Skip to content

Tag index

Generated from page-level ## Tags sections. Each tag below links to the pages that currently use it.

All tags

.NET

.NET malware

.pth

/accessv2

/dev/kvm

146.70.139.154

192.42.116.105

192.42.116.58

3CX

404 TDS

4sync

@marketfront

@tqm-mfe

<all_urls>

Ababil of Minab

abuse response

academic research

academic sector

Accellion

access brokers

account takeover

account-takeover

act_pedit

ACTINIUM

Active Directory

active exploitation

active probing

active-exploitation

ActiveX

actor

actors

ad blocker

ad fraud

Adaptix C2

ADB TCP/5555

Adblock for YouTube

Admin API key theft

administrator account creation

Adobe ColdFusion

Adobe Commerce

Adspect

Adversa AI

adversary-in-the-middle

adware

adware history

AES-128-CBC

AES-256-GCM

AES-GCM

AES-GCM C2

affiliate hijacking

Afghanistan

agent frameworks

agent memory

agent skills

agent state

agentic AI

agentic browsers

agentic malware

agentic ransomware

agentic threat actor

Agentjacking

AGENTPSD

AI

AI agent

AI agents

AI anti-analysis

AI application infrastructure

AI assistant credentials

AI assistants

AI brand impersonation

AI browsers

AI chatbot abuse

AI credential theft

AI data exfiltration

AI framework

AI gateway

AI search poisoning

AI security

AI tooling

AI vulnerability discovery

ai-abuse

ai-agent

AI-assisted malware

AI-assisted vulnerability discovery

AI-augmented operations

AI-generated malware

AI-generated narrator

Aider

AiTM

Albania

Amadey

Amazon Q Developer

AMSI bypass

Android

Android ADB

Android Debug Bridge

Android spyware

anti-analysis

anti-forensics

Anubis ransomware

Apex One

API abuse

API exposure

API key exposure

API keys

API-driven payloads

apintergrationpost

App-Bound Encryption bypass

AppDomainManager

AppDomainManager injection

AppleJeus

AppleScript

AppleSeed

appliance

application delivery controller

APSB26-68

APT

APT27

APT28

APT29

APT32

APT36

APT37

APT43

APT45

Aptos

Aquatic Panda

AquilaRAT

arbitrary file read

arbitrary file write

arbitrary JavaScript

Arch Linux

Arctic Wolf

ArduPilot

Argo CD

ArgoCD

Arista EOS

Armageddon

Armored Likho

Artifact Signing

AryStinger

AS32167

Asia targeting

ASNs

ASP.NET

ASP.NET machineKey

ASPX web shells

Astro

ASUS router

AsyncRAT

Atlas RAT

AUDIOFIX

audit logging

AUR

authenticated RCE

authentication bypass

authentication laundering

authentication stack

authentication-coercion

auto-execution

AUTODYN

AutoGen Studio

AutoHotKey

AutoJack

autonomous agents

Avalon

AWS

AWS CloudTrail

AWS S3

AWS Secrets Manager

axios

Azure

Azure CLI

Azure Storage

Backblaze

backdoor

Backdoor.Mistic

Backstage

backup disruption

backup recovery keys

backup targeting

backups

Bad Epoll

BadBlocker

Badbox 2.0

Banana RAT

banking

banking malware

banking trojan

Barracuda

BaseZipInstaller

Bash Uploader

batch loader

BeaverTail

Bedrock

behavioral integrity verification

Belarus

BELQI

BeyondTrust

binary execution

BinaryFormatter

binding.gyp

BIOPASS RAT

BioShocking

BirdCall

Bitbucket

Bitcoin

Bitwarden

BlackFile

Blackpoint Cyber

blockchain C2

blockchain dead drop

blockchain RPC

blockchain-dead-drop

Blogger abuse

blogspot staging

BLUEBEAM

botnet

branch-compromise

branch-name-injection

brand impersonation

brand-impersonation

Brazil

Brazilian banking malware

BreachForums

BRICKSTORM

Broadcom

browser automation

browser credential theft

browser extension

browser hijacking

browser session abuse

browser session risk

browser zero-day

browser-credential-theft

browser-extensions

browser-security

browser-session risk

brute-force credentials

BSC

BTMOB

bucket hijacking

bucket squatting

build-time compromise

bulletproof hosting

Bun

Bun runtime abuse

BusySnake Stealer

Bybit

BYOVD

C

C++/CLI

C2

C2 framework

C2 tasking

CageFS

Calendly abuse

campaign

Canada

CANFAIL

CAP_NET_ADMIN

Casbaneiro

Catalyst SD-WAN Manager

Cav3rn

Cavern

Cavern Manticore

CCleaner

CDN

CERT-In

CERT/CC

certificate pinning

