Tag index
Generated from page-level ## Tags sections. Each tag below links to the pages that currently use it.
All tags
- .NET (5)
- .NET malware (6)
- .pth (1)
- /accessv2 (1)
- /dev/kvm (1)
- 146.70.139.154 (1)
- 192.42.116.105 (1)
- 192.42.116.58 (1)
- 3CX (1)
- 404 TDS (1)
- 4sync (1)
- @marketfront (1)
- @tqm-mfe (1)
<all_urls>(1)- Ababil of Minab (1)
- abuse response (1)
- academic research (1)
- academic sector (1)
- Accellion (1)
- access brokers (1)
- account takeover (1)
- account-takeover (1)
- act_pedit (1)
- ACTINIUM (1)
- Active Directory (1)
- active exploitation (36)
- active probing (1)
- active-exploitation (1)
- ActiveX (1)
- actor (4)
- actors (9)
- ad blocker (1)
- ad fraud (1)
- Adaptix C2 (1)
- ADB TCP/5555 (1)
- Adblock for YouTube (1)
- Admin API key theft (1)
- administrator account creation (2)
- Adobe ColdFusion (1)
- Adobe Commerce (1)
- Adspect (1)
- Adversa AI (1)
- adversary-in-the-middle (2)
- adware (3)
- adware history (1)
- AES-128-CBC (1)
- AES-256-GCM (1)
- AES-GCM (1)
- AES-GCM C2 (1)
- affiliate hijacking (1)
- Afghanistan (2)
- agent frameworks (3)
- agent memory (1)
- agent skills (1)
- agent state (1)
- agentic AI (1)
- agentic browsers (1)
- agentic malware (1)
- agentic ransomware (1)
- agentic threat actor (1)
- Agentjacking (1)
- AGENTPSD (2)
- AI (4)
- AI agent (1)
- AI agents (14)
- AI anti-analysis (1)
- AI application infrastructure (1)
- AI assistant credentials (2)
- AI assistants (4)
- AI brand impersonation (2)
- AI browsers (1)
- AI chatbot abuse (1)
- AI credential theft (1)
- AI data exfiltration (1)
- AI framework (1)
- AI gateway (1)
- AI search poisoning (1)
- AI security (1)
- AI tooling (15)
- AI vulnerability discovery (1)
- ai-abuse (1)
- ai-agent (1)
- AI-assisted malware (1)
- AI-assisted vulnerability discovery (1)
- AI-augmented operations (1)
- AI-generated malware (1)
- AI-generated narrator (1)
- Aider (1)
- AiTM (1)
- Albania (1)
- Amadey (1)
- Amazon Q Developer (1)
- AMSI bypass (2)
- Android (6)
- Android ADB (1)
- Android Debug Bridge (1)
- Android spyware (1)
- anti-analysis (1)
- anti-forensics (2)
- Anubis ransomware (1)
- Apex One (1)
- API abuse (1)
- API exposure (1)
- API key exposure (1)
- API keys (1)
- API-driven payloads (1)
- apintergrationpost (1)
- App-Bound Encryption bypass (1)
- AppDomainManager (1)
- AppDomainManager injection (2)
- AppleJeus (1)
- AppleScript (1)
- AppleSeed (1)
- appliance (1)
- application delivery controller (1)
- APSB26-68 (1)
- APT (7)
- APT27 (1)
- APT28 (1)
- APT29 (1)
- APT32 (1)
- APT36 (2)
- APT37 (1)
- APT43 (1)
- APT45 (1)
- Aptos (1)
- Aquatic Panda (2)
- AquilaRAT (1)
- arbitrary file read (1)
- arbitrary file write (3)
- arbitrary JavaScript (1)
- Arch Linux (1)
- Arctic Wolf (1)
- ArduPilot (1)
- Argo CD (1)
- ArgoCD (1)
- Arista EOS (1)
- Armageddon (1)
- Armored Likho (3)
- Artifact Signing (1)
- AryStinger (1)
- AS32167 (1)
- Asia targeting (1)
- ASNs (1)
- ASP.NET (2)
- ASP.NET machineKey (1)
- ASPX web shells (2)
- Astro (1)
- ASUS router (1)
- AsyncRAT (1)
- Atlas RAT (1)
- AUDIOFIX (2)
- audit logging (1)
- AUR (1)
- authenticated RCE (1)
- authentication bypass (10)
- authentication laundering (1)
- authentication stack (2)
- authentication-coercion (1)
- auto-execution (1)
- AUTODYN (1)
- AutoGen Studio (1)
- AutoHotKey (1)
- AutoJack (1)
- autonomous agents (1)
- Avalon (2)
- AWS (4)
- AWS CloudTrail (1)
- AWS S3 (2)
- AWS Secrets Manager (1)
- axios (1)
- Azure (3)
- Azure CLI (1)
- Azure Storage (1)
- Backblaze (1)
- backdoor (12)
- Backdoor.Mistic (1)
- Backstage (1)
- backup disruption (1)
- backup recovery keys (1)
- backup targeting (1)
- backups (1)
- Bad Epoll (1)
- BadBlocker (1)
- Badbox 2.0 (1)
- Banana RAT (1)
- banking (1)
- banking malware (1)
- banking trojan (1)
- Barracuda (1)
- BaseZipInstaller (1)
- Bash Uploader (1)
- batch loader (1)
- BeaverTail (1)
- Bedrock (1)
- behavioral integrity verification (1)
- Belarus (2)
- BELQI (1)
- BeyondTrust (1)
- binary execution (1)
- BinaryFormatter (1)
- binding.gyp (2)
- BIOPASS RAT (1)
- BioShocking (1)
- BirdCall (1)
- Bitbucket (1)
- Bitcoin (1)
- Bitwarden (1)
- BlackFile (1)
- Blackpoint Cyber (5)
- blockchain C2 (3)
- blockchain dead drop (1)
- blockchain RPC (1)
- blockchain-dead-drop (1)
- Blogger abuse (1)
- blogspot staging (1)
- BLUEBEAM (1)
- botnet (6)
- branch-compromise (1)
- branch-name-injection (1)
- brand impersonation (2)
- brand-impersonation (1)
- Brazil (4)
- Brazilian banking malware (1)
- BreachForums (1)
- BRICKSTORM (2)
- Broadcom (1)
- browser automation (1)
- browser cookie theft (1)
- browser credential theft (14)
- browser extension (6)
- browser hijacking (2)
- browser session abuse (2)
- browser session risk (3)
- browser zero-day (1)
- browser-credential-theft (1)
- browser-extensions (2)
- browser-security (1)
- browser-session risk (1)
- brute-force credentials (1)
- BSC (1)
- BTMOB (1)
- bucket hijacking (1)
- bucket squatting (1)
- build-time compromise (1)
- bulletproof hosting (1)
- Bun (2)
- Bun runtime abuse (1)
- BusySnake Stealer (3)
- Bybit (1)
- BYOVD (2)
- C# (1)
- C++/CLI (1)
- C2 (9)
- C2 framework (2)
- C2 tasking (1)
- CageFS (1)
- Calendly abuse (1)
- campaign (1)
- Canada (1)
- CANFAIL (1)
- CAP_NET_ADMIN (2)
- Casbaneiro (1)
- Catalyst SD-WAN Manager (1)
- Cav3rn (1)
- Cavern (1)
- Cavern Manticore (2)
- CCleaner (1)
- CDN (1)
- CERT-In (1)
- CERT/CC (1)
- certificate pinning (1)
- certificate theft (1)
- CFIDE (1)
- ChatGPT (1)
- chattr (1)
- Chatty Spider (1)
- CHAVECLOAK (1)
- Check Point (1)
- Check Point Research (1)
- Checkmarx (1)
- checkpointers (1)
- China (2)
- China-linked (8)
- China-nexus (10)
- China-speaking ecosystem (1)
- Chinese-language cybercrime (1)
- Chinese-language fraud ecosystem (1)
- Chinese-speaking (3)
- Chinese-speaking operator (1)
- Chisel (3)
- ChocoPoC (1)
- Chrome (2)
- Chrome extension (1)
- Chrome renderer sandbox (1)
- Chrome Web Store (4)
- chrome_settings_overrides (1)
- ChromElevator (1)
- Chromium (5)
- Chromium extension (1)
- CI-CD (2)
- CI/CD (36)
- CircleCI (1)
- CISA (1)
- CISA KEV (15)
- Cisco (2)
- Cisco Nexus (1)
- Cisco Unified CM (1)
- Cisco Unified Communications Manager (1)
- Citrine Sleet (1)
- Citrix (2)
- Citrix NetScaler (1)
- CitrixBleed (1)
- CitrixBleed 2 (1)
- CKEditor file manager (1)
- CL-CRI-1089 (1)
- CL-STA-1062 (3)
- Claude (2)
- Claude Code (3)
- Clever Cloud (1)
- ClickFix (6)
- ClickOnce (1)
- client-side exploitation (1)
- Cline (1)
- clipboard hijacker (1)
- clipboard injection (1)
- clipboard stealer (1)
- clipboard theft (5)
- clipper (2)
- Cloaked Ursa (1)
- cloaking (1)
- cloud (6)
- cloud C2 (1)
- cloud credential hunting (1)
- cloud credential risk (1)
- cloud credential theft (5)
- cloud credentials (2)
- Cloud Files Mini Filter Driver (1)
- Cloud Filter driver (1)
- cloud IAM (1)
- cloud identity (2)
- cloud identity abuse (1)
- cloud infrastructure (1)
- cloud logging (1)
- cloud secrets (4)
- cloud security (3)
- cloud service abuse (4)
- cloud storage (1)
- cloud storage exfiltration (1)
- cloud transcoding (1)
- Cloudflare (2)
- Cloudflare Tunnel (2)
- Cloudflare tunnels (1)
- Cloudflare Turnstile (1)
- Cloudflare Workers (5)
- cloudflared (1)
- CloudLinux (1)
- cluster compromise (1)
- CMS (6)
- Cobalt Strike (5)
- code execution (1)
- code sandbox scraping (1)
- code signing (3)
- Codecov (1)
- CodeQL (1)
- Codex (2)
- coding agents (1)
- Coinbase (1)
- ColdFusion (1)
- collaboration platforms (1)
- collaboration-tool phishing (1)
- COM-hijacking (1)
- command and control (1)
- command execution (5)
- command injection (6)
- command-execution (1)
- command-injection (1)
- commercial messaging applications (1)
- communications infrastructure (1)
- Composer (4)
- compromised accounts (2)
- compromised credentials (1)
- compromised infrastructure (1)
- compromised WordPress (2)
- Conditional Access (1)
- configuration theft (1)
- confused deputy (1)
- ConfuserEx (2)
- ConnectWise (1)
- ConnectWise ScreenConnect (1)
- consumer devices (1)
- consumer IoT (1)
- Contagious Interview (3)
- container (1)
- container escape (3)
- container escape pre-check (1)
- content compliance rules (1)
- context flooding (1)
- Continue (1)
- continuous visibility (1)
- control panel compromise (1)
- control plane (1)
- cookie theft (3)
- Copilot (1)
- Copy-on-Write (1)
- Coruna (1)
- COW (1)
- CPaaS (1)
- cPanel (3)
- CrackMapExec (1)
- Crates.io (1)
- credential attacks (2)
- credential exposure (2)
- credential harvesting (1)
- credential spraying (1)
- credential stuffing (2)
- credential theft (33)
- credential-theft (51)
- criminal infrastructure (1)
- critical infrastructure (4)
- critical-infrastructure (2)
- CRM data theft (1)
- cron (1)
- cron persistence (1)
- cross-platform (1)
- cross-platform malware (1)
- CrownX (2)
- crypto (2)
- crypto clipper (1)
- crypto wallets (2)
- crypto-wallets (1)
- cryptocurrency (11)
- cryptocurrency scam (1)
- cryptocurrency theft (4)
- cryptocurrency wallet theft (1)
- cryptocurrency wallets (3)
- cryptojacking (1)
- cryptominer (2)
- cryptomining (1)
- Curious Serpens (1)
- Cursor (3)
- Curve25519 (1)
- custody APIs (1)
- CVE-2013-3307 (1)
- CVE-2016-5681 (1)
- CVE-2020-17103 (1)
- CVE-2021-29441 (1)
- CVE-2022-0492 (1)
- CVE-2023-24932 (1)
- CVE-2023-2868 (1)
- CVE-2023-4966 (1)
- CVE-2024-1708 (1)
- CVE-2024-1709 (1)
- CVE-2024-20399 (1)
- CVE-2024-21182 (1)
- CVE-2024-3094 (2)
- CVE-2024-42009 (1)
- CVE-2025-11371 (1)
- CVE-2025-11837 (1)
- CVE-2025-3248 (1)
- CVE-2025-32975 (1)
- CVE-2025-34291 (1)
- CVE-2025-48595 (1)
- CVE-2025-49113 (1)
- CVE-2025-49704 (1)
- CVE-2025-49706 (1)
- CVE-2025-5777 (1)
- CVE-2025-67038 (1)
- CVE-2025-8088 (4)
- CVE-2026-0257 (1)
- CVE-2026-10520 (1)
- CVE-2026-10523 (1)
- CVE-2026-11405 (1)
- CVE-2026-11645 (1)
- CVE-2026-12569 (1)
- CVE-2026-12957 (1)
- CVE-2026-12958 (1)
- CVE-2026-20127 (1)
- CVE-2026-20182 (1)
- CVE-2026-20230 (1)
- CVE-2026-20245 (1)
- CVE-2026-20253 (1)
- CVE-2026-20262 (1)
- CVE-2026-20896 (1)
- CVE-2026-23111 (1)
- CVE-2026-26980 (1)
- CVE-2026-28318 (1)
- CVE-2026-3300 (1)
- CVE-2026-33017 (2)
- CVE-2026-33691 (1)
- CVE-2026-34908 (1)
- CVE-2026-34909 (1)
- CVE-2026-34910 (1)
- CVE-2026-34926 (1)
- CVE-2026-35273 (2)
- CVE-2026-35616 (1)
- CVE-2026-39987 (1)
- CVE-2026-40138 (1)
- CVE-2026-40139 (1)
- CVE-2026-40140 (1)
- CVE-2026-40141 (1)
- CVE-2026-4020 (1)
- CVE-2026-41091 (1)
- CVE-2026-41940 (1)
- CVE-2026-42271 (1)
- CVE-2026-43074 (1)
- CVE-2026-43284 (1)
- CVE-2026-43500 (1)
- CVE-2026-43503 (1)
- CVE-2026-44338 (1)
- CVE-2026-45247 (1)
- CVE-2026-45498 (1)
- CVE-2026-45659 (1)
