
OpenSSH
OpenVPN
OpenVSX
Operation DangerousPassword
Operation Highland
operational resilience
operations
- 0ktapus phishing campaign
- 3CX desktop app compromise
- Ababil of Minab MOIS-linked recovery-destruction campaign
- Accellion FTA exploitation campaign
- actions-cool GitHub Actions tag compromise
- AI chatbot and SEO poisoning GPU-cryptojacking campaign
- Android Framework CVE-2025-48595 exploitation
- APT28 LNK SmartScreen bypass and CVE-2026-32202 coercion chain
- Arista EOS CVE-2026-7473 tunnel decapsulation exploitation
- art-template Coruna-style iOS watering-hole compromise
- Astro config blockchain C2 PR injection
- Atomic Arch AUR package hijack
- Barracuda ESG zero-day backdoor campaign
- binding.gyp npm CI/CD worm
- Bitwarden / Checkmarx Shai-Hulud Third Coming campaign
- BlackFile / UNC6671 vishing extortion operation
- BufferZoneCorp RubyGems / Go module CI poisoning
- CanisterWorm
- CCleaner signed-update compromise
- Check Point VPN CVE-2026-50751 exploitation
- Chinese-language PhaaS wallet-tokenization ecosystem
- Chrome live-wallpaper extension ad-fraud network
- Chrome V8 CVE-2026-11645 exploitation
- CircleCI 2023 customer secret exposure incident
- Cisco Catalyst SD-WAN Manager CVE-2026-20245 exploitation
- CitrixBleed session-hijack wave
- Codecov Bash Uploader compromise
- codexui-android OpenAI token stealer
- ConnectWise ScreenConnect exploitation wave
- DAEMON Tools Lite supply-chain compromise
- Drupal Core CVE-2026-9082 exploitation
- Dutch Police / NCSC 17-million-device botnet disruption
- Everest Forms Pro CVE-2026-3300 exploitation
- Famous Chollima Packagist dev-branch loader
- faster-axios / turbo-axios Epsilon Stealer npm campaign
- FortiClient EMS CVE-2026-35616 EKZ Infostealer campaign
- Funnull RingH23 and MacCMS supply-chain attacks
- Gamaredon GammaPhish / GammaWorm / GammaSteel chain
- Ghost CMS CVE-2026-26980 ClickFix poisoning
- GitHub / Packagist postinstall hook campaign
- Glassworm developer supply-chain botnet
- Grandoreiro and BTMOB Latin America / Europe malware campaigns
- HackerBot Claw
- HackerBot Claw GitHub Actions exploitation campaign
- Hunt.io global smishing infrastructure campaign
- IronWorm npm Rust infostealer campaign
- Ivanti Sentry CVE-2026-10520 exploitation
- JDY SOHO / IoT reconnaissance botnet
- JINX-0164 crypto developer infrastructure campaign
- js-logger-pack Hugging Face exfiltration campaign
- Kali365 device-code phishing expansion
- KnowledgeDeliver CVE-2026-5426 ViewState exploitation
- Langflow CVE-2025-34291 exploitation
- Laravel-Lang Composer tag-rewrite compromise
- Linux Kernel CVE-2022-0492 cgroup release_agent exploitation
- Linux nftables CVE-2026-23111 public LPE exploits
- LiteLLM compromise
- LiteLLM CVE-2026-42271 MCP stdio command injection
- LiteSpeed cPanel CVE-2026-48172 exploitation
- Malware-Slop Claude user-data npm infostealer
- Marimo CVE-2026-39987 LLM-agent post-exploitation
- Megalodon GitHub Actions workflow backdooring
- Microsoft Defender CVE-2026-41091 / CVE-2026-45498 exploitation
- Mini Shai-Hulud npm/PyPI worm campaign
- MiniPlasma Windows Cloud Filter LPE exploitation
- Mirasvit Cache Warmer CVE-2026-45247 exploitation
- Mr_Rot13 cPanel CVE-2026-41940 backdoor campaign
- NATS-as-C2 KeyHunter credential-harvesting operation
- node-ipc 2026 npm maintainer-account compromise
- Nx Console VS Code extension compromise