certificate theft

CFIDE

ChatGPT

chattr

Chatty Spider

CHAVECLOAK

Check Point

Check Point Research

Checkmarx

checkpointers

China

China-linked

China-nexus

China-speaking ecosystem

Chinese-language cybercrime

Chinese-language fraud ecosystem

Chinese-speaking

Chinese-speaking operator

Chisel

ChocoPoC

Chrome

Chrome extension

Chrome renderer sandbox

Chrome Web Store

chrome_settings_overrides

ChromElevator

Chromium

Chromium extension

CI-CD

CI/CD

CircleCI

CISA

CISA KEV

Cisco

Cisco Nexus

Cisco Unified CM

Cisco Unified Communications Manager

Citrine Sleet

Citrix

Citrix NetScaler

CitrixBleed

CitrixBleed 2

CKEditor file manager

CL-CRI-1089

CL-STA-1062

Claude

Claude Code

Clever Cloud

ClickFix

ClickOnce

client-side exploitation

Cline

clipboard hijacker

clipboard injection

clipboard stealer

clipboard theft

clipper

Cloaked Ursa

cloaking

cloud

cloud C2

cloud credential hunting

cloud credential risk

cloud credential theft

cloud credentials

Cloud Files Mini Filter Driver

Cloud Filter driver

cloud IAM

cloud identity

cloud identity abuse

cloud infrastructure

cloud logging

cloud secrets

cloud security

cloud service abuse

cloud storage

cloud storage exfiltration

cloud transcoding

Cloudflare

Cloudflare Tunnel

Cloudflare tunnels

Cloudflare Turnstile

Cloudflare Workers

cloudflared

CloudLinux

cluster compromise

CMS

Cobalt Strike

code execution

code sandbox scraping

code signing

Codecov

CodeQL

Codex

coding agents

Coinbase

ColdFusion

collaboration platforms

collaboration-tool phishing

COM-hijacking

command and control

command execution

command injection

command-execution

command-injection

commercial messaging applications

communications infrastructure

Composer

compromised accounts

compromised credentials

compromised infrastructure

compromised WordPress

Conditional Access

configuration theft

confused deputy

ConfuserEx

ConnectWise

ConnectWise ScreenConnect

consumer devices

consumer IoT

Contagious Interview

container

container escape

container escape pre-check

content compliance rules

context flooding

Continue

continuous visibility

control panel compromise

control plane

Copilot

Copy-on-Write

Coruna

COW

CPaaS

cPanel

CrackMapExec

Crates.io

credential attacks

credential exposure

credential harvesting

credential spraying

credential stuffing

credential theft

credential-theft

criminal infrastructure

critical infrastructure

critical-infrastructure

CRM data theft

cron

cron persistence

cross-platform

cross-platform malware

CrownX

crypto

crypto clipper

crypto wallets

crypto-wallets

cryptocurrency

cryptocurrency scam

cryptocurrency theft

cryptocurrency wallet theft

cryptocurrency wallets

cryptojacking

cryptominer

cryptomining

Curious Serpens

Cursor

Curve25519

custody APIs

CVE-2013-3307

CVE-2016-5681

CVE-2020-17103

CVE-2021-29441

CVE-2022-0492

CVE-2023-24932

CVE-2023-2868

CVE-2023-4966

CVE-2024-1708

CVE-2024-1709

CVE-2024-20399

CVE-2024-21182

CVE-2024-3094

CVE-2024-42009

CVE-2025-11371

CVE-2025-11837

CVE-2025-3248

CVE-2025-32975

CVE-2025-34291

CVE-2025-48595

CVE-2025-49113

CVE-2025-49704

CVE-2025-49706

CVE-2025-5777

CVE-2025-67038

CVE-2025-8088

CVE-2026-0257

CVE-2026-10520

CVE-2026-10523

CVE-2026-11405

CVE-2026-11645

CVE-2026-12569

CVE-2026-12957

CVE-2026-12958

CVE-2026-20127

CVE-2026-20182

CVE-2026-20230

CVE-2026-20245

CVE-2026-20253

CVE-2026-20262

CVE-2026-20896

CVE-2026-23111

CVE-2026-26980

CVE-2026-28318

CVE-2026-3300

CVE-2026-33017

CVE-2026-33691

CVE-2026-34908

CVE-2026-34909

CVE-2026-34910

CVE-2026-34926

CVE-2026-35273

CVE-2026-35616

CVE-2026-39987

CVE-2026-40138

CVE-2026-40139

CVE-2026-40140

CVE-2026-40141

CVE-2026-4020

CVE-2026-41091

CVE-2026-41940

CVE-2026-42271

CVE-2026-43074

CVE-2026-43284

CVE-2026-43500

CVE-2026-43503

CVE-2026-44338

CVE-2026-45247

CVE-2026-45498

CVE-2026-45659

CVE-2026-46242

CVE-2026-46300

CVE-2026-46331

CVE-2026-46817

CVE-2026-48172

CVE-2026-48276