- CVE-2026-46242 (1)
- CVE-2026-46300 (1)
- CVE-2026-46331 (1)
- CVE-2026-46817 (1)
- CVE-2026-48172 (1)
- CVE-2026-48276 (1)
- CVE-2026-48277 (1)
- CVE-2026-48281 (1)
- CVE-2026-48282 (1)
- CVE-2026-48283 (1)
- CVE-2026-48285 (1)
- CVE-2026-48307 (1)
- CVE-2026-48313 (1)
- CVE-2026-48314 (1)
- CVE-2026-48315 (1)
- CVE-2026-48316 (1)
- CVE-2026-48558 (3)
- CVE-2026-48907 (1)
- CVE-2026-50751 (1)
- CVE-2026-50752 (1)
- CVE-2026-53359 (1)
- CVE-2026-5426 (1)
- CVE-2026-54420 (1)
- CVE-2026-6682 (1)
- CVE-2026-6683 (1)
- CVE-2026-6684 (1)
- CVE-2026-6685 (1)
- CVE-2026-6686 (1)
- CVE-2026-6687 (1)
- CVE-2026-6688 (1)
- CVE-2026-7473 (1)
- CVE-2026-8037 (1)
- CVE-2026-8451 (1)
- CVE-2026-8461 (1)
- CVE-2026-8732 (1)
- CVE-2026-9082 (1)
- CWE-502 (1)
- CWE-77 (1)
- CWE-78 (1)
- cyber-espionage (1)
- cybercrime (11)
- cybercrime ecosystem (2)
- Cython (1)
- Czech Republic (1)
- D-Link (1)
- dangling resources (1)
- data exfiltration (6)
- data exposure (1)
- data extortion (1)
- data leak site (2)
- data theft (5)
- data-exfiltration (1)
- database extortion (1)
- DAYLIGHT (1)
- DCloud (1)
- DCloud Uni-App (1)
- DcRAT (1)
- DDNS (1)
- DDoS (2)
- DDoS-for-hire (1)
- dead drop resolver (4)
- Debian (1)
- DEBULL (1)
- declarativeNetRequest (1)
- DeepSeek (2)
- Defender Advanced Hunting (1)
- Defender evasion (2)
- Defender exclusion (1)
- defense (1)
- defense evasion (4)
- defense targeting (1)
- defense-evasion (1)
- DeFi (4)
- delayed execution (1)
- denial of service (4)
- Deno (2)
- dependency confusion (2)
- deployment_status (1)
- deserialization (4)
- destructive malware (2)
- destructive operations (1)
- detection engineering (1)
- DEV-0206 (1)
- developer credential theft (2)
- developer credentials (1)
- developer endpoints (1)
- developer machines (9)
- developer mode (1)
- developer targeting (4)
- developer tooling (2)
- developer workstations (2)
- developer-machine-fleet (1)
- developer-targeting (15)
- developer-tools (1)
- developer-workstations (2)
- device registration (1)
- device-code phishing (1)
- DevOps (1)
- DevTools (1)
- DEWMODE (1)
- DIAMONDBACK (2)
- Digital Knowledge (1)
- digital wallets (1)
- DigitalOcean (1)
- Dindoor (1)
- diplomatic targeting (2)
- DirtyClone (1)
- DirtyFrag (1)
- Discord (2)
- discovery (1)
- Djinn Stealer (3)
- DLL side-loading (3)
- DLL sideloading (16)
- DNS C2 (2)
- DNS threat intelligence (1)
- DNS tunneling (1)
- Docker (1)
- Docker credentials (1)
- Docker images (1)
- document exfiltration (1)
- document theft (3)
- domain squatting (1)
- domestic espionage (1)
- DotNetNuke (1)
- double extortion (1)
- downgrade risk (1)
- DPAPI (2)
- DPAPILoader (1)
- DPRK (4)
- driver loading (1)
- DroneLink (1)
- Dropbear (1)
- Dropbox (2)
- dropper (1)
- Drupal (1)
- duckdns (1)
- Dutch Police (1)
- DWAgent (1)
- dynamic DNS (1)
- dynamic obfuscation (1)
- Dynu (1)
- e-commerce (1)
- Eagle Werewolf (2)
- Earth Lusca (2)
- eBPF (2)
- Eclipse (1)
- edge appliance (10)
- edge appliances (2)
- edge application server (1)
- edge device (2)
- edge devices (3)
- edge exploitation (1)
- edge service (2)
- editor profile import (1)
- EDR evasion (2)
- EDR killer (1)
- EDS5000 (1)
- education (1)
- Egnyte (1)
- EKZ Infostealer (1)
- Elasticsearch (1)
- electric power sector (2)
- email (1)
- email exfiltration (1)
- email gateway (1)
- email infrastructure abuse (1)
- email theft (3)
- embedded systems (1)
- Emerald Sleet (1)
- encrypted C2 (1)
- endpoint management (1)
- endpoint management abuse (1)
- endpoint response (1)
- endpoint-detection (1)
- endpoint-security (2)
- EndpointDlp.dll (1)
- energy sector (4)
- energy-sector (1)
- engineering (1)
- engineering software (1)
- enterprise application (1)
- enterprise application exploitation (1)
- enterprise applications (1)
- Entra ID (2)
- Environment Management Hub (1)
- environment variables (1)
- environmental keying (1)
- epoll (1)
- Epsilon Stealer (1)
- ERP (1)
- eSentire TRU (1)
- ESG (1)
- espionage (43)
- Espressif ESP-IDF (1)
- EtherHiding (1)
- ETW patching (1)
- ETW tampering (1)
- Eurojust (1)
- Europe (3)
- Europe targeting (1)
- Europol (2)
- evasion (1)
- eventpoll (1)
- Everest Forms Pro (1)
- Evil Corp (1)
- EvilAI (1)
- exFAT (1)
- exfiltration (4)
- exploit-development (1)
- exploit-kit (1)
- Exploit.in (1)
- exploitation (14)
- exploitation attempts (1)
- extension supply-chain (2)
- external federation (1)
- extortion (7)
- F5 BIG-IP (1)
- fake CAPTCHA (2)
- fake crypto exchange (1)
- fake dating lures (1)
- fake gambling (1)
- fake login screen (1)
- fake plugin (1)
- fake PoC (2)
- fake recruiting (1)
- fake reputation (1)
- fake update (2)
- FakeCaptcha (1)
- Fakeset (1)
- faketivism (1)
- FakeUpdates (1)
- FallSpy (1)
- FAMOUS CHOLLIMA (2)
- Famous Chollima (1)
- Fancy Bear (1)
- Fast16 (1)
- FastAPI (1)
- FastCGI (1)
- FAT32 (1)
- FatFs (1)
- FBI (2)
- FFmpeg (1)
- FIFA (1)
- file encryption (1)
- file exfiltration (1)
- File Transmission (1)
- file upload path traversal (1)
- file-system filter (1)
- FileFiend (1)
- FILEIO (1)
- fileless execution (3)
- fileless malware (1)
- filemanager (1)
- filename-injection (1)
- filesystem parser (1)
- finance (2)
- financial fraud (2)
- financial sector (3)
- financial services (2)
- financial theft (3)
- FireAnt MetaKit (1)
- Firefox Add-ons (1)
- firewall (1)
- firmware (1)
- firmware update (1)
- FishMonger (1)
- FlexPLM (1)
- Flutter (1)
- FlutterShell (1)
- folderOpen (1)
- foreign affairs targeting (1)
- foreign policy targeting (1)
- Forest Blizzard (1)
- FortiClient EMS (1)
- FortiGate (1)
- Fortinet (2)
- FortiOS (1)
- Fox Tempest (2)
- fraud (1)
- FreeBSD (2)
- freeware impersonation (1)
- FSB (4)
- FSB Center 16 (2)
- fscan (1)
- FTA (1)
- ftp.exe (1)
- Full Disk Access social engineering (1)
- Funnull (1)
- Gamaredon (3)
- Gamaredon collaboration (1)
- GammaLoad (1)
- GammaPhish (1)
- GammaSteel (1)
- GammaWorm (1)
- Garble (1)
- GCS (1)
- GentleKiller (1)
- Ghost CMS (1)
- Ghost Networks (1)
- GHSA-6rmh-7xcm-cpxj (1)
- GHSA-6v3r-4p5c-mrp5 (1)
- GHSA-xhcr-j4j9-3gh7 (1)
- GIFTEDCROOK (1)
- Gitea (1)
- GitHub (16)
- GitHub abuse (3)
- GitHub Actions (20)
- GitHub API (1)
- GitHub App (1)
- GitHub CLI (1)
- GitHub issue spam (1)
- GitHub OAuth (1)
- GitHub Pages abuse (1)
- GitHub payload delivery (1)
- GitHub Security Advisories (1)
- GitHub tokens (2)
- GitLab (1)
- gitleaks (1)
- GitOps (1)
- Gleaming Pisces (1)
- gleeze.com (1)
- GlobalProtect (1)
- Gmail (3)
- Go (4)
- Go modules (1)
- Go2Tunnel (1)
- Godzilla (1)
- GoEdge (1)
- GoFile (1)
- Golang malware (1)
- GOLD PRELUDE (1)
- Google Ads (1)
- Google Analytics telemetry (1)
- Google API (3)
- Google Chrome (1)
- Google Cloud (1)
- Google Cloud Logging (1)
- Google Cloud Storage (1)
- Google credential theft (1)
- Google Drive (1)
- Google Notes (1)
- Google Play (1)
- Google Play Protect (1)
- Google redirect abuse (1)
- Google Stitch (1)
- Google Threat Intelligence Group (2)
- Goose (1)
- government (4)
- government targeting (10)
- government-impersonation (1)
- GPT (1)
- Grandoreiro (2)
- GraphSpy (1)
- Gravity SMTP (1)
- GRE (1)
- GREYVIBE (1)
- group (3)
- groups (13)
- gRPC (1)
- gs-netcat (1)
- GS-Netcat (1)
- GTIG (2)
- GUE (1)
- guest-to-host escape (1)
- Guildma (1)
- hack-and-leak (1)
- hacktivist persona (1)
- Hades (2)
- Hajime (1)
- hallucination (1)
- HappyDoor (1)
- HAR files (1)
- hard-coded secrets (1)
- HashiCorp Vault (1)
- HavocKiller (1)
- headless browser (2)
- healthcare (2)
- HelloDoor (1)
- HellsGate (1)
- Helm (1)
- Hermes Agent (1)
- HexKiller (1)
- hidden backdoor (1)
- hidden service (1)
- high explosives (1)
- higher education (2)
- Honduras (2)
- HONESTCUE (1)
- hospitality targeting (1)
- Host Radar (1)
- hosting control plane (1)
- hosting provider (1)
- hosting providers (1)
- hotel targeting (1)
- HR lures (1)
- HTA (4)
- HTML smuggling (1)
- HTTP C2 (1)
- HttpMalice (1)
- HTTPSpy (1)
- Hugging Face (2)
- Hunt.io (4)
- Huntress (1)
- hydropower (2)
- Hydropower Cooperation Project Proposal.zip (1)
- hypervisor escape (1)
- Hyunwoo Kim (1)
- I-SOON (2)
- ICE (1)
- ICONICSTEALER (1)
- ICS (1)
- IDE extension (1)
- IDE plugins (1)
- ide.cfm (1)
- identity (3)
- identity attacks (1)
- identity security (1)
- IDEs (1)
- IFEO persistence (1)
- IIOP (1)
- IIS (1)
- IKEv1 (1)
- iMessage (1)
- Impacket (2)
- impersonation (1)
- import-time execution (2)
- improper privilege management (1)
- in-memory DLL loading (1)
- incident response (20)
- incident-response (1)
- India (3)
- Indian government (1)
- indirect prompt injection (4)
- industrial control (1)
- industrial control systems (1)
- INFINITERED (1)
- Infoblox Threat Intel (1)
- information disclosure (1)
- infostealer (19)
- infrastructure (5)
- infrastructure disruption (2)
- initial access broker (2)
- initial-access (3)
- input capture (1)
- install-time execution (2)
- install-time-execution (1)
- install.res.1033.dll (1)
- Integration Broker (1)
- Intercolo (1)
- internet-facing admin surface (1)
- internet-facing appliance (1)
- internet-facing applications (1)
- investment scam (1)
- InvisibleFerret (1)
- iOS (1)
- IoT (3)
- IoT botnet (3)
- IP-in-IP (1)
- IPsec (1)
- IPv6 (1)
- Iran (7)
- Iran-nexus (1)
- Island Security Research (1)
- ISO image (1)
- Israel (3)
- IT providers (1)
- Italian foreign-policy targeting (1)
- Italy targeting (1)
- Ivanti Sentry (1)
- JADEPUFFER (1)
- Jamf Threat Labs (1)
- Januscape (1)
- Japan (1)
- Java malware (1)
- JavaScript (11)
- JavaScript bridge (1)
- JavaScript injection (1)
- JavaScript loader (1)
- JavaScript malware (1)
- JavaScript masquerading (1)
- JavaScript tampering (1)
- JCE (1)
- JDY (1)
- Jellyfin (1)
- JetBrains (2)
- JetBrains Marketplace (1)
- JetStream (1)
- JFrog (1)
- JFrog Security Research (2)
- JINX-0164 (2)
- joblib (1)
- Joomla (1)
- Joomla Content Editor (1)
- journalists (1)
- JSCoreRunner (1)
- JSON:API (1)
- JSONKeeper (1)
- JSONPing (1)
- JSP web shell (1)
- JuicyPotato (2)
- JXA downloader (1)
- K1MORPHER (2)
- Kairos (1)
- Kaspersky (2)
- Kaspersky Securelist (2)
- Kazakhstan (1)
- KAZUAR (2)
- KAZUAR overlap (1)
- Keitaro (1)
- Kemp LoadMaster (1)
- kernel driver (3)
- kernelCTF (1)
- KEV (3)
- keychain theft (1)
- KeyHunter (1)
- keylogger (2)
- keylogging (1)
- Kimsuky (1)
- Klue (1)
- KnowledgeDeliver (1)
- KongTuke (1)
- KORKERDS (1)
- Kubernetes (2)
- KV-botnet (1)
- KVM (1)
- KVM escape (1)
- kvmCTF (1)
- L2TP/IPSec (1)
- LA Metro (1)
- LangChain (2)
- Langflow (4)
- LangFlow (1)
- LangGraph (1)
- Language Servers for AWS (1)
- Lantronix (1)
- Laravel (2)
- lateral movement (3)
- lateral-movement (1)
- Latin America (2)
- LaunchAgent (1)