- Okta support-system compromise
- Ollama P2P cryptominer RAT campaign
- Oman government Iranian-nexus webshell C2
- oob.moika.tech dependency-confusion environment stealer
- Operation DangerousPassword axios npm compromise
- Operation Dragon Weave Azure Blob C2 campaign
- Operation FlutterBridge FlutterShell macOS malvertising
- Operation GriefLure Southeast Asia LNK dropper
- Operation Highland Velvet Ant authentication-stack backdoors
- Operation XENOFISCAL SideCopy XenoRAT campaign
- Oracle PeopleSoft CVE-2026-35273 ShinyHunters exploitation
- Oracle WebLogic CVE-2024-21182 exploitation
- Outsider Enterprise smishing PhaaS
- PAN-OS GlobalProtect CVE-2026-0257 exploitation
- Pirated media SilentCryptoMiner RAT campaign
- Polymarket npm wallet-drainer packages
- PraisonAI CVE-2026-44338 rapid exploitation
- Quest KACE SMA CVE-2025-32975 exploitation
- SANDWORM_MODE AI-toolchain npm worm
- ScarCruft Yanbian game-platform supply-chain attack
- ServiceNow instance unauthenticated table-query exploitation
- SHADOW-AETHER AI-augmented Latin America intrusions
- shopsprint/decimal Go typosquat DNS backdoor
- Sicoob.Sdk NuGet banking certificate stealer
- SolarWinds Serv-U CVE-2026-28318 exploitation
- Splunk Enterprise CVE-2026-20253 pre-auth file write / RCE
- StegaBin Pastebin-steganography npm campaign
- Stock exchange executive mailbox espionage
- TamperedChef-style productivity malware clusters
- TeamPCP
- Telnyx PyPI TeamPCP compromise
- tj-actions and reviewdog compromise
- TrapDoor crypto-stealer cross-ecosystem campaign
- Trend Micro Apex One CVE-2026-34926 exploitation
- Trivy compromise
- Trivy → TeamPCP → CanisterWorm: compromise timeline
- UNK_DeadDrop developer repository phishing
- VerdantBamboo appliance BRICKSTORM operation
- vpmdhaj OpenSearch npm cloud-secret stealer
- WP Maps Pro CVE-2026-8732 exploitation
- Xinference PyPI compromise
- XZ Utils backdoor
OpFauxSign
ops
- 0ktapus phishing campaign
- 3CX desktop app compromise
- Ababil of Minab MOIS-linked recovery-destruction campaign
- Accellion FTA exploitation campaign
- actions-cool GitHub Actions tag compromise
- AI chatbot and SEO poisoning GPU-cryptojacking campaign
- Android Framework CVE-2025-48595 exploitation
- APT28 LNK SmartScreen bypass and CVE-2026-32202 coercion chain
- Arista EOS CVE-2026-7473 tunnel decapsulation exploitation
- art-template Coruna-style iOS watering-hole compromise
- Astro config blockchain C2 PR injection
- Atomic Arch AUR package hijack
- Barracuda ESG zero-day backdoor campaign
- binding.gyp npm CI/CD worm
- Bitwarden / Checkmarx Shai-Hulud Third Coming campaign
- BlackFile / UNC6671 vishing extortion operation
- BufferZoneCorp RubyGems / Go module CI poisoning
- CCleaner signed-update compromise
- Check Point VPN CVE-2026-50751 exploitation
- Chinese-language PhaaS wallet-tokenization ecosystem
- Chrome live-wallpaper extension ad-fraud network
- Chrome V8 CVE-2026-11645 exploitation
- CircleCI 2023 customer secret exposure incident
- Cisco Catalyst SD-WAN Manager CVE-2026-20245 exploitation
- CitrixBleed session-hijack wave
- Codecov Bash Uploader compromise
- codexui-android OpenAI token stealer
- ConnectWise ScreenConnect exploitation wave
- DAEMON Tools Lite supply-chain compromise
- Drupal Core CVE-2026-9082 exploitation
- Dutch Police / NCSC 17-million-device botnet disruption
- Everest Forms Pro CVE-2026-3300 exploitation
- Famous Chollima Packagist dev-branch loader