CVE-2026-48277

CVE-2026-48281

CVE-2026-48282

CVE-2026-48283

CVE-2026-48285

CVE-2026-48307

CVE-2026-48313

CVE-2026-48314

CVE-2026-48315

CVE-2026-48316

CVE-2026-48558

CVE-2026-48907

CVE-2026-50751

CVE-2026-50752

CVE-2026-53359

CVE-2026-5426

CVE-2026-54420

CVE-2026-6682

CVE-2026-6683

CVE-2026-6684

CVE-2026-6685

CVE-2026-6686

CVE-2026-6687

CVE-2026-6688

CVE-2026-7473

CVE-2026-8037

CVE-2026-8451

CVE-2026-8461

CVE-2026-8732

CVE-2026-9082

CWE-502

CWE-77

CWE-78

cyber-espionage

cybercrime

cybercrime ecosystem

Cython

Czech Republic

dangling resources

data exfiltration

data exposure

data extortion

data leak site

data theft

data-exfiltration

database extortion

DAYLIGHT

DCloud

DCloud Uni-App

DcRAT

DDNS

DDoS

DDoS-for-hire

dead drop resolver

Debian

DEBULL

declarativeNetRequest

DeepSeek

Defender Advanced Hunting

Defender evasion

Defender exclusion

defense

defense evasion

defense targeting

defense-evasion

DeFi

delayed execution

denial of service

Deno

dependency confusion

deployment_status

deserialization

destructive malware

destructive operations

detection engineering

DEV-0206

developer credential theft

developer credentials

developer endpoints

developer machines

developer mode

developer targeting

developer tooling

developer workstations

developer-machine-fleet

developer-targeting

developer-tools

developer-workstations

device registration

device-code phishing

DevOps

DevTools

DEWMODE

DIAMONDBACK

Digital Knowledge

digital wallets

DigitalOcean

Dindoor

diplomatic targeting

DirtyClone

DirtyFrag

Discord

discovery

Djinn Stealer

DLL side-loading

DLL sideloading

DNS C2

DNS threat intelligence

DNS tunneling

Docker

Docker credentials

Docker images

document exfiltration

document theft

domain squatting

domestic espionage

DotNetNuke

double extortion

downgrade risk

DPAPI

DPAPILoader

DPRK

driver loading

Dropbear

Dropbox

dropper

Drupal

duckdns

Dutch Police

DWAgent

dynamic DNS

dynamic obfuscation

Dynu

e-commerce

Eagle Werewolf

Earth Lusca

eBPF

Eclipse

edge appliance

edge appliances

edge application server

edge device

edge devices

edge exploitation

edge service

editor profile import

EDR evasion

EDR killer

EDS5000

education

Egnyte

EKZ Infostealer

Elasticsearch

electric power sector

email

email exfiltration

email gateway

email infrastructure abuse

email theft

embedded systems

Emerald Sleet

encrypted C2

endpoint management

endpoint management abuse

endpoint response

endpoint-detection

endpoint-security

EndpointDlp.dll

energy sector

energy-sector

engineering

engineering software

enterprise application

enterprise application exploitation

enterprise applications

Entra ID

Environment Management Hub

environment variables

environmental keying

epoll

Epsilon Stealer

ERP

eSentire TRU

ESG

espionage

Espressif ESP-IDF

EtherHiding

ETW patching

ETW tampering

Eurojust

Europe

Europe targeting

Europol

evasion

eventpoll

Everest Forms Pro

Evil Corp

EvilAI

exFAT

exfiltration

exploit-development

exploit-kit

Exploit.in

exploitation

exploitation attempts

extension supply-chain

external federation

extortion

F5 BIG-IP

fake CAPTCHA

fake crypto exchange

fake dating lures

fake gambling

fake login screen

fake plugin

fake PoC

fake recruiting

fake reputation

fake update

FakeCaptcha

Fakeset

faketivism

FakeUpdates

FallSpy

FAMOUS CHOLLIMA

Famous Chollima

Fancy Bear

Fast16

FastAPI

FastCGI

FAT32

FatFs

FBI

FFmpeg

FIFA

file encryption

file exfiltration

File Transmission

file upload path traversal

file-system filter

FileFiend

FILEIO

fileless execution

fileless malware

filemanager

filename-injection

filesystem parser

finance

financial fraud

financial sector

financial services

financial theft

FireAnt MetaKit

Firefox Add-ons

firewall

firmware

firmware update

FishMonger

FlexPLM

Flutter

FlutterShell

folderOpen

foreign affairs targeting

foreign policy targeting

Forest Blizzard

FortiClient EMS

FortiGate