- launchctl (1)
- law enforcement (1)
- law-enforcement-disruption (1)
- LayerX (1)
- Lazarus (5)
- LD_PRELOAD (2)
- LDAP (1)
- leaked credentials (1)
- least privilege (1)
- legacy botnet hijacking (1)
- legacy infrastructure (1)
- legacy software (1)
- legal sector (1)
- LegionRelay (1)
- Leo Platform (1)
- LevelBlue (1)
- liblzma (1)
- libp2p (1)
- libpeconv (1)
- lifecycle hooks (1)
- lifecycle-hooks (1)
- Lightning Shared Scooter Co. (1)
- LinkedIn (2)
- Linksys (1)
- Linux (22)
- Linux kernel (4)
- Linux malware (1)
- LiteLLM (3)
- LiteSpeed (2)
- living off the land (1)
- living-off-the-land (1)
- living-off-the-land binaries (1)
- LLM (4)
- LLM security (1)
- LLM-driven intrusion (1)
- LLMjacking (1)
- LMS (1)
- LNK (10)
- LNK files (1)
- load balancer (1)
- loader (4)
- local LLMs (1)
- local privilege escalation (5)
- local-file-inclusion (1)
- localhost (1)
- log poisoning (1)
- logging (1)
- login item persistence (1)
- LOLBins (2)
- long-lived tokens (1)
- long-term access (1)
- LONGSTREAM (1)
- LOOKVALJS (1)
- LOOKVALPS (1)
- loopback (1)
- Loophole (1)
- low-confidence attribution (1)
- LPE (1)
- LS-DYNA (1)
- LSASS (1)
- LSHIY (1)
- LSSC (1)
- Lua (1)
- Lumen (1)
- Lumen Black Lotus Labs (1)
- Luna Moth (1)
- Lyceum (1)
- MaaS (1)
- MacCMS (1)
- Maccy impersonation (1)
- machine-learning (1)
- macOS (10)
- macOS malware (1)
- Magento (1)
- MagicYUV (1)
- mail server compromise (1)
- mailbox theft (1)
- MAIN world injection (1)
- maintainer compromise (2)
- maintainer persona (1)
- maintainer-compromise (1)
- malicious GPO (1)
- malicious releases (2)
- malvertising (4)
- malware (34)
- malware analysis (2)
- malware delivery (3)
- malware framework (1)
- Malware-as-a-Service (1)
- malware-as-a-service (2)
- malware-signing-as-a-service (1)
- MALXMR (1)
- managed file transfer (1)
- managed service provider (1)
- ManageEngine Endpoint Central (1)
- management plane (3)
- Manifest V3 (1)
- manufacturing (1)
- Mapbox (2)
- marimo (1)
- MARKETMAKER (1)
- marketplace abuse (1)
- marketplace trust (1)
- Maven Central (1)
- mawesome (1)
- Mbed (1)
- McAfee Labs (1)
- MCP (7)
- media processing (1)
- medical research (1)
- Mekotio (1)
- memfd (1)
- memory corruption (1)
- memory disclosure (1)
- memory overread (1)
- memory poisoning (1)
- memory-only malware (1)
- MeshAgent (1)
- MeshCentral (2)
- MEV bot lure (1)
- Mexico (1)
- MFA bypass (7)
- MFA fatigue (1)
- MFA-bypass (1)
- Miasma (6)
- MicroPython (1)
- Microsoft (6)
- Microsoft .NET (1)
- Microsoft 365 (3)
- Microsoft 365 Copilot (1)
- Microsoft Authentication Broker (1)
- Microsoft Defender (1)
- Microsoft Defender Security Research (1)
- Microsoft dev tunnels (2)
- Microsoft Digital Crimes Unit (1)
- Microsoft Edge (2)
- Microsoft Edge Add-ons (1)
- Microsoft Edge Extensions Security Team (1)
- Microsoft Entra ID (1)
- Microsoft Graph (2)
- Microsoft Identity Platform (1)
- Microsoft Office SharePoint (1)
- Microsoft Security Blog (1)
- Microsoft SQL Server (1)
- Microsoft Teams (2)
- Microsoft-signed binary abuse (1)
- Middle East (2)
- middleware (1)
- Midnight Blizzard (1)
- military research (1)
- Mimikatz (3)
- Minecraft DDoS (1)
- Mini Shai-Hulud (2)
- MiniJunk (1)
- MiniPlasma (1)
- MINIRAT (2)
- MINIRECON (2)
- Ministry of Finance (2)
- MiniUpdate (1)
- Mirai (3)
- Mirai-derived botnet (1)
- Mistic (1)
- MITRE ATT&CK T1005 (1)
- MITRE ATT&CK T1562 (1)
- MLTBackdoor (1)
- mobile (1)
- Mobile Access (1)
- mobile device management (1)
- mobile devices (1)
- mobile malware (1)
- MobileIron Sentry (1)
- Model Context Protocol (5)
- model poisoning (1)
- model-provider abuse (1)
- ModeloRAT (1)
- module-proxy (1)
- MOIS (5)
- Monero (2)
- Mozi (1)
- MpExtMs.exe (1)
- MPR network provider (1)
- Mr_Rot13 (1)
- MSBuild (1)
- msgpack (1)
- mshta (3)
- MSI (1)
- MSP (3)
- MSSQL (1)
- mTLS (1)
- MuddyWater (3)
- multi-tenant cloud (1)
- Mustang Panda (2)
- Mustard Tempest (1)
- mutable tags (2)
- MYRA (1)
- MySQL (1)
- Mythos (1)
- Nacos (1)
- named pipes (1)
- namespace recycling (1)
- namespace squatting (1)
- NAS targeting (1)
- nation-state (1)
- native addon (1)
- native extension (2)
- NativeAOT (2)
- NATS (1)
- NCSC-NL (1)
- Nebo (1)
- negotiation (1)
- Neo-reGeorg (1)
- nested virtualization (1)
- Netherlands (1)
- NetNut (1)
- NetScaler (2)
- NetScaler ADC (2)
- NetScaler Gateway (2)
- network infrastructure (1)
- network policies (1)
- Nextcloud (1)
- nf_tables (1)
- nftables (1)
- Nginx (1)
- Nginx module (1)
- no attribution (1)
- No-IP (1)
- node-gyp (2)
- node-ipc (1)
- node-pty (1)
- Node.js (2)
- Node.js implant (1)
- Node.js malware (1)
- North Korea (11)
- notarized malware (1)
- npm (43)
- npm lifecycle hook (3)
- npm tokens (1)
- npx (1)
- NSecKrnl.sys (1)
- NTDS.dit (2)
- NTFS ADS (2)
- NTLM (1)
- nuclear weapons (1)
- NuGet (1)
- Nuitka (1)
- NVGRE (1)
- OAuth (4)
- OAuth abuse (3)
- OAuth token abuse (1)
- OAuth token exposure (1)
- OAuth tokens (2)
- OBF networks (1)
- obfuscation (1)
- obfuscator.io (1)
- OFAC (1)
- Offshore LC (1)
- OIDC (6)
- OilRig (1)
- Okta (4)
- OKX (1)
- Ollama (1)
- Oman (1)
- Omnibox (1)
- OneDrive (3)
- OneDrive access (1)
- Open Interpreter (1)
- OpenAI (1)
- OpenAI Codex (1)
- opencode (1)
- OpenConnect (1)
- OpenHands (1)
- OpenSearch (1)
- OpenSSH (2)
- OpenVPN (1)
- OpenVPN-shaped UDP (1)
- OpenVSX (1)
- operation (2)
- Operation DangerousPassword (1)
- Operation Endgame (1)
- Operation Highland (2)
- operational relay box (1)
- operational resilience (1)
- operations (184)
- OpFauxSign (1)
- ops (190)
- opsec failure (1)
- Oracle (1)
- Oracle E-Business Suite (1)
- Oracle Payments (1)
- Oracle PeopleSoft (2)
- Oracle WebLogic Server (1)
- OT (1)
- OTA update (1)
- OTP interception (1)
- Outlook (1)
- OX Security (1)
- OxideHarvest (1)
- OYSTERBLUES (1)
- OYSTERFRESH (1)
- OYSTERSHUCK (1)
- P2P (1)
- package masquerading (1)
- package registry (3)
- package registry credentials (1)
- package scanning (1)
- package-cooldowns (1)
- package-manager-hardening (1)
- package-splitting (1)
- package-takeover (1)
- Packagist (4)
- page cache (2)
- page poisoning (1)
- Pakistan (2)
- Pakistan-linked (2)
- Palo Alto Networks (1)
- PAM (2)
- PAM credential validation (1)
- PamStealer (1)
- PAN-OS (1)
- parallel-intrusion (1)
- password spray (1)
- password spraying (2)
- Pastebin (1)
- patch management (2)
- path traversal (1)
- patterns (25)
- payload loader (1)
- payload staging (1)
- payload-as-a-service (1)
- payment fraud (1)
- payment workflow exposure (1)
- payment-card theft (2)
- payment-card-theft (2)
- payroll lures (1)
- pe_to_shellcode (1)
- PebbleDash (1)
- pedit (1)
- pentesting (1)
- people (1)
- PeopleTools (1)
- PerfWatson2.exe (1)
- Perplexity AI (1)
- persistence (24)
- pfSense (1)
- PhaaS (2)
- Phantom Gyp (3)
- PhantomClick (1)
- PhantomMail (1)
- PhantomRelay (1)
- Philippines (1)
- phishing (16)
- phishing-as-a-service (2)
- PHP (2)
- PHP code injection (1)
- PHP object injection (1)
- PHP upload (1)
- physics (1)
- PicassoLoader (1)
- pickle (1)
- pig butchering (1)
- pig-butchering (1)
- piracy (1)
- Piriform (1)
- Pix (1)
- PixelSmash (1)
- PKGBUILD (1)
- plaintext HTTP (1)
- Plandex (1)
- PLENET (2)
- plugin architecture (1)
- poisoned-branch (1)
- PolinRider (2)
- polyfill (1)
- Polymarket (1)
- polymorphic loader (1)
- polymorphic payloads (1)
- Popa (1)
- portmap (1)
- Portugal (1)
- post-authentication RCE (1)
- post-exploitation (4)
- post-exploitation framework (1)
- postal-impersonation (1)
- PostCSS (1)
- PostgreSQL (3)
- postinstall (9)
- PowerCloud (1)
- PowerShell (15)
- PowerShell malware (1)
- PowerShower (1)
- PPtP (1)
- PRA (1)
- PraisonAI (1)
- PRC (1)
- PRC-aligned (1)
- PRC-nexus (1)
- pre-auth RCE (1)
- pre-authentication (2)
- preinstall (2)
- Primitive Bear (1)
- PrincessClub (1)
- privacy (1)
- privacy exposure (1)
- private registry fallback (1)
- private-key theft (1)
- privilege escalation (8)
- Privileged Remote Access (1)
- process doppelgänging (1)
- process environment scraping (1)
- process hollowing (2)
- process injection (3)
- product lifecycle management (1)
- professional services (1)
- profile.d (1)
- Progress Kemp LoadMaster (1)
- Project Proposal.exe (1)
- prompt injection (8)
- prompt-injection (4)
- PROMPTFLUX (1)
- PROMPTSPY (1)
- proof of deletion (1)
- Proofpoint (1)
- protestware (1)
- Protobuf (1)
- provenance (1)
- proxy (6)
- proxy network (2)
- ProxyChains (1)
- PSEMHUB (1)
- PsExec (1)
- PSIGW (1)
- psychological operations (1)
- PTC (1)
- PteroBox (2)
- PteroPaste (2)
- PteroPSDoor (2)
- PteroSetup (2)
- PteroVDoor (2)
- public exploit (2)
- public file-transfer exfiltration (1)
- public sector (2)
- pull requests (1)
- PUP (1)
- PureLogs Stealer (1)
- pwn-request (1)
- PyArmor (2)
- PyPI (10)
- Python (8)
- Python extension modules (1)
- Python malware (2)
- Python stealer (1)
- QiAnXin XLab (2)
- Qilin (2)
- QNAP (1)
- QR code interception (1)
- query injection (1)
- Quest KACE SMA (1)
- QuimaRAT (1)
- RaaS (1)
- race condition (1)
- RainbowEx (1)
- RakNet flood (1)
- RAM disk (1)
- Ransom-ISAC (1)
- ransomware (9)
- ransomware access (1)
- ransomware enablement (1)
- ransomware-access (1)
- rapid exploitation (2)
- RAR archives (1)
- RAR staging (2)
- RAT (25)
- RC4 (4)
- RC4 C2 (1)
- RCE (6)
- Rclone (1)
- rclone (1)
- RCS (1)
- RDP (1)
- RDP phishing (1)
- RDS (1)
- Reality (1)
- Reaper (1)
- reconnaissance (2)
- recovery denial (1)
- recovery disruption (2)
- recruitment lures (1)
- Red Dev 10 (2)
- Red Hat (1)
- REDCap (1)
- Redis (2)
- Redis backdoor (1)
- RediSearch (1)
- reflective .NET loading (1)
- refresh token theft (1)
- refresh tokens (1)
- RegAsm process hollowing (1)
- registry persistence (5)
- registry-controls (1)
- release automation (1)
- release tampering (1)
- remote access (6)
- Remote Access VPN (1)
- remote code execution (9)
- remote debugging (2)
- remote monitoring and management (1)
- remote script injection (1)
- Remote Support (1)
- remote support (2)
- remote-access (1)
- Remotely (1)
- RemotePE (1)
- RemotePELoader (1)
- removable media (1)
- Rentry (1)
- replication (1)
- repo-server (1)
- repository poisoning (2)
- residential proxies (1)
- residential proxy (1)
- REST C2 (1)
- restart-triggered execution (1)
- reverse proxy (1)
- reverse SSH tunneling (2)
- REVERSE_PROXY_TRUSTED_PROXIES (1)
- ReverseSocks (1)
- reviewdog (1)
- RingH23 (1)
- RMM (3)
- RMM abuse (7)
- ROADrecon (1)
- ROADtools (1)
- roadtx (1)
- RokRAT (1)
- Rollup (1)
- RomulusLoader (1)
- Roo-Code (1)
- root (1)
- root escalation (1)
- root execution (2)
- rootkit (4)
- ROPC (1)
- Rouki obfuscation (1)
- Roundcube (1)