- faster-axios / turbo-axios Epsilon Stealer npm campaign
- FortiClient EMS CVE-2026-35616 EKZ Infostealer campaign
- Funnull RingH23 and MacCMS supply-chain attacks
- Gamaredon GammaPhish / GammaWorm / GammaSteel chain
- Ghost CMS CVE-2026-26980 ClickFix poisoning
- GitHub / Packagist postinstall hook campaign
- Glassworm developer supply-chain botnet
- Grandoreiro and BTMOB Latin America / Europe malware campaigns
- HackerBot Claw GitHub Actions exploitation campaign
- Hunt.io global smishing infrastructure campaign
- IronWorm npm Rust infostealer campaign
- Ivanti Sentry CVE-2026-10520 exploitation
- JDY SOHO / IoT reconnaissance botnet
- JINX-0164 crypto developer infrastructure campaign
- js-logger-pack Hugging Face exfiltration campaign
- Kali365 device-code phishing expansion
- KnowledgeDeliver CVE-2026-5426 ViewState exploitation
- Langflow CVE-2025-34291 exploitation
- Laravel-Lang Composer tag-rewrite compromise
- Linux Kernel CVE-2022-0492 cgroup release_agent exploitation
- Linux nftables CVE-2026-23111 public LPE exploits
- LiteLLM compromise
- LiteLLM CVE-2026-42271 MCP stdio command injection
- LiteSpeed cPanel CVE-2026-48172 exploitation
- Malware-Slop Claude user-data npm infostealer
- Marimo CVE-2026-39987 LLM-agent post-exploitation
- Megalodon GitHub Actions workflow backdooring
- Microsoft Defender CVE-2026-41091 / CVE-2026-45498 exploitation
- Mini Shai-Hulud npm/PyPI worm campaign
- MiniPlasma Windows Cloud Filter LPE exploitation
- Mirasvit Cache Warmer CVE-2026-45247 exploitation
- Mr_Rot13 cPanel CVE-2026-41940 backdoor campaign
- NATS-as-C2 KeyHunter credential-harvesting operation
- node-ipc 2026 npm maintainer-account compromise
- Nx Console VS Code extension compromise
- Okta support-system compromise
- Ollama P2P cryptominer RAT campaign
- Oman government Iranian-nexus webshell C2
- oob.moika.tech dependency-confusion environment stealer
- Operation DangerousPassword axios npm compromise
- Operation Dragon Weave Azure Blob C2 campaign
- Operation FlutterBridge FlutterShell macOS malvertising
- Operation GriefLure Southeast Asia LNK dropper
- Operation Highland Velvet Ant authentication-stack backdoors
- Operation XENOFISCAL SideCopy XenoRAT campaign
- Oracle PeopleSoft CVE-2026-35273 ShinyHunters exploitation
- Oracle WebLogic CVE-2024-21182 exploitation
- Outsider Enterprise smishing PhaaS
- PAN-OS GlobalProtect CVE-2026-0257 exploitation
- Pirated media SilentCryptoMiner RAT campaign
- Polymarket npm wallet-drainer packages
- PraisonAI CVE-2026-44338 rapid exploitation
- Quest KACE SMA CVE-2025-32975 exploitation
- SANDWORM_MODE AI-toolchain npm worm
- ScarCruft Yanbian game-platform supply-chain attack
- ServiceNow instance unauthenticated table-query exploitation
- SHADOW-AETHER AI-augmented Latin America intrusions
- shopsprint/decimal Go typosquat DNS backdoor
- Sicoob.Sdk NuGet banking certificate stealer
- Solana FakeFix npm / PyPI developer stealer
- SolarWinds Serv-U CVE-2026-28318 exploitation
- Splunk Enterprise CVE-2026-20253 pre-auth file write / RCE
- StegaBin Pastebin-steganography npm campaign
- Stock exchange executive mailbox espionage
- TamperedChef-style productivity malware clusters
- Telnyx PyPI TeamPCP compromise
- tj-actions and reviewdog compromise
- TrapDoor crypto-stealer cross-ecosystem campaign
- Trend Micro Apex One CVE-2026-34926 exploitation
- Trivy compromise