Fortinet

FortiOS

Fox Tempest

fraud

FreeBSD

freeware impersonation

FSB

FSB Center 16

fscan

FTA

ftp.exe

Full Disk Access social engineering

Funnull

Gamaredon

Gamaredon collaboration

GammaLoad

GammaPhish

GammaSteel

GammaWorm

Garble

GCS

GentleKiller

Ghost CMS

Ghost Networks

GHSA-6rmh-7xcm-cpxj

GHSA-6v3r-4p5c-mrp5

GHSA-xhcr-j4j9-3gh7

GIFTEDCROOK

Gitea

GitHub

GitHub abuse

GitHub Actions

GitHub API

GitHub App

GitHub CLI

GitHub issue spam

GitHub OAuth

GitHub Pages abuse

GitHub payload delivery

GitHub Security Advisories

GitHub tokens

GitLab

gitleaks

GitOps

Gleaming Pisces

gleeze.com

GlobalProtect

Gmail

Go

Go modules

Go2Tunnel

Godzilla

GoEdge

GoFile

Golang malware

GOLD PRELUDE

Google Analytics telemetry

Google API

Google Chrome

Google Cloud

Google Cloud Logging

Google Cloud Storage

Google credential theft

Google Drive

Google Notes

Google Play

Google Play Protect

Google redirect abuse

Google Stitch

Google Threat Intelligence Group

Goose

government

government targeting

government-impersonation

GPT

Grandoreiro

GraphSpy

Gravity SMTP

GRE

GREYVIBE

group

groups

gRPC

gs-netcat

GS-Netcat

GTIG

GUE

guest-to-host escape

Guildma

hack-and-leak

hacktivist persona

Hades

Hajime

hallucination

HappyDoor

HAR files

hard-coded secrets

HashiCorp Vault

HavocKiller

headless browser

healthcare

HelloDoor

HellsGate

Helm

Hermes Agent

HexKiller

hidden backdoor

hidden service

high explosives

higher education

Honduras

HONESTCUE

hospitality targeting

Host Radar

hosting control plane

hosting provider

hosting providers

hotel targeting

HR lures

HTA

HTML smuggling

HTTP C2

HttpMalice

HTTPSpy

Hugging Face

Hunt.io

Huntress

hydropower

Hydropower Cooperation Project Proposal.zip

hypervisor escape

Hyunwoo Kim

I-SOON

ICE

ICONICSTEALER

ICS

IDE extension

IDE plugins

ide.cfm

identity

identity attacks

identity security

IDEs

IFEO persistence

IIOP

IIS

IKEv1

iMessage

Impacket

impersonation

import-time execution

improper privilege management

in-memory DLL loading

incident response

incident-response

India

Indian government

indirect prompt injection

industrial control

industrial control systems

INFINITERED

Infoblox Threat Intel

information disclosure

infostealer

infrastructure

infrastructure disruption

initial access broker

initial-access

input capture

install-time execution

install-time-execution

install.res.1033.dll

Integration Broker

Intercolo

internet-facing admin surface

internet-facing appliance

internet-facing applications

investment scam

InvisibleFerret

iOS

IoT

IoT botnet

IP-in-IP

IPsec

IPv6

Iran

Iran-nexus

Island Security Research

ISO image

Israel

IT providers

Italian foreign-policy targeting

Italy targeting

Ivanti Sentry

JADEPUFFER

Jamf Threat Labs

Januscape

Japan

Java malware

JavaScript

JavaScript bridge

JavaScript injection

JavaScript loader

JavaScript malware

JavaScript masquerading

JavaScript tampering

JCE

JDY

Jellyfin

JetBrains

JetBrains Marketplace

JetStream

JFrog

JFrog Security Research

JINX-0164

joblib

Joomla

Joomla Content Editor

journalists

JSCoreRunner

JSON:API

JSONKeeper

JSONPing

JSP web shell

JuicyPotato

JXA downloader

K1MORPHER

Kairos

Kaspersky

Kaspersky Securelist

Kazakhstan

KAZUAR

KAZUAR overlap

Keitaro

Kemp LoadMaster

kernel driver

kernelCTF

KEV

keychain theft

KeyHunter

keylogger

keylogging

Kimsuky

Klue

KnowledgeDeliver

KongTuke

KORKERDS

Kubernetes

KV-botnet

KVM

KVM escape

kvmCTF

L2TP/IPSec

LA Metro

LangChain

Langflow

LangFlow

LangGraph

Language Servers for AWS

Lantronix

Laravel

lateral movement

lateral-movement

Latin America

LaunchAgent

launchctl

law enforcement

law-enforcement-disruption

LayerX

Lazarus

LD_PRELOAD

LDAP

leaked credentials

least privilege

legacy botnet hijacking

legacy infrastructure

legacy software

LegionRelay

Leo Platform

LevelBlue

liblzma

libp2p

libpeconv

lifecycle hooks

lifecycle-hooks

Lightning Shared Scooter Co.