- router (1)
- router malware (1)
- RSA (1)
- RSA-2048 (1)
- RT-Thread (1)
- RTL819X (1)
- RubyGems (2)
- rundll32 (1)
- Runner.Worker (1)
- runtime execution (1)
- runtime mutation (1)
- runZero (1)
- Russia (8)
- Russia-linked (3)
- Russia-linked cybercrime (1)
- Russia-nexus (2)
- Russian Intelligence Services (1)
- Russian-speaking forums (1)
- Rust (7)
- Rust malware (2)
- S3 Browser (1)
- S3-compatible storage (1)
- s5cmd (1)
- SaaS (3)
- SaaS exposure (1)
- sabotage (2)
- Safari (1)
- SafeDep (3)
- Salesforce (2)
- SAML IdP (1)
- Samsung TizenRT (1)
- sandboxing (1)
- scam infrastructure (1)
- scambling (1)
- scanner evasion (1)
- ScarCruft (1)
- scheduled task (3)
- scheduled task persistence (5)
- scheduled tasks (4)
- scope squatting (1)
- screen capture (2)
- ScreenConnect (4)
- screenshot theft (2)
- script-injection (1)
- SD-WAN (1)
- search hijacking (1)
- search result poisoning (1)
- Secret Blizzard (3)
- secret exposure (1)
- secrets (5)
- secrets management (1)
- Secure Preferences (1)
- security platform (1)
- seed phrase theft (1)
- Seedworm (2)
- segmented networks (1)
- Sekoia (1)
- self-delete (1)
- self-hosted AI services (1)
- self-hosted media (1)
- self-propagation (1)
- semantic-release (1)
- sendit.sh (1)
- sensitive information exposure (1)
- Sentinel (1)
- Sentry (1)
- Sentry abuse (1)
- SEO poisoning (4)
- Serv-U (1)
- service accounts (1)
- service-agent (1)
- ServiceNow (1)
- session hijacking (2)
- session secret exposure (1)
- session theft (1)
- session token theft (1)
- shadow copy deletion (2)
- shadow MMU (1)
- SHADOW-AETHER-040 (1)
- SHADOW-AETHER-064 (1)
- SHADOW-EARTH-066 (1)
- SHADOW-WATER-063 (1)
- ShadowPad (2)
- Shai-Hulud (7)
- SHARDLOADER (2)
- share propagation (1)
- shared hosting (3)
- shared secrets (1)
- SharePoint (3)
- SharePoint Server (1)
- SharkLoader (1)
- shell injection (1)
- ShinyHunters (2)
- Shuckworm (1)
- SideCopy (1)
- Signal (1)
- Signal interception (1)
- signed malware (1)
- signed updates (1)
- signed-binary (1)
- Silent Ransom Group (1)
- Silent Swap (1)
- SilentCryptoMiner (1)
- SilentRunLoader (1)
- SiliconFlow (1)
- SimpleHelp (3)
- simulation tampering (1)
- Site Member permissions (1)
- skb (1)
- SkillCloak (1)
- SkillDetonate (1)
- sleeper packages (1)
- Sliver (2)
- SLSA (1)
- smart TVs (1)
- SmartScreen (1)
- SMB (1)
- SMB brute force (1)
- SMB egress (1)
- smishing (4)
- sms-phishing (1)
- SMTP (1)
- Snake (1)
- SNOWLIGHT (1)
- SocGholish (1)
- social engineering (14)
- social-engineering (2)
- Socket (1)
- Socket Security Research (1)
- Socket.IO (1)
- SOCKS tunneling (1)
- SOCKS5 (4)
- SOCKS5 tunneling (1)
- SoftEther VPN (2)
- software impersonation (1)
- software supply chain (1)
- software-deployment (1)
- SOHO router (1)
- SOHO routers (1)
- Solana (2)
- SolarWinds (1)
- Solid PDF Creator (1)
- SolidPDFCreator.dll (1)
- SolidPDFPcl2Bmp (1)
- Sophos (1)
- source control (1)
- source-code compromise (1)
- source-package drift (1)
- source-package mismatch (1)
- source-repository poisoning (3)
- SourceForge abuse (1)
- South Africa (1)
- South Asia (1)
- South Korea (2)
- Southeast Asia (5)
- spam (1)
- spear phishing (8)
- spear-phishing (2)
- spearphishing (1)
- SPECTRALVIPER (1)
- Sphinx ransomware (1)
- SpiderLabs (1)
- Splunk (1)
- SprySOCKS (2)
- SQL injection (3)
- SQLite (1)
- SquareShell (1)
- SSH (2)
- SSH bastion (1)
- SSH brute force (1)
- SSH key exposure (1)
- SSH key persistence (1)
- SSH keys (1)
- SSH lateral movement (1)
- SSH persistence (1)
- SSH tunnels (1)
- SSL VPN (1)
- SSRF (3)
- staged malicious update (1)
- stale access (1)
- stale credentials (1)
- Startup folder persistence (1)
- state-linked (1)
- state-owned enterprise (1)
- Static Kitten (1)
- stdio (3)
- StealC (1)
- stealer (2)
- steganography (1)
- StegoAd (1)
- STM32Cube (1)
- stock exchange (1)
- STOCKSTAY (3)
- storage deletion (1)
- Storm-2603 (1)
- Storm-2697 (1)
- Storm-3075 (1)
- STRD (3)
- streaming boxes (1)
- STUN (1)
- Stuxnet lineage (1)
- subject claim (1)
- SUMMIT (3)
- Supabase (1)
- supply chain (5)
- supply chain compromise (1)
- supply-chain (81)
- suspected China-aligned (1)
- SWE-agent (1)
- SWUpdate (1)
- Symantec Threat Hunter Team (1)
- symlink following (1)
- Synacktiv (1)
- Synology (1)
- Sysdig (2)
- SYSTEM (1)
- systemd-userdbd (1)
- T1204.004 (1)
- T3 (1)
- TA427 (1)
- TA569 (1)
- Tactical RMM (1)
- tag rewrite (1)
- tag tampering (4)
- TAG-124 (1)
- TAG-22 (2)
- Taiwan (7)
- takedown (3)
- TamperedChef (1)
- targeted operations (1)
- TartarusGate (1)
- TaskWeaver (3)
- tax-season phishing (1)
- tc (1)
- TCP traffic diversion (1)
- TDS (1)
- TeamPCP (8)
- TeamPCP-adjacent (1)
- Teams access (1)
- TeamViewer (1)
- TEASOUP (1)
- Tebi (1)
- technician session (1)
- telecom (2)
- telecom-impersonation (1)
- telecommunications (1)
- Telegra.ph (1)
- Telegram (6)
- telegram (1)
- Telegram C2 (3)
- Telegram exfiltration (1)
- telemetry (1)
- Teletype (1)
- Telnet brute force (1)
- Telnyx (1)
- Temp Zagros (1)
- tenant-project (1)
- Tenda (1)
- Tenet Security (1)
- Tetrade (1)
- Thailand (3)
- The Gentlemen (1)
- The Hacker News (3)
- third-party integrations (1)
- threat hunting (1)
- ThrottleBlood (1)
- thumbnail generation (1)
- TinyGo (1)
- TinyRCT (3)
- tj-actions (1)
- ToddyCat (3)
- token forgery (1)
- token replay (1)
- token theft (2)
- token-theft (1)
- TONESHELL (2)
- tool (1)
- tool output injection (1)
- tool poisoning (1)
- tool use (1)
- tooling (5)
- tools (20)
- Tor (3)
- Total Software Deployment (1)
- Trading Technologies (1)
- traffic control (1)
- traffic hijacking (1)
- traffic-distribution-system (1)
- traffic-fraud (1)
- transaction authority (1)
- transnational repression (1)
- Transparent Tribe (2)
- Trend Micro (3)
- TrendAI (1)
- TrickBot (1)
- Trident Ursa (1)
- Tron (1)
- trusted publishing (1)
- tunnel decapsulation (1)
- tunnel services (1)
- Turla (4)
- Turla collaboration (1)
- Twilio (1)
- TypeScript (1)
- typosquat (1)
- typosquatting (11)
- UAC (1)
- UAC bypass (1)
- UAC-0010 (3)
- UAC-0098 (1)
- UAC-0194 (3)
- UAC-0226 (1)
- UAT-7237 (3)
- Ubiquiti (1)
- Ubuntu (1)
- Udev persistence (1)
- UDP C2 (1)
- Ukraine (9)
- Ukraine targeting (3)
- UltraVNC (1)
- Umbrij (3)
- unauthenticated access (1)
- unauthenticated HTTP exploitation (1)
- unauthenticated RCE (3)
- UNC1543 (1)
- UNC2814 (1)
- UNC3753 (1)
- UNC4221 (1)
- UNC4736 (1)
- UNC5792 (1)
- UNC6240 (2)
- UNC6508 (1)
- UNC6671 (1)
- UNC6692 (2)
- UNC6780 (1)
- Uni-App (1)
- UniFi OS (1)
- Unified CM SME (1)
- uninitialized heap memory (1)
- Unit 42 (3)
- United States (2)
- university targeting (1)
- UNK_MassTraction (1)
- unpatched vulnerability (1)
- unsafe deserialization (1)
- unsigned installer (1)
- uranium compression (1)
- USB propagation (1)
- USB weaponizer (1)
- USB worm (2)
- use-after-free (1)
- user execution (1)
- user namespaces (2)
- UTA0355 (1)
- uTLS (1)
- V4bel (1)
- V8 (1)
- valid accounts (1)
- ValleyRAT (1)
- VBCloud (1)
- VBE (1)
- VBS (1)
- VBScript (6)
- VEIL#DROP (1)
- Velociraptor (1)
- Velvet Ant (2)
- VELVETSHELL (1)
- vendor compromise (1)
- vendor credentials (1)
- VENOMOUS BEAR (3)
- Vercel (1)
- Vertex AI (1)
- Vidar Stealer (1)
- Vietnam (2)
- Vietnam-aligned (1)
- Views (1)
- ViewState deserialization (1)
- virtualization (2)
- VirusTotal sentiment abuse (1)
- vishing (2)
- Visual Studio (1)
- Visual Studio Code Remote SSH (1)
- VLESS (1)
- vManage (1)
- VMware (2)
- VNT (2)
- Volt Typhoon (1)
- VPN (5)
- VPN gateway (1)
- VPN Go (1)
- VPN session hijacking (1)
- VS Code (8)
- VS Code tunnels (1)
- VShell (1)
- VSIX (1)
- vSphere (2)
- VU#213560 (1)
- vulnerability (18)
- vulnerability research (2)
- vulnerability-research (1)
- VXLAN (1)
- w3wp.exe (1)
- wallet address replacement (1)
- wallet drainer (1)
- wallet infrastructure (1)
- wallet replacement (1)
- wallet theft (4)
- wallet-drainer (1)
- wallet-theft (3)
- Wasabi (2)
- watchdog (1)
- watchTowr (3)
- watering hole (1)
- watering-hole (2)
- weak passwords (1)
- web application (4)
- web hosting (2)
- web IDE (1)
- web management interface (1)
- web RCE (1)
- web shell (5)
- web shells (3)
- web supply chain (1)
- web-shells (1)
- WebAssembly (1)
- WebKit (1)
- WebLogic (1)
- webmail (1)
- WebRTC (1)
- webshell (1)
- website-compromise (1)
- WebSocket (1)
- WebSocket C2 (6)
- websocket-sharp (1)
- WebView (1)
- Webworm (1)
- WhatsApp (2)
- WhatsApp phishing (1)
- WHM (3)
- Widget Factory (1)
- WILDDAY (2)
- Windchill (1)
- Windchill PDMLink (1)
- WinDirStat (1)
- Windows (23)
- Windows Defender exclusions (1)
- Windows Forms (1)
- Windows malware (5)
- Windows persistence (1)
- Windows Run dialog (1)
- Windows Script Host (2)
- Windows service persistence (1)
- Windows Terminal (1)
- Winnti Group (2)
- Winos4.0 (1)
- WinPython (1)
- WinRAR (4)
- wiper (2)
- wiper-adjacent (1)
- WireGuard (2)
- Wiz Research (1)
- WM_COPYDATA IPC (1)
- Woodgnat (1)
- WordPress (4)
- WordPress credential theft (1)
- workflow backdoor (1)
- workspace trust (1)
- World Cup (1)
- worm (12)
- WP Maps Pro (1)
- WScript (1)
- X-Secret (1)
- X-WEBAUTH-USER (1)
- X_TRADER (1)
- XChaCha20 (1)
- XenoRAT (2)
- XFRM (1)
- xlabs_v1 (1)
- XMLDecoder (1)
- XMRig (4)
- XOR (1)
- XOR obfuscation (1)
- XSLT SSRF (1)
- XSS (1)
- XSS.is (1)
- XXE (1)
- xz (1)
- Yanbian (1)
- YesWeHack (1)
- YouTube abuse (1)
- Yuechi Shared Technology (1)
- yuze (2)
- ZAPiXDESK (1)
- Zendesk (1)
- Zephyr RTOS (1)
- Zero Trust (1)
- zero-click (1)
- zero-day (3)
- zero-reputation infrastructure (1)
- Zoho Assist (2)
- Zoho WorkDrive (2)
- ZOHOMURK (2)
.NET
- Operation XENOFISCAL SideCopy XenoRAT campaign
- Sicoob.Sdk NuGet banking certificate stealer
- STOCKSTAY
- TinyRCT
- Umbrij
.NET malware
- Avalon / CrownX malware framework
- Cavern
- Cavern Manticore
- Silent Swap Google Notes crypto clipper
- ToddyCat Umbrij Gmail OAuth operation
- Turla STOCKSTAY backdoor operations
.pth
/accessv2
/dev/kvm
146.70.139.154
192.42.116.105
192.42.116.58
3CX
404 TDS
4sync
@marketfront
@tqm-mfe
<all_urls>
Ababil of Minab
abuse response
academic research
academic sector
Accellion
access brokers
account takeover
account-takeover
act_pedit
ACTINIUM
Active Directory
active exploitation
- Arista EOS CVE-2026-7473 tunnel decapsulation exploitation
- Check Point VPN CVE-2026-50751 exploitation
- Chrome V8 CVE-2026-11645 exploitation
- Cisco Catalyst SD-WAN Manager CVE-2026-20245 / CVE-2026-20262 exploitation
- Cisco Unified CM CVE-2026-20230 file-write exploitation
- Drupal Core CVE-2026-9082 exploitation
- Everest Forms Pro CVE-2026-3300 exploitation
- FortiBleed Fortinet credential exposure
- FortiClient EMS CVE-2026-35616 EKZ Infostealer campaign