- Trivy → TeamPCP → CanisterWorm: compromise timeline
- UNC6692 SNOW malware social-engineering campaign
- UNK_DeadDrop developer repository phishing
- VerdantBamboo appliance BRICKSTORM operation
- vpmdhaj OpenSearch npm cloud-secret stealer
- WP Maps Pro CVE-2026-8732 exploitation
- Xinference PyPI compromise
- XZ Utils backdoor
opsec failure
Oracle PeopleSoft
Oracle WebLogic Server
OTP interception
Outlook
OX Security
OYSTERBLUES
OYSTERFRESH
OYSTERSHUCK
P2P
package registry
package-takeover
Packagist
- Famous Chollima Packagist dev-branch loader
- GitHub / Packagist postinstall hook campaign
- Laravel-Lang Composer tag-rewrite compromise
page poisoning
Pakistan-linked
Palo Alto Networks
PAM
PAN-OS
Pastebin
patch management
patterns
- Agent skill marketplace poisoning
- AI-augmented adversary operations
- AI-brand impersonation phishing and malvertising
- Browser-based developer IDE OAuth token theft
- Claude Code GitHub Action prompt-injection boundary
- Cloud logging control-plane tampering
- Crypto supply-chain path to transaction authority
- Developer-tool config auto-execution
- GitHub Actions deployment poisoning
- GitHub Actions OIDC subject-claim collisions
- LangGraph checkpointer injection and unsafe deserialization
- MCP stdio command-execution boundary
- Microsoft Teams external-chat phishing
- Sentry MCP Agentjacking
payment fraud
payment-card theft
payment-card-theft
payroll lures
pe_to_shellcode
PebbleDash
people
PeopleTools
persistence
- Bitwarden / Checkmarx Shai-Hulud Third Coming campaign
- CanisterWorm
- forge-jsxy
- Nx Console VS Code extension compromise
- Ollama P2P cryptominer RAT campaign
- Operation Highland Velvet Ant authentication-stack backdoors
- Pirated media SilentCryptoMiner RAT campaign
- ROADtools
- Showboat
- Stock exchange executive mailbox espionage
- TamperedChef-style productivity malware clusters
- TeamPCP
- TrapDoor crypto-stealer cross-ecosystem campaign
- Trivy compromise
- Trivy → TeamPCP → CanisterWorm: compromise timeline
- Velvet Ant
pfSense
PhaaS
Phantom Gyp
PhantomClick
PhantomMail
PhantomRelay
Philippines
phishing
- AI-brand impersonation phishing and malvertising
- Chinese-language PhaaS wallet-tokenization ecosystem
- Cloud Atlas
- Dutch Police / NCSC 17-million-device botnet disruption
- Ghostwriter
- Grandoreiro and BTMOB Latin America / Europe malware campaigns
- Hunt.io global smishing infrastructure campaign
- Kali365 device-code phishing expansion
- Outsider Enterprise smishing PhaaS
- TA4922
- UNK_DeadDrop developer repository phishing
phishing-as-a-service
PHP
PHP code injection
PHP object injection
PicassoLoader
pig-butchering
piracy
Piriform
PKGBUILD
PLENET
poisoned-branch
PolinRider
Polymarket
portmap
Portugal
post-exploitation
postal-impersonation
PostgreSQL
- Drupal Core CVE-2026-9082 exploitation
- Marimo CVE-2026-39987 LLM-agent post-exploitation
- Splunk Enterprise CVE-2026-20253 pre-auth file write / RCE
postinstall
- faster-axios / turbo-axios Epsilon Stealer npm campaign
- Malware-Slop Claude user-data npm infostealer
- oob.moika.tech dependency-confusion environment stealer
- Operation DangerousPassword axios npm compromise
- Polymarket npm wallet-drainer packages
PowerCloud
PowerShell
- Cloud Atlas
- FortiClient EMS CVE-2026-35616 EKZ Infostealer campaign
- Gamaredon
- Gamaredon GammaPhish / GammaWorm / GammaSteel chain
- GREYVIBE
- Oman government Iranian-nexus webshell C2