LinkedIn

Linksys

Linux

Linux kernel

Linux malware

LiteLLM

LiteSpeed

living off the land

living-off-the-land

living-off-the-land binaries

LLM

LLM security

LLM-driven intrusion

LLMjacking

LMS

LNK

LNK files

load balancer

loader

local LLMs

local privilege escalation

local-file-inclusion

localhost

log poisoning

logging

login item persistence

LOLBins

long-lived tokens

long-term access

LONGSTREAM

LOOKVALJS

LOOKVALPS

loopback

Loophole

low-confidence attribution

LPE

LS-DYNA

LSASS

LSHIY

LSSC

Lua

Lumen

Lumen Black Lotus Labs

Luna Moth

Lyceum

MaaS

MacCMS

Maccy impersonation

machine-learning

macOS

macOS malware

Magento

MagicYUV

mail server compromise

mailbox theft

MAIN world injection

maintainer compromise

maintainer persona

maintainer-compromise

malicious GPO

malicious releases

malvertising

malware

malware analysis

malware delivery

malware framework

Malware-as-a-Service

malware-as-a-service

malware-signing-as-a-service

MALXMR

managed file transfer

managed service provider

ManageEngine Endpoint Central

management plane

Manifest V3

manufacturing

Mapbox

marimo

MARKETMAKER

marketplace abuse

marketplace trust

Maven Central

mawesome

Mbed

McAfee Labs

MCP

media processing

medical research

Mekotio

memfd

memory corruption

memory disclosure

memory overread

memory poisoning

memory-only malware

MeshAgent

MeshCentral

MEV bot lure

Mexico

MFA bypass

MFA fatigue

MFA-bypass

Miasma

MicroPython

Microsoft

Microsoft .NET

Microsoft 365

Microsoft 365 Copilot

Microsoft Authentication Broker

Microsoft Defender

Microsoft Defender Security Research

Microsoft dev tunnels

Microsoft Digital Crimes Unit

Microsoft Edge

Microsoft Edge Add-ons

Microsoft Edge Extensions Security Team

Microsoft Entra ID

Microsoft Graph

Microsoft Identity Platform

Microsoft Office SharePoint

Microsoft Security Blog

Microsoft SQL Server

Microsoft Teams

Microsoft-signed binary abuse

Middle East

middleware

Midnight Blizzard

military research

Mimikatz

Minecraft DDoS

Mini Shai-Hulud

MiniJunk

MiniPlasma

MINIRAT

MINIRECON

Ministry of Finance

MiniUpdate

Mirai

Mirai-derived botnet

Mistic

MITRE ATT&CK T1005

MITRE ATT&CK T1562

MLTBackdoor

mobile

Mobile Access

mobile device management

mobile devices

mobile malware

MobileIron Sentry

Model Context Protocol

model poisoning

model-provider abuse

ModeloRAT

module-proxy

MOIS

Monero

Mozi

MpExtMs.exe

MPR network provider

Mr_Rot13

MSBuild

msgpack

mshta

MSI

MSP

MSSQL

mTLS

MuddyWater

multi-tenant cloud

Mustang Panda

Mustard Tempest

mutable tags

MYRA

MySQL

Mythos

Nacos

named pipes

namespace recycling

namespace squatting

NAS targeting

nation-state

native addon

native extension

NativeAOT

NATS

NCSC-NL

Nebo

negotiation

Neo-reGeorg

nested virtualization

Netherlands

NetNut

NetScaler

NetScaler ADC

NetScaler Gateway

network infrastructure

network policies

Nextcloud

nf_tables

nftables

Nginx

Nginx module

no attribution

No-IP

node-gyp

node-ipc

node-pty

Node.js

Node.js implant

Node.js malware

North Korea

notarized malware

npm

npm lifecycle hook

npm tokens

npx

NSecKrnl.sys

NTDS.dit

NTFS ADS

NTLM

nuclear weapons

NuGet

Nuitka

NVGRE

OAuth

OAuth abuse

OAuth token abuse

OAuth token exposure

OAuth tokens

OBF networks

obfuscation

obfuscator.io

OFAC

Offshore LC

OIDC

OilRig

Okta

OKX

Ollama

Oman

Omnibox

OneDrive

OneDrive access

Open Interpreter

OpenAI

OpenAI Codex

opencode

OpenConnect

OpenHands

OpenSearch

OpenSSH

OpenVPN

OpenVPN-shaped UDP

OpenVSX

operation

Operation DangerousPassword