- Ghost CMS CVE-2026-26980 ClickFix poisoning
- Gitea Docker CVE-2026-20896 probing
- Gravity SMTP CVE-2026-4020 exploitation
- Ivanti Sentry CVE-2026-10520 exploitation
- Joomla JCE CVE-2026-48907 exploitation
- KnowledgeDeliver CVE-2026-5426 ViewState exploitation
- Langflow CVE-2026-33017 cryptominer SSH worm
- Lantronix EDS5000 CVE-2025-67038 exploitation
- LiteLLM CVE-2026-42271 MCP stdio command injection
- LiteSpeed cPanel CVE-2026-48172 exploitation
- LiteSpeed cPanel Plugin CVE-2026-54420 exploitation
- Microsoft SharePoint CVE-2026-45659 RCE exploitation
- MiniPlasma Windows Cloud Filter LPE exploitation
- Mr_Rot13 cPanel CVE-2026-41940 backdoor campaign
- Oracle E-Business Suite CVE-2026-46817 exploitation
- Oracle PeopleSoft CVE-2026-35273 ShinyHunters exploitation
- Oracle WebLogic CVE-2024-21182 exploitation
- PAN-OS GlobalProtect CVE-2026-0257 exploitation
- PraisonAI CVE-2026-44338 rapid exploitation
- Progress Kemp LoadMaster CVE-2026-8037 pre-auth RCE
- PTC Windchill / FlexPLM CVE-2026-12569 exploitation
- ServiceNow instance unauthenticated table-query exploitation
- SimpleHelp CVE-2026-48558 authentication-bypass exploitation
- SolarWinds Serv-U CVE-2026-28318 exploitation
- Splunk Enterprise CVE-2026-20253 pre-auth file write / RCE
- Ubiquiti UniFi OS CVE-2026-34908 / CVE-2026-34909 / CVE-2026-34910 exploitation
- WP Maps Pro CVE-2026-8732 exploitation
active probing
active-exploitation
ActiveX
actor
actors
ad blocker
ad fraud
Adaptix C2
ADB TCP/5555
Adblock for YouTube
Admin API key theft
administrator account creation
Adobe ColdFusion
Adobe Commerce
Adspect
Adversa AI
adversary-in-the-middle
- AI-brand impersonation phishing and malvertising
- Chinese-language PhaaS wallet-tokenization ecosystem
adware
- Chrome live-wallpaper extension ad-fraud network
- Operation FlutterBridge FlutterShell macOS malvertising
- TamperedChef-style productivity malware clusters
adware history
AES-128-CBC
AES-256-GCM
AES-GCM
AES-GCM C2
affiliate hijacking
Afghanistan
agent frameworks
- Agent localhost control-plane RCE
- MCP stdio command-execution boundary
- PraisonAI CVE-2026-44338 rapid exploitation
agent memory
agent skills
agent state
agentic AI
agentic browsers
agentic malware
agentic ransomware
agentic threat actor
Agentjacking
AGENTPSD
AI
- AI-augmented adversary operations
- GREYVIBE
- Vertex AI staging-bucket squatting
- Xinference PyPI compromise
AI agent
AI agents
- Agent localhost control-plane RCE
- Agent skill marketplace poisoning
- AI-agent memory poisoning
- Amazon Q CVE-2026-12957 MCP auto-execution
- GuardFall AI-agent shell-guard bypass
- Langflow CVE-2025-34291 exploitation
- LangGraph checkpointer injection and unsafe deserialization
- Marimo CVE-2026-39987 LLM-agent post-exploitation
- MCP stdio command-execution boundary
- MCP tool-description poisoning
- NATS-as-C2 KeyHunter credential-harvesting operation
- Phantom squatting: AI-hallucinated domains
- PraisonAI CVE-2026-44338 rapid exploitation
- Sentry MCP Agentjacking
AI anti-analysis
AI application infrastructure
AI assistant credentials
AI assistants
- binding.gyp npm CI/CD worm
- Claude Code GitHub Action prompt-injection boundary
- Developer-tool config auto-execution
- Immobiliare Labs Backstage plugins npm compromise
AI brand impersonation
- AI-brand impersonation phishing and malvertising
- Perplexity AI-spoofing Chromium extension search hijacker
AI browsers
AI chatbot abuse
AI credential theft
AI data exfiltration
AI framework
AI gateway
AI search poisoning
AI security
AI tooling
- @withgoogle/stitch-sdk scope squat
- Amazon Q CVE-2026-12957 MCP auto-execution
- codexui-android OpenAI token stealer
- JetBrains AI plugin API-key theft
- LangGraph checkpointer injection and unsafe deserialization
- Malware-Slop Claude user-data npm infostealer
- MCP stdio command-execution boundary
- MCP tool-description poisoning
- Ollama P2P cryptominer RAT campaign
- Phantom squatting: AI-hallucinated domains
- Polymarket npm wallet-drainer packages
- PraisonAI CVE-2026-44338 rapid exploitation
- SANDWORM_MODE AI-toolchain npm worm
- Sentry MCP Agentjacking
- TrapDoor crypto-stealer cross-ecosystem campaign
AI vulnerability discovery
ai-abuse
ai-agent
AI-assisted malware
AI-assisted vulnerability discovery
AI-augmented operations
AI-generated malware
AI-generated narrator
Aider
AiTM
Albania
Amadey
Amazon Q Developer
AMSI bypass
Android
- Android Framework CVE-2025-48595 exploitation
- codexui-android OpenAI token stealer
- Grandoreiro and BTMOB Latin America / Europe malware campaigns
- Linux Bad Epoll CVE-2026-46242 local privilege escalation
- NetNut / Popa residential proxy network disruption
- ScarCruft Yanbian game-platform supply-chain attack
Android ADB
Android Debug Bridge
Android spyware
anti-analysis
anti-forensics
Anubis ransomware
Apex One
API abuse
API exposure
API key exposure
API keys
API-driven payloads
apintergrationpost
App-Bound Encryption bypass
AppDomainManager
AppDomainManager injection
AppleJeus
AppleScript
AppleSeed
appliance
application delivery controller
APSB26-68
APT
- Armored Likho
- Armored Likho BusySnake campaign
- Cloud Atlas
- Gamaredon
- Ghostwriter
- Screening Serpens
- ToddyCat
APT27
APT28
APT29
APT32
APT36
APT37
APT43
APT45
Aptos
Aquatic Panda
AquilaRAT
arbitrary file read
arbitrary file write
- Adobe ColdFusion APSB26-68 CVE bonanza
- Cisco Unified CM CVE-2026-20230 file-write exploitation
- Splunk Enterprise CVE-2026-20253 pre-auth file write / RCE
arbitrary JavaScript
Arch Linux
Arctic Wolf
ArduPilot
Argo CD
ArgoCD
Arista EOS
Armageddon
Armored Likho
Artifact Signing
AryStinger
AS32167
Asia targeting
ASNs
ASP.NET
ASP.NET machineKey
ASPX web shells
Astro
ASUS router
AsyncRAT
Atlas RAT
AUDIOFIX
audit logging
AUR
authenticated RCE
authentication bypass
- BeyondTrust RS / PRA CVE-2026-40138 and CVE-2026-40139 authentication bypass
- Check Point VPN CVE-2026-50751 exploitation
- Gitea Docker CVE-2026-20896 probing
- Ivanti Sentry CVE-2026-10520 exploitation
- Mr_Rot13 cPanel CVE-2026-41940 backdoor campaign
- Oracle E-Business Suite CVE-2026-46817 exploitation
- PAN-OS GlobalProtect CVE-2026-0257 exploitation
- PraisonAI CVE-2026-44338 rapid exploitation
- SimpleHelp CVE-2026-48558 authentication-bypass exploitation
- Tenda firmware CVE-2026-11405 hidden authentication backdoor
authentication laundering
authentication stack
authentication-coercion
auto-execution
AUTODYN
AutoGen Studio
AutoHotKey
AutoJack
autonomous agents
Avalon
AWS
- Amazon Q CVE-2026-12957 MCP auto-execution
- CircleCI 2023 customer secret exposure incident
- NATS-as-C2 KeyHunter credential-harvesting operation
- vpmdhaj OpenSearch npm cloud-secret stealer
AWS CloudTrail
AWS S3
AWS Secrets Manager
axios
Azure
Azure CLI
Azure Storage
Backblaze
backdoor
- DAEMON Tools Lite supply-chain compromise
- html-to-gutenberg / fetch-page-assets VS Code blockchain stealer
- macOS.Gaslight Rust backdoor
- Mr_Rot13 cPanel CVE-2026-41940 backdoor campaign
- Ollama P2P cryptominer RAT campaign
- Operation FlutterBridge FlutterShell macOS malvertising
- shopsprint/decimal Go typosquat DNS backdoor
- Showboat
- SprySOCKS
- STOCKSTAY
- Telnyx PyPI TeamPCP compromise
- TinyRCT
Backdoor.Mistic
Backstage
backup disruption
backup recovery keys
backup targeting
backups
Bad Epoll
BadBlocker
Badbox 2.0
Banana RAT
banking
banking malware
banking trojan
Barracuda
BaseZipInstaller
Bash Uploader
batch loader
BeaverTail
Bedrock
behavioral integrity verification
Belarus
BELQI
BeyondTrust
binary execution
BinaryFormatter
binding.gyp
BIOPASS RAT
BioShocking
BirdCall
Bitbucket
Bitcoin
Bitwarden
BlackFile
Blackpoint Cyber
- Avalon / CrownX malware framework
- CrownX
- Djinn Stealer
- SimpleHelp CVE-2026-48558 authentication-bypass exploitation
- TaskWeaver
blockchain C2
- Astro config blockchain C2 PR injection
- html-to-gutenberg / fetch-page-assets VS Code blockchain stealer
- PolinRider cross-ecosystem supply-chain campaign
blockchain dead drop
blockchain RPC
blockchain-dead-drop
Blogger abuse
blogspot staging
BLUEBEAM
botnet
- Dutch Police / NCSC 17-million-device botnet disruption
- Glassworm developer supply-chain botnet
- JDY SOHO / IoT reconnaissance botnet
- NetNut / Popa residential proxy network disruption
- RustDuck
- Ubiquiti UniFi OS CVE-2026-34908 / CVE-2026-34909 / CVE-2026-34910 exploitation
branch-compromise
branch-name-injection
brand impersonation
brand-impersonation
Brazil
- Armored Likho
- Banana RAT / SHADOW-WATER-063 Brazilian banking fraud
- Grandoreiro and BTMOB Latin America / Europe malware campaigns
- SHADOW-AETHER AI-augmented Latin America intrusions
Brazilian banking malware
BreachForums
BRICKSTORM
Broadcom
browser automation
browser cookie theft
browser credential theft
- Armored Likho BusySnake campaign
- Avalon / CrownX malware framework
- BusySnake Stealer
- Djinn Stealer
- FortiClient EMS CVE-2026-35616 EKZ Infostealer campaign
- GREYVIBE
- Lazarus-linked Rollup polyfill npm malware
- macOS.Gaslight Rust backdoor
- PamStealer
- Seedworm / MuddyWater
- Silent Swap Google Notes crypto clipper
- UAC-0226 / SHADOW-EARTH-066
- Void Dokkaebi
- VPN Go browser-extension clipboard stealer
browser extension
- Adblock for YouTube BadBlocker remote-script injection risk
- Perplexity AI-spoofing Chromium extension search hijacker
- Silent Swap Google Notes crypto clipper
- StegoAd Edge extension steganography campaign
- UNC6692 SNOW malware social-engineering campaign
- VPN Go browser-extension clipboard stealer
browser hijacking
- Operation FlutterBridge FlutterShell macOS malvertising
- Perplexity AI-spoofing Chromium extension search hijacker
browser session abuse
browser session risk
- Adblock for YouTube BadBlocker remote-script injection risk
- Perplexity AI-spoofing Chromium extension search hijacker
- VPN Go browser-extension clipboard stealer
browser zero-day
browser-credential-theft
browser-extensions
browser-security
browser-session risk
brute-force credentials
BSC
BTMOB
bucket hijacking
bucket squatting
build-time compromise
bulletproof hosting
Bun
Bun runtime abuse
BusySnake Stealer
Bybit
BYOVD
C
C++/CLI
C2
- DAEMON Tools Lite supply-chain compromise
- Glassworm developer supply-chain botnet
- Malicious infrastructure provider concentration
- NATS-as-C2 KeyHunter credential-harvesting operation
- Oman government Iranian-nexus webshell C2
- Quest KACE SMA CVE-2025-32975 exploitation
- QuimaRAT
- RemotePE
- Showboat
C2 framework
C2 tasking
CageFS
Calendly abuse
campaign
Canada
CANFAIL
CAP_NET_ADMIN
- Linux DirtyClone CVE-2026-43503 local privilege escalation
- Linux pedit COW CVE-2026-46331 local privilege escalation