- Seedworm / MuddyWater
- UAC-0226 / SHADOW-EARTH-066
PowerShower
PPtP
PraisonAI
PRC
PRC-aligned
pre-authentication
Primitive Bear
PrincessClub
privacy
private-key theft
privilege escalation
- Android Framework CVE-2025-48595 exploitation
- Cisco Catalyst SD-WAN Manager CVE-2026-20245 exploitation
- Drupal Core CVE-2026-9082 exploitation
- Linux Kernel CVE-2022-0492 cgroup release_agent exploitation
- Linux nftables CVE-2026-23111 public LPE exploits
- LiteSpeed cPanel CVE-2026-48172 exploitation
- WP Maps Pro CVE-2026-8732 exploitation
process hollowing
- AI chatbot and SEO poisoning GPU-cryptojacking campaign
- Pirated media SilentCryptoMiner RAT campaign
process injection
professional services
prompt injection
prompt-injection
- AI-augmented adversary operations
- HackerBot Claw GitHub Actions exploitation campaign
- SANDWORM_MODE AI-toolchain npm worm
- TrapDoor crypto-stealer cross-ecosystem campaign
PROMPTFLUX
PROMPTSPY
protestware
proxy
- First VPN
- PCPJack cloud SMTP relay network
- Showboat
- TamperedChef-style productivity malware clusters
- Webworm
ProxyChains
PSEMHUB
psychological operations
public exploit
public file-transfer exfiltration
public sector
pull requests
PUP
pwn-request
PyPI
- binding.gyp npm CI/CD worm
- Glassworm developer supply-chain botnet
- LiteLLM compromise
- Mini Shai-Hulud npm/PyPI worm campaign
- Solana FakeFix npm / PyPI developer stealer
- Telnyx PyPI TeamPCP compromise
- TrapDoor crypto-stealer cross-ecosystem campaign
- Xinference PyPI compromise
Python
Python extension modules
Qilin
query injection
Quest KACE SMA
RaaS
RAM disk
ransomware
rapid exploitation
RAT
- DAEMON Tools Lite supply-chain compromise
- Famous Chollima Packagist dev-branch loader
- faster-axios / turbo-axios Epsilon Stealer npm campaign
- forge-jsxy
- Glassworm developer supply-chain botnet
- Grandoreiro and BTMOB Latin America / Europe malware campaigns
- GREYVIBE
- JINX-0164 crypto developer infrastructure campaign
- Ollama P2P cryptominer RAT campaign
- Operation DangerousPassword axios npm compromise
- Pirated media SilentCryptoMiner RAT campaign
- RemotePE
- Screening Serpens
- StegaBin Pastebin-steganography npm campaign
- TamperedChef-style productivity malware clusters
RC4
RCE
- LangGraph checkpointer injection and unsafe deserialization
- LiteLLM CVE-2026-42271 MCP stdio command injection
- MCP stdio command-execution boundary
- Splunk Enterprise CVE-2026-20253 pre-auth file write / RCE
Rclone
RCS
RDP
Reality
Reaper
reconnaissance
recovery denial
recruitment lures
Redis
Redis backdoor
RediSearch
refresh tokens
registry persistence
release tampering
remote access
Remote Access VPN
remote code execution
- Drupal Core CVE-2026-9082 exploitation
- Everest Forms Pro CVE-2026-3300 exploitation
- Ivanti Sentry CVE-2026-10520 exploitation
remote-access
RemotePE
RemotePELoader
repository poisoning
residential proxies
REST C2
ReverseSocks
reviewdog
RingH23
RMM
RMM abuse
ROADrecon
ROADtools
roadtx
RokRAT
RomulusLoader
root execution
rootkit
- Atomic Arch AUR package hijack
- Funnull RingH23 and MacCMS supply-chain attacks
- IronWorm npm Rust infostealer campaign
RSA
RubyGems
Runner.Worker
Russia
- APT29
- Cloud Atlas
- Dragonfly
- Gamaredon
- Gamaredon GammaPhish / GammaWorm / GammaSteel chain
- UAC-0226 / SHADOW-EARTH-066
Russia-linked cybercrime
Russia-nexus
Russian-speaking forums
Rust
- Atomic Arch AUR package hijack