Operation Endgame

Operation Highland

operational relay box

operational resilience

operations

OpFauxSign

ops

opsec failure

Oracle

Oracle E-Business Suite

Oracle Payments

Oracle PeopleSoft

Oracle WebLogic Server

OT

OTA update

OTP interception

Outlook

OX Security

OxideHarvest

OYSTERBLUES

OYSTERFRESH

OYSTERSHUCK

P2P

package masquerading

package registry

package registry credentials

package scanning

package-cooldowns

package-manager-hardening

package-splitting

package-takeover

Packagist

page cache

page poisoning

Pakistan

Pakistan-linked

Palo Alto Networks

PAM

PAM credential validation

PamStealer

PAN-OS

parallel-intrusion

password spray

password spraying

Pastebin

patch management

path traversal

patterns

payload loader

payload staging

payload-as-a-service

payment fraud

payment workflow exposure

payment-card theft

payment-card-theft

payroll lures

pe_to_shellcode

PebbleDash

pedit

pentesting

people

PeopleTools

PerfWatson2.exe

Perplexity AI

persistence

pfSense

PhaaS

Phantom Gyp

PhantomClick

PhantomMail

PhantomRelay

Philippines

phishing

phishing-as-a-service

PHP

PHP code injection

PHP object injection

PHP upload

physics

PicassoLoader

pickle

pig butchering

pig-butchering

piracy

Piriform

Pix

PixelSmash

PKGBUILD

plaintext HTTP

Plandex

PLENET

plugin architecture

poisoned-branch

PolinRider

polyfill

Polymarket

polymorphic loader

polymorphic payloads

Popa

portmap

Portugal

post-authentication RCE

post-exploitation

post-exploitation framework

postal-impersonation

PostCSS

PostgreSQL

postinstall

PowerCloud

PowerShell

PowerShell malware

PowerShower

PPtP

PRA

PraisonAI

PRC

PRC-aligned

PRC-nexus

pre-auth RCE

pre-authentication

preinstall

Primitive Bear

PrincessClub

privacy

privacy exposure

private registry fallback

private-key theft

privilege escalation

Privileged Remote Access

process doppelgänging

process environment scraping

process hollowing

process injection

product lifecycle management

professional services

profile.d

Progress Kemp LoadMaster

Project Proposal.exe

prompt injection

prompt-injection

PROMPTFLUX

PROMPTSPY

proof of deletion

Proofpoint

protestware

Protobuf

provenance

proxy

proxy network

ProxyChains

PSEMHUB

PsExec

PSIGW

psychological operations

PTC

PteroBox

PteroPaste

PteroPSDoor

PteroSetup

PteroVDoor

public exploit

public file-transfer exfiltration

public sector

pull requests

PUP

PureLogs Stealer

pwn-request

PyArmor

PyPI

Python

Python extension modules

Python malware

Python stealer

QiAnXin XLab

Qilin

QNAP

QR code interception

query injection

Quest KACE SMA

QuimaRAT

RaaS

race condition

RainbowEx

RakNet flood

RAM disk

Ransom-ISAC

ransomware

ransomware access

ransomware enablement

ransomware-access

rapid exploitation

RAR archives

RAR staging

RAT

RC4

RC4 C2

RCE

Rclone

rclone

RCS

RDP

RDP phishing

RDS

Reality

Reaper

reconnaissance

recovery denial

recovery disruption

recruitment lures

Red Dev 10

Red Hat

REDCap

Redis

Redis backdoor

RediSearch

reflective .NET loading

refresh token theft

refresh tokens

RegAsm process hollowing

registry persistence

registry-controls

release automation

release tampering

remote access

Remote Access VPN

remote code execution

remote debugging

remote monitoring and management

remote script injection

Remote Support

remote support

remote-access

Remotely

RemotePE

RemotePELoader

removable media

Rentry

replication

repo-server

repository poisoning

residential proxies

residential proxy

REST C2

restart-triggered execution