Casbaneiro
Catalyst SD-WAN Manager
Cav3rn
Cavern
Cavern Manticore
CCleaner
CDN
CERT-In
CERT/CC
certificate pinning
certificate theft
CFIDE
ChatGPT
chattr
Chatty Spider
CHAVECLOAK
Check Point
Check Point Research
Checkmarx
checkpointers
China
China-linked
- CL-STA-1062
- CL-STA-1062 Southeast Asia government and energy intrusions
- FishMonger
- GHOST STADIUM FIFA World Cup ticket phishing
- OP-512
- Operation Dragon Weave Azure Blob C2 campaign
- Operation DragonReturn India tax-season DcRAT campaign
- SprySOCKS
China-nexus
- JDY SOHO / IoT reconnaissance botnet
- Mustang Panda
- Mustang Panda ZOHOMURK / MINIRECON India campaigns
- Operation GriefLure Southeast Asia LNK dropper
- Operation Highland Velvet Ant authentication-stack backdoors
- UNC6508
- UNK_MassTraction Roundcube university mailserver campaign
- Velvet Ant
- VerdantBamboo
- VerdantBamboo appliance BRICKSTORM operation
China-speaking ecosystem
Chinese-language cybercrime
Chinese-language fraud ecosystem
Chinese-speaking
- CL-STA-1062
- CL-STA-1062 Southeast Asia government and energy intrusions
- GHOST STADIUM FIFA World Cup ticket phishing
Chinese-speaking operator
Chisel
- Oman government Iranian-nexus webshell C2
- PCPJack cloud SMTP relay network
- SHADOW-AETHER AI-augmented Latin America intrusions
ChocoPoC
Chrome
Chrome extension
Chrome renderer sandbox
Chrome Web Store
- Adblock for YouTube BadBlocker remote-script injection risk
- Chrome live-wallpaper extension ad-fraud network
- Perplexity AI-spoofing Chromium extension search hijacker
- VPN Go browser-extension clipboard stealer
chrome_settings_overrides
ChromElevator
Chromium
- Chrome V8 CVE-2026-11645 exploitation
- Perplexity AI-spoofing Chromium extension search hijacker
- ToddyCat
- ToddyCat Umbrij Gmail OAuth operation
- Umbrij
Chromium extension
CI-CD
CI/CD
- @marketfront / @tqm-mfe dependency-confusion stealer
- actions-cool GitHub Actions tag compromise
- Argo CD repo-server unauthenticated RCE
- Astro config blockchain C2 PR injection
- binding.gyp npm CI/CD worm
- Bitwarden / Checkmarx Shai-Hulud Third Coming campaign
- BufferZoneCorp RubyGems / Go module CI poisoning
- CircleCI 2023 customer secret exposure incident
- Claude Code GitHub Action prompt-injection boundary
- Codecov Bash Uploader compromise
- codfish semantic-release-action tag compromise
- Crypto supply-chain path to transaction authority
- GitHub Actions deployment poisoning
- GitHub Actions OIDC subject-claim collisions
- GuardFall AI-agent shell-guard bypass
- HackerBot Claw
- HackerBot Claw GitHub Actions exploitation campaign
- Immobiliare Labs Backstage plugins npm compromise
- JINX-0164
- JINX-0164 crypto developer infrastructure campaign
- Laravel-Lang Composer tag-rewrite compromise
- Leo Platform npm Miasma-style compromise
- LiteLLM compromise
- Mastra
easy-day-jsnpm scope compromise - Megalodon GitHub Actions workflow backdooring
- Mini Shai-Hulud npm/PyPI worm campaign
- oob.moika.tech dependency-confusion environment stealer
- Operation DangerousPassword axios npm compromise
- SANDWORM_MODE AI-toolchain npm worm
- simonecorsi/mawesome GitHub Action compromise
- TeamPCP
- Telnyx PyPI TeamPCP compromise
- tj-actions and reviewdog compromise
- Trivy compromise
- Trivy → TeamPCP → CanisterWorm: compromise timeline
- vpmdhaj OpenSearch npm cloud-secret stealer
CircleCI
CISA
CISA KEV
- Android Framework CVE-2025-48595 exploitation
- Arista EOS CVE-2026-7473 tunnel decapsulation exploitation
- Ivanti Sentry CVE-2026-10520 exploitation
- Joomla JCE CVE-2026-48907 exploitation
- Lantronix EDS5000 CVE-2025-67038 exploitation
- Linux Kernel CVE-2022-0492 cgroup release_agent exploitation
- LiteLLM CVE-2026-42271 MCP stdio command injection
- Microsoft Defender CVE-2026-41091 / CVE-2026-45498 exploitation
- Microsoft SharePoint CVE-2026-45659 RCE exploitation
- Mirasvit Cache Warmer CVE-2026-45247 exploitation
- PTC Windchill / FlexPLM CVE-2026-12569 exploitation
- SimpleHelp CVE-2026-48558 authentication-bypass exploitation
- Splunk Enterprise CVE-2026-20253 pre-auth file write / RCE
- Trend Micro Apex One CVE-2026-34926 exploitation
- Ubiquiti UniFi OS CVE-2026-34908 / CVE-2026-34909 / CVE-2026-34910 exploitation
Cisco
- Cisco Catalyst SD-WAN Manager CVE-2026-20245 / CVE-2026-20262 exploitation
- Cisco Unified CM CVE-2026-20230 file-write exploitation
Cisco Nexus
Cisco Unified CM
Cisco Unified Communications Manager
Citrine Sleet
Citrix
Citrix NetScaler
CitrixBleed
CitrixBleed 2
CKEditor file manager
CL-CRI-1089
CL-STA-1062
Claude
Claude Code
- @withgoogle/stitch-sdk scope squat
- Claude Code GitHub Action prompt-injection boundary
- Sentry MCP Agentjacking
Clever Cloud
ClickFix
- Backdoor.Mistic / KongTuke ModeloRAT activity
- ClickFix CPaaS API-driven payload delivery
- Ghost CMS CVE-2026-26980 ClickFix poisoning
- GREYVIBE
- JINX-0164 crypto developer infrastructure campaign
- StealC / Amadey infrastructure disruption
ClickOnce
client-side exploitation
Cline
clipboard hijacker
clipboard injection
clipboard stealer
clipboard theft
- BusySnake Stealer
- Crypto Clipper Tor / USB worm
- PamStealer
- Silent Swap Google Notes crypto clipper
- VPN Go browser-extension clipboard stealer
clipper
Cloaked Ursa
cloaking
cloud
- APT29
- PCPJack cloud SMTP relay network
- ROADtools
- Vertex AI staging-bucket squatting
- Webworm
- Xinference PyPI compromise
cloud C2
cloud credential hunting
cloud credential risk
cloud credential theft
- AI-augmented adversary operations
- Djinn Stealer
- Marimo CVE-2026-39987 LLM-agent post-exploitation
- NATS-as-C2 KeyHunter credential-harvesting operation
- SimpleHelp CVE-2026-48558 authentication-bypass exploitation
cloud credentials
Cloud Files Mini Filter Driver
Cloud Filter driver
cloud IAM
cloud identity
cloud identity abuse
cloud infrastructure
cloud logging
cloud secrets
- @marketfront / @tqm-mfe dependency-confusion stealer
- JINX-0164 crypto developer infrastructure campaign
- oob.moika.tech dependency-confusion environment stealer
- vpmdhaj OpenSearch npm cloud-secret stealer
cloud security
- Cloud bucket namespace hijacking
- Cloud logging control-plane tampering
- PraisonAI CVE-2026-44338 rapid exploitation
cloud service abuse
- Gamaredon 2025 tunnels, workers, dead drops, and cloud exfiltration
- Mustang Panda
- Mustang Panda ZOHOMURK / MINIRECON India campaigns
- Stock exchange executive mailbox espionage
cloud storage
cloud storage exfiltration
cloud transcoding
Cloudflare
Cloudflare Tunnel
- Gamaredon 2025 tunnels, workers, dead drops, and cloud exfiltration
- Storm-2603 parallel SharePoint ransomware intrusion
Cloudflare tunnels
Cloudflare Turnstile
Cloudflare Workers
- Gamaredon
- Gamaredon 2025 tunnels, workers, dead drops, and cloud exfiltration
- Marimo CVE-2026-39987 LLM-agent post-exploitation
- Polymarket npm wallet-drainer packages
- StegoAd Edge extension steganography campaign
cloudflared
CloudLinux
cluster compromise
CMS
- Drupal Core CVE-2026-9082 exploitation
- Everest Forms Pro CVE-2026-3300 exploitation
- Ghost CMS CVE-2026-26980 ClickFix poisoning
- Gravity SMTP CVE-2026-4020 exploitation
- Joomla JCE CVE-2026-48907 exploitation
- WP Maps Pro CVE-2026-8732 exploitation
Cobalt Strike
- FishMonger
- Ghostwriter
- KnowledgeDeliver CVE-2026-5426 ViewState exploitation
- Malicious infrastructure provider concentration
- StrikeShark SharkLoader / Cobalt Strike campaign
code execution
code sandbox scraping
code signing
- AI-brand impersonation phishing and malvertising
- Fox Tempest
- TamperedChef-style productivity malware clusters
Codecov
CodeQL
Codex
coding agents
Coinbase
ColdFusion
collaboration platforms
collaboration-tool phishing
COM-hijacking
command and control
command execution
- Agent localhost control-plane RCE
- Argo CD repo-server unauthenticated RCE
- GuardFall AI-agent shell-guard bypass
- MCP stdio command-execution boundary
- Ollama P2P cryptominer RAT campaign
command injection
- Cisco Catalyst SD-WAN Manager CVE-2026-20245 / CVE-2026-20262 exploitation
- Ivanti Sentry CVE-2026-10520 exploitation
- Lantronix EDS5000 CVE-2025-67038 exploitation
- LiteLLM CVE-2026-42271 MCP stdio command injection
- Progress Kemp LoadMaster CVE-2026-8037 pre-auth RCE
- Ubiquiti UniFi OS CVE-2026-34908 / CVE-2026-34909 / CVE-2026-34910 exploitation
command-execution
command-injection
commercial messaging applications
communications infrastructure
Composer
- Famous Chollima Packagist dev-branch loader
- GitHub / Packagist postinstall hook campaign
- Laravel-Lang Composer tag-rewrite compromise
- PolinRider cross-ecosystem supply-chain campaign
compromised accounts
compromised credentials
compromised infrastructure
compromised WordPress
Conditional Access
configuration theft
confused deputy
ConfuserEx
ConnectWise
ConnectWise ScreenConnect
consumer devices
consumer IoT
Contagious Interview
- Famous Chollima Packagist dev-branch loader
- PolinRider cross-ecosystem supply-chain campaign
- StegaBin Pastebin-steganography npm campaign
container
container escape
- Linux DirtyClone CVE-2026-43503 local privilege escalation
- Linux nftables CVE-2026-23111 public LPE exploits
- Linux pedit COW CVE-2026-46331 local privilege escalation
container escape pre-check
content compliance rules
context flooding
Continue
continuous visibility
control panel compromise
control plane
cookie theft
Copilot
Copy-on-Write
Coruna
COW
CPaaS
cPanel
- LiteSpeed cPanel CVE-2026-48172 exploitation
- LiteSpeed cPanel Plugin CVE-2026-54420 exploitation
- Mr_Rot13 cPanel CVE-2026-41940 backdoor campaign
CrackMapExec
Crates.io
credential attacks
credential exposure
credential harvesting
credential spraying
credential stuffing
credential theft
- @withgoogle/stitch-sdk scope squat
- Agent skill marketplace poisoning
- AI-brand impersonation phishing and malvertising
- Amazon Q CVE-2026-12957 MCP auto-execution
- Avalon / CrownX malware framework
- Browser-based developer IDE OAuth token theft
- Chinese-language PhaaS wallet-tokenization ecosystem
- ChocoPoC
- ChocoPoC fake PoC supply-chain campaign
- FortiBleed Fortinet credential exposure
- FortiClient EMS CVE-2026-35616 EKZ Infostealer campaign
- GHOST STADIUM FIFA World Cup ticket phishing
- Langflow CVE-2025-34291 exploitation
- Lazarus-linked Rollup polyfill npm malware
- LiteLLM compromise
- Mr_Rot13 cPanel CVE-2026-41940 backdoor campaign
- Operation FlutterBridge FlutterShell macOS malvertising
- Operation Highland Velvet Ant authentication-stack backdoors
- PCPJack cloud SMTP relay network
- PolinRider cross-ecosystem supply-chain campaign
- QuimaRAT
- ScreenConnect freeware / AsyncRAT SEO campaign
- Seedworm / MuddyWater