- IronWorm npm Rust infostealer campaign
- Operation Dragon Weave Azure Blob C2 campaign
- TrapDoor crypto-stealer cross-ecosystem campaign
SaaS
- BlackFile / UNC6671 vishing extortion operation
- ServiceNow instance unauthenticated table-query exploitation
sabotage
Safari
Salesforce
ScarCruft
scheduled tasks
- Operation XENOFISCAL SideCopy XenoRAT campaign
- Stock exchange executive mailbox espionage
- The Gentlemen ransomware
ScreenConnect
script-injection
SD-WAN
secret exposure
secrets
- binding.gyp npm CI/CD worm
- CircleCI 2023 customer secret exposure incident
- Claude Code GitHub Action prompt-injection boundary
- Codecov Bash Uploader compromise
- GitHub Actions deployment poisoning
secrets management
security platform
Seedworm
segmented networks
self-hosted AI services
self-propagation
sendit.sh
Sentry
Sentry abuse
SEO poisoning
- AI chatbot and SEO poisoning GPU-cryptojacking campaign
- AI-brand impersonation phishing and malvertising
Serv-U
service accounts
ServiceNow
session hijacking
session theft
SHADOW-AETHER-040
SHADOW-AETHER-064
SHADOW-EARTH-066
ShadowPad
Shai-Hulud
- binding.gyp npm CI/CD worm
- Bitwarden / Checkmarx Shai-Hulud Third Coming campaign
- Developer-tool config auto-execution
- Mini Shai-Hulud npm/PyPI worm campaign
- SANDWORM_MODE AI-toolchain npm worm
share propagation
shared hosting
shared secrets
SharePoint
ShinyHunters
Shuckworm
SideCopy
signed malware
signed updates
signed-binary
Silent Ransom Group
SilentCryptoMiner
SilentRunLoader
simulation tampering
sleeper packages
Sliver
SLSA
SmartScreen
SMB
SMB egress
smishing
- 0ktapus phishing campaign
- Crypto supply-chain path to transaction authority
- Hunt.io global smishing infrastructure campaign
- Outsider Enterprise smishing PhaaS
sms-phishing
SMTP
social engineering
- AI-brand impersonation phishing and malvertising
- Chinese-language PhaaS wallet-tokenization ecosystem
- JINX-0164
- JINX-0164 crypto developer infrastructure campaign
- Microsoft Teams external-chat phishing
- Polymarket npm wallet-drainer packages
- Screening Serpens
- UNC3753
- UNC6692 SNOW malware social-engineering campaign
- Void Dokkaebi
social-engineering
Socket Security Research
SOCKS5
SOCKS5 tunneling
software impersonation
SOHO routers
Solana
SolarWinds
source-code compromise
source-package drift
source-package mismatch
source-repository poisoning
South Africa
South Asia
South Korea
Southeast Asia
spam
spear phishing
- Kimsuky / Emerald Sleet / TA427
- Operation XENOFISCAL SideCopy XenoRAT campaign
- SideCopy
- UAC-0226 / SHADOW-EARTH-066
spear-phishing
spearphishing
SPECTRALVIPER
Splunk
SQL injection
- Drupal Core CVE-2026-9082 exploitation
- Ghost CMS CVE-2026-26980 ClickFix poisoning
- LangGraph checkpointer injection and unsafe deserialization
SQLite
SSH
SSH bastion
SSH key persistence
SSH persistence
SSH tunnels
SSRF
state-linked
Static Kitten
stdio
stealer
stock exchange
storage deletion
Storm-2697
Storm-3075
STUN
Stuxnet lineage
subject claim
supply chain
supply chain compromise
supply-chain
- 3CX desktop app compromise
- actions-cool GitHub Actions tag compromise
- Agent skill marketplace poisoning
- AI-augmented adversary operations
- APT29
- art-template Coruna-style iOS watering-hole compromise
- Astro config blockchain C2 PR injection
- Atomic Arch AUR package hijack
- binding.gyp npm CI/CD worm
- Bitwarden / Checkmarx Shai-Hulud Third Coming campaign