reverse proxy

reverse SSH tunneling

REVERSE_PROXY_TRUSTED_PROXIES

ReverseSocks

reviewdog

RingH23

RMM

RMM abuse

ROADrecon

ROADtools

roadtx

RokRAT

Rollup

RomulusLoader

Roo-Code

root

root escalation

root execution

rootkit

ROPC

Rouki obfuscation

Roundcube

router

router malware

RSA

RSA-2048

RT-Thread

RTL819X

RubyGems

rundll32

Runner.Worker

runtime execution

runtime mutation

runZero

Russia

Russia-linked

Russia-linked cybercrime

Russia-nexus

Russian Intelligence Services

Russian-speaking forums

Rust

Rust malware

S3 Browser

S3-compatible storage

s5cmd

SaaS

SaaS exposure

sabotage

Safari

SafeDep

Salesforce

SAML IdP

Samsung TizenRT

sandboxing

scam infrastructure

scambling

scanner evasion

ScarCruft

scheduled task

scheduled task persistence

scheduled tasks

scope squatting

screen capture

ScreenConnect

screenshot theft

script-injection

SD-WAN

search hijacking

search result poisoning

Secret Blizzard

secret exposure

secrets

secrets management

Secure Preferences

security platform

seed phrase theft

Seedworm

segmented networks

Sekoia

self-delete

self-hosted AI services

self-hosted media

self-propagation

semantic-release

sendit.sh

sensitive information exposure

Sentinel

Sentry

Sentry abuse

SEO poisoning

Serv-U

service accounts

service-agent

ServiceNow

session hijacking

session secret exposure

session theft

session token theft

shadow copy deletion

shadow MMU

SHADOW-AETHER-040

SHADOW-AETHER-064

SHADOW-EARTH-066

SHADOW-WATER-063

ShadowPad

Shai-Hulud

SHARDLOADER

share propagation

shared hosting

shared secrets

SharePoint

SharePoint Server

SharkLoader

shell injection

ShinyHunters

Shuckworm

SideCopy

Signal

Signal interception

signed malware

signed updates

signed-binary

Silent Ransom Group

Silent Swap

SilentCryptoMiner

SilentRunLoader

SiliconFlow

SimpleHelp

simulation tampering

Site Member permissions

skb

SkillCloak

SkillDetonate

sleeper packages

Sliver

SLSA

smart TVs

SmartScreen

SMB

SMB brute force

SMB egress

smishing

sms-phishing

SMTP

Snake

SNOWLIGHT

SocGholish

social engineering

social-engineering

Socket

Socket Security Research

Socket.IO

SOCKS tunneling

SOCKS5

SOCKS5 tunneling

SoftEther VPN

software impersonation

software supply chain

software-deployment

SOHO router

SOHO routers

Solana

SolarWinds

Solid PDF Creator

SolidPDFCreator.dll

SolidPDFPcl2Bmp

Sophos

source control

source-code compromise

source-package drift

source-package mismatch

source-repository poisoning

SourceForge abuse

South Africa

South Asia

South Korea

Southeast Asia

spam

spear phishing

spear-phishing

spearphishing

SPECTRALVIPER

Sphinx ransomware

SpiderLabs

Splunk

SprySOCKS

SQL injection

SQLite

SquareShell

SSH

SSH bastion

SSH brute force

SSH key exposure

SSH key persistence

SSH keys

SSH lateral movement

SSH persistence

SSH tunnels

SSL VPN

SSRF

staged malicious update

stale access

stale credentials

Startup folder persistence

state-linked

state-owned enterprise

Static Kitten

stdio

StealC

stealer

steganography

StegoAd

STM32Cube

stock exchange

STOCKSTAY

storage deletion

Storm-2603

Storm-2697

Storm-3075

STRD

streaming boxes

STUN

Stuxnet lineage

subject claim

SUMMIT

Supabase

supply chain

supply chain compromise

supply-chain

suspected China-aligned

SWE-agent

SWUpdate

Symantec Threat Hunter Team

Synacktiv

Synology

Sysdig

SYSTEM

systemd-userdbd

T1204.004

T3

TA427

TA569

Tactical RMM

tag rewrite

tag tampering

TAG-124

TAG-22

Taiwan

takedown

TamperedChef

targeted operations

TartarusGate