- Solana FakeFix npm / PyPI developer stealer
- StealC / Amadey infrastructure disruption
- StegoAd Edge extension steganography campaign
- Stock exchange executive mailbox espionage
- Telnyx PyPI TeamPCP compromise
- Trivy compromise
- Umbrij
- UNC6692 SNOW malware social-engineering campaign
- UNK_MassTraction Roundcube university mailserver campaign
- VEIL#DROP Blogger-hosted PureLogs stealer chain
credential-theft
- @marketfront / @tqm-mfe dependency-confusion stealer
- actions-cool GitHub Actions tag compromise
- APT29
- Atomic Arch AUR package hijack
- binding.gyp npm CI/CD worm
- Bitwarden / Checkmarx Shai-Hulud Third Coming campaign
- BufferZoneCorp RubyGems / Go module CI poisoning
- codexui-android OpenAI token stealer
- codfish semantic-release-action tag compromise
- DAEMON Tools Lite supply-chain compromise
- Developer-tool config auto-execution
- Famous Chollima Packagist dev-branch loader
- faster-axios / turbo-axios Epsilon Stealer npm campaign
- forge-jsxy
- GitHub / Packagist postinstall hook campaign
- Glassworm developer supply-chain botnet
- Grandoreiro and BTMOB Latin America / Europe malware campaigns
- html-to-gutenberg / fetch-page-assets VS Code blockchain stealer
- Hunt.io global smishing infrastructure campaign
- Immobiliare Labs Backstage plugins npm compromise
- IronWorm npm Rust infostealer campaign
- JetBrains AI plugin API-key theft
- JINX-0164
- JINX-0164 crypto developer infrastructure campaign
- js-logger-pack Hugging Face exfiltration campaign
- Kali365 device-code phishing expansion
- Laravel-Lang Composer tag-rewrite compromise
- Leo Platform npm Miasma-style compromise
- Malware-Slop Claude user-data npm infostealer
- Mastra
easy-day-jsnpm scope compromise - Megalodon GitHub Actions workflow backdooring
- Mini Shai-Hulud npm/PyPI worm campaign
- node-ipc 2026 npm maintainer-account compromise
- Nx Console VS Code extension compromise
- Oman government Iranian-nexus webshell C2
- oob.moika.tech dependency-confusion environment stealer
- Operation DangerousPassword axios npm compromise
- Operation GriefLure Southeast Asia LNK dropper
- Outsider Enterprise smishing PhaaS
- postcss-minify-selector-parser npm RAT
- SANDWORM_MODE AI-toolchain npm worm
- Sicoob.Sdk NuGet banking certificate stealer
- simonecorsi/mawesome GitHub Action compromise
- StegaBin Pastebin-steganography npm campaign
- Storm-2603 parallel SharePoint ransomware intrusion
- TA4922
- TrapDoor crypto-stealer cross-ecosystem campaign
- UNK_DeadDrop developer repository phishing
- vpmdhaj OpenSearch npm cloud-secret stealer
- wshu.net npm credential-stealer campaign
- Xinference PyPI compromise
criminal infrastructure
critical infrastructure
- CL-STA-1062
- CL-STA-1062 Southeast Asia government and energy intrusions
- Operation Highland Velvet Ant authentication-stack backdoors
- Velvet Ant
critical-infrastructure
CRM data theft
cron
cron persistence
cross-platform
cross-platform malware
CrownX
crypto
crypto clipper
crypto wallets
- html-to-gutenberg / fetch-page-assets VS Code blockchain stealer
- wshu.net npm credential-stealer campaign
crypto-wallets
cryptocurrency
- Crypto Clipper Tor / USB worm
- Crypto supply-chain path to transaction authority
- IronWorm npm Rust infostealer campaign
- JINX-0164
- JINX-0164 crypto developer infrastructure campaign
- Mastra
easy-day-jsnpm scope compromise - Polymarket npm wallet-drainer packages
- RemotePE
- SANDWORM_MODE AI-toolchain npm worm
- Solana FakeFix npm / PyPI developer stealer
- UNK_DeadDrop developer repository phishing
cryptocurrency scam
cryptocurrency theft
- Fake-reputation crypto clipboard hijacker
- Funnull RingH23 and MacCMS supply-chain attacks
- Silent Swap Google Notes crypto clipper
- Void Dokkaebi
cryptocurrency wallet theft
cryptocurrency wallets
cryptojacking
cryptominer
cryptomining
Curious Serpens
Cursor
- html-to-gutenberg / fetch-page-assets VS Code blockchain stealer
- Sentry MCP Agentjacking
- UNK_DeadDrop developer repository phishing
Curve25519
custody APIs
CVE-2013-3307
CVE-2016-5681
CVE-2020-17103
CVE-2021-29441
CVE-2022-0492
CVE-2023-24932
CVE-2023-2868
CVE-2023-4966
CVE-2024-1708
CVE-2024-1709
CVE-2024-20399
CVE-2024-21182
CVE-2024-3094
CVE-2024-42009
CVE-2025-11371
CVE-2025-11837
CVE-2025-3248
CVE-2025-32975
CVE-2025-34291
CVE-2025-48595
CVE-2025-49113
CVE-2025-49704
CVE-2025-49706
CVE-2025-5777
CVE-2025-67038
CVE-2025-8088
- Gamaredon
- Gamaredon 2025 tunnels, workers, dead drops, and cloud exfiltration
- Gamaredon GammaPhish / GammaWorm / GammaSteel chain
- UAC-0226 / SHADOW-EARTH-066
CVE-2026-0257
CVE-2026-10520
CVE-2026-10523
CVE-2026-11405
CVE-2026-11645
CVE-2026-12569
CVE-2026-12957
CVE-2026-12958
CVE-2026-20127
CVE-2026-20182
CVE-2026-20230
CVE-2026-20245
CVE-2026-20253
CVE-2026-20262
CVE-2026-20896
CVE-2026-23111
CVE-2026-26980
CVE-2026-28318
CVE-2026-3300
CVE-2026-33017
CVE-2026-33691
CVE-2026-34908
CVE-2026-34909
CVE-2026-34910
CVE-2026-34926
CVE-2026-35273
CVE-2026-35616
CVE-2026-39987
CVE-2026-40138
CVE-2026-40139
CVE-2026-40140
CVE-2026-40141
CVE-2026-4020
CVE-2026-41091
CVE-2026-41940
CVE-2026-42271
CVE-2026-43074
CVE-2026-43284
CVE-2026-43500
CVE-2026-43503
CVE-2026-44338
CVE-2026-45247
CVE-2026-45498
CVE-2026-45659
CVE-2026-46242
CVE-2026-46300
CVE-2026-46331
CVE-2026-46817
CVE-2026-48172
CVE-2026-48276
CVE-2026-48277
CVE-2026-48281
CVE-2026-48282
CVE-2026-48283
CVE-2026-48285
CVE-2026-48307
CVE-2026-48313
CVE-2026-48314
CVE-2026-48315
CVE-2026-48316
CVE-2026-48558
CVE-2026-48907
CVE-2026-50751
CVE-2026-50752
CVE-2026-53359
CVE-2026-5426
CVE-2026-54420
CVE-2026-6682
CVE-2026-6683
CVE-2026-6684
CVE-2026-6685
CVE-2026-6686
CVE-2026-6687
CVE-2026-6688
CVE-2026-7473
CVE-2026-8037
CVE-2026-8451
CVE-2026-8461
CVE-2026-8732
CVE-2026-9082
CWE-502
CWE-77
CWE-78
cyber-espionage
cybercrime
- Dutch Police / NCSC 17-million-device botnet disruption
- First VPN
- Fox Tempest
- Funnull RingH23 and MacCMS supply-chain attacks
- Hunt.io global smishing infrastructure campaign
- JINX-0164
- Operation FlutterBridge FlutterShell macOS malvertising
- Outsider Enterprise smishing PhaaS
- Pirated media SilentCryptoMiner RAT campaign
- TA4922
- The Gentlemen ransomware
cybercrime ecosystem
Cython
Czech Republic
D-Link
dangling resources
data exfiltration
- Ababil of Minab MOIS-linked recovery-destruction campaign
- AI-agent memory poisoning
- Cloud bucket namespace hijacking
- MCP tool-description poisoning
- Mustang Panda ZOHOMURK / MINIRECON India campaigns
- SHADOW-AETHER AI-augmented Latin America intrusions
data exposure
data extortion
data leak site
data theft
- Accellion FTA exploitation campaign
- Kairos data-extortion government payment
- Malware-Slop Claude user-data npm infostealer
- ShinyHunters
- UNC3753
data-exfiltration
database extortion
DAYLIGHT
DCloud
DCloud Uni-App
DcRAT
DDNS
DDoS
DDoS-for-hire
dead drop resolver
- ChocoPoC
- Gamaredon
- Gamaredon 2025 tunnels, workers, dead drops, and cloud exfiltration
- Gamaredon GammaPhish / GammaWorm / GammaSteel chain
Debian
DEBULL
declarativeNetRequest
DeepSeek
Defender Advanced Hunting
Defender evasion
Defender exclusion
defense
defense evasion
- Cloud logging control-plane tampering
- Ollama P2P cryptominer RAT campaign
- Pirated media SilentCryptoMiner RAT campaign
- ROADtools
defense targeting
defense-evasion
DeFi
- JINX-0164
- JINX-0164 crypto developer infrastructure campaign
- RemotePE
- TrapDoor crypto-stealer cross-ecosystem campaign
delayed execution
denial of service
- Citrix NetScaler CVE-2026-8451 memory overread
- FatFs CVE-2026-6682 to CVE-2026-6688 embedded-filesystem bug cluster
- FFmpeg PixelSmash CVE-2026-8461 media-file RCE
- SolarWinds Serv-U CVE-2026-28318 exploitation
Deno
dependency confusion
- @marketfront / @tqm-mfe dependency-confusion stealer
- oob.moika.tech dependency-confusion environment stealer
deployment_status
deserialization
- Microsoft SharePoint CVE-2026-45659 RCE exploitation
- Mirasvit Cache Warmer CVE-2026-45247 exploitation
- PTC Windchill / FlexPLM CVE-2026-12569 exploitation
- Vertex AI staging-bucket squatting
destructive malware
destructive operations
detection engineering
DEV-0206
developer credential theft
developer credentials
developer endpoints
developer machines
- Agent localhost control-plane RCE
- Astro config blockchain C2 PR injection
- BufferZoneCorp RubyGems / Go module CI poisoning
- GuardFall AI-agent shell-guard bypass
- MCP stdio command-execution boundary
- PolinRider cross-ecosystem supply-chain campaign
- Polymarket npm wallet-drainer packages
- Telnyx PyPI TeamPCP compromise
- Trivy compromise
developer mode
developer targeting
- ChocoPoC
- ChocoPoC fake PoC supply-chain campaign
- Solana FakeFix npm / PyPI developer stealer
- Void Dokkaebi
developer tooling
developer workstations
developer-machine-fleet
developer-targeting
- @marketfront / @tqm-mfe dependency-confusion stealer
- codexui-android OpenAI token stealer
- Famous Chollima Packagist dev-branch loader
- Glassworm developer supply-chain botnet
- html-to-gutenberg / fetch-page-assets VS Code blockchain stealer
- JetBrains AI plugin API-key theft
- JINX-0164
- JINX-0164 crypto developer infrastructure campaign
- Malware-Slop Claude user-data npm infostealer
- Mastra
easy-day-jsnpm scope compromise - Operation DangerousPassword axios npm compromise
- procwire / routecraft npm Windows dropper
- StegaBin Pastebin-steganography npm campaign
- UNK_DeadDrop developer repository phishing
- wshu.net npm credential-stealer campaign
developer-tools
developer-workstations
device registration
device-code phishing
DevOps
DevTools
DEWMODE
DIAMONDBACK
Digital Knowledge
digital wallets
DigitalOcean
Dindoor
diplomatic targeting
DirtyClone
DirtyFrag
Discord
discovery
Djinn Stealer
DLL side-loading
DLL sideloading
- AI chatbot and SEO poisoning GPU-cryptojacking campaign
- Backdoor.Mistic / KongTuke ModeloRAT activity
- Cavern
- Grandoreiro and BTMOB Latin America / Europe malware campaigns
- Mustang Panda
- Mustang Panda ZOHOMURK / MINIRECON India campaigns
- Operation Dragon Weave Azure Blob C2 campaign
- Operation GriefLure Southeast Asia LNK dropper
- ScreenConnect freeware / AsyncRAT SEO campaign
- Screening Serpens
- Seedworm / MuddyWater
- Storm-2603 parallel SharePoint ransomware intrusion
- StrikeShark SharkLoader / Cobalt Strike campaign
- ToddyCat
- ToddyCat Umbrij Gmail OAuth operation
- Umbrij
DNS C2
DNS threat intelligence
DNS tunneling
Docker
Docker credentials
Docker images
document exfiltration
document theft
domain squatting
domestic espionage
DotNetNuke
double extortion
downgrade risk
DPAPI
DPAPILoader
DPRK
- AI-augmented adversary operations
- Astro config blockchain C2 PR injection