- Browser-based developer IDE OAuth token theft
- BufferZoneCorp RubyGems / Go module CI poisoning
- CanisterWorm
- Claude Code GitHub Action prompt-injection boundary
- Codecov Bash Uploader compromise
- codexui-android OpenAI token stealer
- Crypto supply-chain path to transaction authority
- DAEMON Tools Lite supply-chain compromise
- Developer-tool config auto-execution
- Famous Chollima Packagist dev-branch loader
- faster-axios / turbo-axios Epsilon Stealer npm campaign
- forge-jsxy
- Funnull RingH23 and MacCMS supply-chain attacks
- GitHub / Packagist postinstall hook campaign
- GitHub Actions deployment poisoning
- GitHub Actions OIDC subject-claim collisions
- Glassworm developer supply-chain botnet
- HackerBot Claw
- HackerBot Claw GitHub Actions exploitation campaign
- IronWorm npm Rust infostealer campaign
- JiaT75
- JINX-0164
- JINX-0164 crypto developer infrastructure campaign
- js-logger-pack Hugging Face exfiltration campaign
- Laravel-Lang Composer tag-rewrite compromise
- LiteLLM compromise
- Malware-Slop Claude user-data npm infostealer
- MCP stdio command-execution boundary
- Megalodon GitHub Actions workflow backdooring
- Mini Shai-Hulud npm/PyPI worm campaign
- node-ipc 2026 npm maintainer-account compromise
- Nx Console VS Code extension compromise
- oob.moika.tech dependency-confusion environment stealer
- Operation DangerousPassword axios npm compromise
- Polymarket npm wallet-drainer packages
- SANDWORM_MODE AI-toolchain npm worm
- ScarCruft Yanbian game-platform supply-chain attack
- shopsprint/decimal Go typosquat DNS backdoor
- Sicoob.Sdk NuGet banking certificate stealer
- StegaBin Pastebin-steganography npm campaign
- TeamPCP
- Telnyx PyPI TeamPCP compromise
- tj-actions and reviewdog compromise
- TrapDoor crypto-stealer cross-ecosystem campaign
- Trivy compromise
- Trivy → TeamPCP → CanisterWorm: compromise timeline
- Void Dokkaebi
- vpmdhaj OpenSearch npm cloud-secret stealer
- Xinference PyPI compromise
- XZ Utils backdoor
Synology
SYSTEM
T3
TA427
tag rewrite
tag tampering
Taiwan
takedown
- Dutch Police / NCSC 17-million-device botnet disruption
- First VPN
- Glassworm developer supply-chain botnet
TamperedChef
targeted operations
TartarusGate
TeamPCP
- actions-cool GitHub Actions tag compromise
- AI-augmented adversary operations
- Bitwarden / Checkmarx Shai-Hulud Third Coming campaign
- Mini Shai-Hulud npm/PyPI worm campaign
- Nx Console VS Code extension compromise
- Telnyx PyPI TeamPCP compromise
- Trivy compromise
- Xinference PyPI compromise
TeamPCP-adjacent
TeamViewer
TEASOUP
telecom
telecom-impersonation
Telegram
- 0ktapus phishing campaign
- Chinese-language PhaaS wallet-tokenization ecosystem
- Gamaredon GammaPhish / GammaWorm / GammaSteel chain
- GREYVIBE
- UAC-0226 / SHADOW-EARTH-066
telegram
Telegram C2
telemetry
Telnyx
Temp Zagros
Tenet Security
The Gentlemen
threat hunting
tj-actions
token replay
token theft
token-theft
tool output injection
tooling
- CanisterWorm
- HackerBot Claw
- LiteLLM compromise
- TeamPCP
- Trivy → TeamPCP → CanisterWorm: compromise timeline
tools
Tor
Trading Technologies
traffic hijacking
traffic-fraud
transaction authority
transnational repression
Transparent Tribe
Trend Micro
- SHADOW-AETHER AI-augmented Latin America intrusions
- Trend Micro Apex One CVE-2026-34926 exploitation
TrendAI
TrickBot
Trident Ursa
trusted publishing
tunnel decapsulation
Twilio
typosquat
typosquatting