TaskWeaver

tax-season phishing

tc

TCP traffic diversion

TDS

TeamPCP

TeamPCP-adjacent

Teams access

TeamViewer

TEASOUP

Tebi

technician session

telecom

telecom-impersonation

telecommunications

Telegra.ph

Telegram

telegram

Telegram C2

Telegram exfiltration

telemetry

Teletype

Telnet brute force

Telnyx

Temp Zagros

tenant-project

Tenda

Tenet Security

Tetrade

Thailand

The Gentlemen

The Hacker News

third-party integrations

threat hunting

ThrottleBlood

thumbnail generation

TinyGo

TinyRCT

tj-actions

ToddyCat

token forgery

token replay

token theft

token-theft

TONESHELL

tool

tool output injection

tool poisoning

tool use

tooling

tools

Tor

Total Software Deployment

Trading Technologies

traffic control

traffic hijacking

traffic-distribution-system

traffic-fraud

transaction authority

transnational repression

Transparent Tribe

Trend Micro

TrendAI

TrickBot

Trident Ursa

Tron

trusted publishing

tunnel decapsulation

tunnel services

Turla

Turla collaboration

Twilio

TypeScript

typosquat

typosquatting

UAC

UAC bypass

UAC-0010

UAC-0098

UAC-0194

UAC-0226

UAT-7237

Ubiquiti

Ubuntu

Udev persistence

UDP C2

Ukraine

Ukraine targeting

UltraVNC

Umbrij

unauthenticated access

unauthenticated HTTP exploitation

unauthenticated RCE

UNC1543

UNC2814

UNC3753

UNC4221

UNC4736

UNC5792

UNC6240

UNC6508

UNC6671

UNC6692

UNC6780

Uni-App

UniFi OS

Unified CM SME

uninitialized heap memory

Unit 42

United States

university targeting

UNK_MassTraction

unpatched vulnerability

unsafe deserialization

unsigned installer

uranium compression

USB propagation

USB weaponizer

USB worm

use-after-free

user execution

user namespaces

UTA0355

uTLS

V4bel

V8

valid accounts

ValleyRAT

VBCloud

VBE

VBS

VBScript

VEIL#DROP

Velociraptor

Velvet Ant

VELVETSHELL

vendor compromise

vendor credentials

VENOMOUS BEAR

Vercel

Vertex AI

Vidar Stealer

Vietnam

Vietnam-aligned

Views

ViewState deserialization

virtualization

VirusTotal sentiment abuse

vishing

Visual Studio

Visual Studio Code Remote SSH

VLESS

vManage

VMware

VNT

Volt Typhoon

VPN

VPN gateway

VPN Go

VPN session hijacking

VS Code

VS Code tunnels

VShell

VSIX

vSphere

VU#213560

vulnerability

vulnerability research

vulnerability-research

VXLAN

w3wp.exe

wallet address replacement

wallet drainer

wallet infrastructure

wallet replacement

wallet theft

wallet-drainer

wallet-theft

Wasabi

watchdog

watchTowr

watering hole

watering-hole

weak passwords

web application

web hosting

web IDE

web management interface

web RCE

web shell

web shells

web supply chain

web-shells

WebAssembly

WebKit

WebLogic

webmail

WebRTC

webshell

website-compromise

WebSocket

WebSocket C2

websocket-sharp

WebView

Webworm

WhatsApp

WhatsApp phishing

WHM

Widget Factory

WILDDAY

Windchill

WinDirStat

Windows

Windows Defender exclusions

Windows Forms

Windows malware

Windows persistence

Windows Run dialog

Windows Script Host

Windows service persistence

Windows Terminal

Winnti Group

Winos4.0

WinPython

WinRAR

wiper

wiper-adjacent

WireGuard

Wiz Research

WM_COPYDATA IPC

Woodgnat

WordPress

WordPress credential theft

workflow backdoor

workspace trust

World Cup

worm

WP Maps Pro

WScript

X-Secret

X-WEBAUTH-USER

X_TRADER

XChaCha20

XenoRAT

XFRM

xlabs_v1

XMLDecoder

XMRig

XOR

XOR obfuscation

XSLT SSRF

XSS

XSS.is

XXE

xz

Yanbian

YesWeHack

YouTube abuse

Yuechi Shared Technology

yuze

ZAPiXDESK

Zendesk

Zephyr RTOS

Zero Trust

zero-click

zero-day

zero-reputation infrastructure

Zoho Assist

Zoho WorkDrive

ZOHOMURK