- faster-axios / turbo-axios Epsilon Stealer npm campaign
- Funnull RingH23 and MacCMS supply-chain attacks
- Hunt.io global smishing infrastructure campaign
- Microsoft Teams external-chat phishing
- SANDWORM_MODE AI-toolchain npm worm
- shopsprint/decimal Go typosquat DNS backdoor
- StegaBin Pastebin-steganography npm campaign
- vpmdhaj OpenSearch npm cloud-secret stealer
UAC
UAC-0010
UAC-0098
UAC-0226
Udev persistence
Ukraine
- APT28 LNK SmartScreen bypass and CVE-2026-32202 coercion chain
- Gamaredon
- Gamaredon GammaPhish / GammaWorm / GammaSteel chain
- Ghostwriter
- GREYVIBE
- Showboat
- UAC-0226 / SHADOW-EARTH-066
unauthenticated access
unauthenticated RCE
UNC2814
UNC3753
UNC4736
UNC6240
UNC6671
UNC6692
UNC6780
Unit 42
United States
unsafe deserialization
uranium compression
USB worm
UTA0355
uTLS
V8
ValleyRAT
VBCloud
VBScript
Velvet Ant
VELVETSHELL
vendor credentials
Vercel
Vidar Stealer
Vietnam
Vietnam-aligned
Views
ViewState deserialization
virtualization
vishing
VLESS
vManage
VMware
Volt Typhoon
VPN
- Check Point VPN CVE-2026-50751 exploitation
- First VPN
- PAN-OS GlobalProtect CVE-2026-0257 exploitation
VS Code
- Bitwarden / Checkmarx Shai-Hulud Third Coming campaign
- Browser-based developer IDE OAuth token theft
- Glassworm developer supply-chain botnet
- Nx Console VS Code extension compromise
- UNK_DeadDrop developer repository phishing
VS Code tunnels
VSIX
vSphere
vulnerability
- Android Framework CVE-2025-48595 exploitation
- Linux Kernel CVE-2022-0492 cgroup release_agent exploitation
- Linux nftables CVE-2026-23111 public LPE exploits
- Microsoft Defender CVE-2026-41091 / CVE-2026-45498 exploitation
- Mirasvit Cache Warmer CVE-2026-45247 exploitation
- Quest KACE SMA CVE-2025-32975 exploitation
- Trend Micro Apex One CVE-2026-34926 exploitation
vulnerability-research
VXLAN
w3wp.exe
wallet infrastructure
wallet replacement
wallet theft
wallet-drainer
wallet-theft
Wasabi
watchdog
watering-hole
web application
- Drupal Core CVE-2026-9082 exploitation
- Everest Forms Pro CVE-2026-3300 exploitation
- WP Maps Pro CVE-2026-8732 exploitation
web hosting
web IDE
web shell
- Everest Forms Pro CVE-2026-3300 exploitation
- KnowledgeDeliver CVE-2026-5426 ViewState exploitation
- Oman government Iranian-nexus webshell C2
web supply chain
web-shells
WebKit
WebLogic
WebRTC
webshell
WebSocket C2
WebView
Webworm
WHM
Windows
- 3CX desktop app compromise
- APT28 LNK SmartScreen bypass and CVE-2026-32202 coercion chain
- CCleaner signed-update compromise
- DAEMON Tools Lite supply-chain compromise
- faster-axios / turbo-axios Epsilon Stealer npm campaign
- js-logger-pack Hugging Face exfiltration campaign
- Microsoft Defender CVE-2026-41091 / CVE-2026-45498 exploitation
- MiniPlasma Windows Cloud Filter LPE exploitation
- Operation DangerousPassword axios npm compromise
- Pirated media SilentCryptoMiner RAT campaign
- ScarCruft Yanbian game-platform supply-chain attack
- TamperedChef-style productivity malware clusters
- The Gentlemen ransomware
Windows persistence
Winos4.0
WinRAR
wiper
wiper-adjacent
WireGuard
WordPress
workflow backdoor
worm
- binding.gyp npm CI/CD worm
- Bitwarden / Checkmarx Shai-Hulud Third Coming campaign
- CanisterWorm
- IronWorm npm Rust infostealer campaign
- Mini Shai-Hulud npm/PyPI worm campaign
- PCPJack cloud SMTP relay network
- SANDWORM_MODE AI-toolchain npm worm
- TeamPCP
- Trivy → TeamPCP → CanisterWorm: compromise timeline