- macOS.Gaslight Rust backdoor
- PolinRider cross-ecosystem supply-chain campaign
driver loading
DroneLink
Dropbear
Dropbox
- Gamaredon 2025 tunnels, workers, dead drops, and cloud exfiltration
- Stock exchange executive mailbox espionage
dropper
Drupal
duckdns
Dutch Police
DWAgent
dynamic DNS
dynamic obfuscation
Dynu
e-commerce
Eagle Werewolf
Earth Lusca
eBPF
Eclipse
edge appliance
- BeyondTrust RS / PRA CVE-2026-40138 and CVE-2026-40139 authentication bypass
- Check Point VPN CVE-2026-50751 exploitation
- Cisco Catalyst SD-WAN Manager CVE-2026-20245 / CVE-2026-20262 exploitation
- Cisco Unified CM CVE-2026-20230 file-write exploitation
- Citrix NetScaler CVE-2026-8451 memory overread
- CitrixBleed session-hijack wave
- Ivanti Sentry CVE-2026-10520 exploitation
- PAN-OS GlobalProtect CVE-2026-0257 exploitation
- Progress Kemp LoadMaster CVE-2026-8037 pre-auth RCE
- Quest KACE SMA CVE-2025-32975 exploitation
edge appliances
edge application server
edge device
- FortiBleed Fortinet credential exposure
- Tenda firmware CVE-2026-11405 hidden authentication backdoor
edge devices
- Dutch Police / NCSC 17-million-device botnet disruption
- Lantronix EDS5000 CVE-2025-67038 exploitation
- Ubiquiti UniFi OS CVE-2026-34908 / CVE-2026-34909 / CVE-2026-34910 exploitation
edge exploitation
edge service
- SolarWinds Serv-U CVE-2026-28318 exploitation
- Splunk Enterprise CVE-2026-20253 pre-auth file write / RCE
editor profile import
EDR evasion
EDR killer
EDS5000
education
Egnyte
EKZ Infostealer
Elasticsearch
electric power sector
email exfiltration
email gateway
email infrastructure abuse
email theft
embedded systems
Emerald Sleet
encrypted C2
endpoint management
endpoint management abuse
endpoint response
endpoint-detection
endpoint-security
- Microsoft Defender CVE-2026-41091 / CVE-2026-45498 exploitation
- Trend Micro Apex One CVE-2026-34926 exploitation
EndpointDlp.dll
energy sector
- CL-STA-1062
- CL-STA-1062 Southeast Asia government and energy intrusions
- Mustang Panda
- Mustang Panda ZOHOMURK / MINIRECON India campaigns
energy-sector
engineering
engineering software
enterprise application
enterprise application exploitation
enterprise applications
Entra ID
Environment Management Hub
environment variables
environmental keying
epoll
Epsilon Stealer
ERP
eSentire TRU
ESG
espionage
- APT29
- Barracuda ESG zero-day backdoor campaign
- Cavern Manticore
- CL-STA-1062
- CL-STA-1062 Southeast Asia government and energy intrusions
- Cloud Atlas
- Dragonfly
- FishMonger
- Gamaredon
- Gamaredon 2025 tunnels, workers, dead drops, and cloud exfiltration
- Gamaredon GammaPhish / GammaWorm / GammaSteel chain
- Ghostwriter
- GREYVIBE
- Kimsuky / Emerald Sleet / TA427
- Mustang Panda
- Mustang Panda ZOHOMURK / MINIRECON India campaigns
- OceanLotus
- Oman government Iranian-nexus webshell C2
- OP-512
- Operation Dragon Weave Azure Blob C2 campaign
- Operation DragonReturn India tax-season DcRAT campaign
- Operation GriefLure Southeast Asia LNK dropper
- Operation Highland Velvet Ant authentication-stack backdoors
- Operation XENOFISCAL SideCopy XenoRAT campaign
- RemotePE
- ROADtools
- ScarCruft Yanbian game-platform supply-chain attack
- Screening Serpens
- Seedworm / MuddyWater
- Showboat
- SideCopy
- SprySOCKS
- Stock exchange executive mailbox espionage
- ToddyCat
- ToddyCat Umbrij Gmail OAuth operation
- Turla
- Turla STOCKSTAY backdoor operations
- UNC6508
- UNC6692 SNOW malware social-engineering campaign
- Velvet Ant
- VerdantBamboo
- VerdantBamboo appliance BRICKSTORM operation
- Webworm
Espressif ESP-IDF
EtherHiding
ETW patching
ETW tampering
Eurojust
Europe
- APT28 LNK SmartScreen bypass and CVE-2026-32202 coercion chain
- Grandoreiro and BTMOB Latin America / Europe malware campaigns
- Webworm
Europe targeting
Europol
evasion
eventpoll
Everest Forms Pro
Evil Corp
EvilAI
exFAT
exfiltration
- codexui-android OpenAI token stealer
- JetBrains AI plugin API-key theft
- js-logger-pack Hugging Face exfiltration campaign
- Malware-Slop Claude user-data npm infostealer
exploit-development
exploit-kit
Exploit.in
exploitation
- Android Framework CVE-2025-48595 exploitation
- Januscape KVM CVE-2026-53359 guest-to-host escape
- Langflow CVE-2025-34291 exploitation
- Linux Bad Epoll CVE-2026-46242 local privilege escalation
- Linux DirtyClone CVE-2026-43503 local privilege escalation
- Linux Kernel CVE-2022-0492 cgroup release_agent exploitation
- Linux nftables CVE-2026-23111 public LPE exploits
- Linux pedit COW CVE-2026-46331 local privilege escalation
- Marimo CVE-2026-39987 LLM-agent post-exploitation
- Microsoft Defender CVE-2026-41091 / CVE-2026-45498 exploitation
- Mirasvit Cache Warmer CVE-2026-45247 exploitation
- PraisonAI CVE-2026-44338 rapid exploitation
- Quest KACE SMA CVE-2025-32975 exploitation
- Trend Micro Apex One CVE-2026-34926 exploitation
exploitation attempts
extension supply-chain
- Adblock for YouTube BadBlocker remote-script injection risk
- StegoAd Edge extension steganography campaign
external federation
extortion
- Accellion FTA exploitation campaign
- BlackFile / UNC6671 vishing extortion operation
- CrownX
- Klue Salesforce OAuth token abuse
- Oracle PeopleSoft CVE-2026-35273 ShinyHunters exploitation
- ShinyHunters
- UNC3753
F5 BIG-IP
fake CAPTCHA
fake crypto exchange
fake dating lures
fake gambling
fake login screen
fake plugin
fake PoC
fake recruiting
fake reputation
fake update
- FortiClient EMS CVE-2026-35616 EKZ Infostealer campaign
- Pirated media SilentCryptoMiner RAT campaign
FakeCaptcha
Fakeset
faketivism
FakeUpdates
FallSpy
FAMOUS CHOLLIMA
Famous Chollima
Fancy Bear
Fast16
FastAPI
FastCGI
FAT32
FatFs
FBI
FFmpeg
FIFA
file encryption
file exfiltration
File Transmission
file upload path traversal
file-system filter
FileFiend
FILEIO
fileless execution
fileless malware
filemanager
filename-injection
filesystem parser
finance
- oob.moika.tech dependency-confusion environment stealer
- Sicoob.Sdk NuGet banking certificate stealer
financial fraud
- Banana RAT / SHADOW-WATER-063 Brazilian banking fraud
- Grandoreiro and BTMOB Latin America / Europe malware campaigns
financial sector
- RemotePE
- SHADOW-AETHER AI-augmented Latin America intrusions
- Stock exchange executive mailbox espionage
financial services
financial theft
FireAnt MetaKit
Firefox Add-ons
firewall
firmware
firmware update
FishMonger
FlexPLM
Flutter
FlutterShell
folderOpen
foreign affairs targeting
foreign policy targeting
Forest Blizzard
FortiClient EMS
FortiGate
Fortinet
FortiOS
Fox Tempest
fraud
FreeBSD
freeware impersonation
FSB
- Gamaredon
- Gamaredon 2025 tunnels, workers, dead drops, and cloud exfiltration
- Gamaredon GammaPhish / GammaWorm / GammaSteel chain
- Russian intelligence commercial-messaging backup-key phishing
FSB Center 16
fscan
FTA
ftp.exe
Full Disk Access social engineering
Funnull
Gamaredon
- Gamaredon
- Gamaredon 2025 tunnels, workers, dead drops, and cloud exfiltration
- Gamaredon GammaPhish / GammaWorm / GammaSteel chain
Gamaredon collaboration
GammaLoad
GammaPhish
GammaSteel
GammaWorm
Garble
GCS
GentleKiller
Ghost CMS
Ghost Networks
GHSA-6rmh-7xcm-cpxj
GHSA-6v3r-4p5c-mrp5
GHSA-xhcr-j4j9-3gh7
GIFTEDCROOK
Gitea
GitHub
- Astro config blockchain C2 PR injection
- Browser-based developer IDE OAuth token theft
- BufferZoneCorp RubyGems / Go module CI poisoning
- ChocoPoC fake PoC supply-chain campaign
- Crypto supply-chain path to transaction authority
- Developer-tool config auto-execution
- GitHub / Packagist postinstall hook campaign
- Glassworm developer supply-chain botnet
- IronWorm npm Rust infostealer campaign
- JiaT75
- JINX-0164 crypto developer infrastructure campaign
- Malware-Slop Claude user-data npm infostealer
- Nx Console VS Code extension compromise
- PolinRider cross-ecosystem supply-chain campaign
- UNK_DeadDrop developer repository phishing
- Webworm
GitHub abuse
- AI-brand impersonation phishing and malvertising
- Armored Likho BusySnake campaign
- Fake-reputation crypto clipboard hijacker
GitHub Actions
- actions-cool GitHub Actions tag compromise
- binding.gyp npm CI/CD worm
- Bitwarden / Checkmarx Shai-Hulud Third Coming campaign
- BufferZoneCorp RubyGems / Go module CI poisoning
- Claude Code GitHub Action prompt-injection boundary
- codfish semantic-release-action tag compromise
- GitHub Actions deployment poisoning
- GitHub Actions OIDC subject-claim collisions
- HackerBot Claw
- HackerBot Claw GitHub Actions exploitation campaign
- Immobiliare Labs Backstage plugins npm compromise
- Leo Platform npm Miasma-style compromise
- Megalodon GitHub Actions workflow backdooring
- Mini Shai-Hulud npm/PyPI worm campaign
- SANDWORM_MODE AI-toolchain npm worm
- simonecorsi/mawesome GitHub Action compromise
- TeamPCP
- tj-actions and reviewdog compromise
- Trivy compromise
- Trivy → TeamPCP → CanisterWorm: compromise timeline
GitHub API
GitHub App
GitHub CLI
GitHub issue spam
GitHub OAuth
GitHub Pages abuse
GitHub payload delivery
GitHub Security Advisories
GitHub tokens
GitLab
gitleaks
GitOps
Gleaming Pisces
gleeze.com
GlobalProtect
Gmail
Go
- BufferZoneCorp RubyGems / Go module CI poisoning
- Ollama P2P cryptominer RAT campaign
- shopsprint/decimal Go typosquat DNS backdoor
- The Gentlemen ransomware
Go modules
Go2Tunnel
Godzilla
GoEdge
GoFile
Golang malware
GOLD PRELUDE
Google Ads
Google Analytics telemetry
Google API
Google Chrome
Google Cloud
Google Cloud Logging
Google Cloud Storage
Google credential theft
Google Drive
Google Notes
Google Play
Google Play Protect
Google redirect abuse
Google Stitch
Google Threat Intelligence Group
Goose
government
- Cavern Manticore
- Kairos data-extortion government payment
- Kimsuky / Emerald Sleet / TA427
- Oman government Iranian-nexus webshell C2
government targeting
- Armored Likho
- Armored Likho BusySnake campaign
- CL-STA-1062
- CL-STA-1062 Southeast Asia government and energy intrusions
- Cloud Atlas
- FishMonger
- Mustang Panda
- Russian intelligence commercial-messaging backup-key phishing
- SHADOW-AETHER AI-augmented Latin America intrusions
- SprySOCKS
government-impersonation
GPT
Grandoreiro
- Banana RAT / SHADOW-WATER-063 Brazilian banking fraud
- Grandoreiro and BTMOB Latin America / Europe malware campaigns
GraphSpy
Gravity SMTP
GRE
GREYVIBE
group
groups
- APT29
- CL-STA-1062
- Dragonfly
- Fox Tempest
- JINX-0164
- OP-512
- TA4922
- Turla
- UNC3753
- UNC6508
- VerdantBamboo
- Void Dokkaebi
- Webworm
gRPC
gs-netcat
GS-Netcat
GTIG
GUE
guest-to-host escape
Guildma
hack-and-leak
hacktivist persona
Hades
Hajime
hallucination
HappyDoor
HAR files
hard-coded secrets
HashiCorp Vault
HavocKiller
headless browser
healthcare
HelloDoor
HellsGate
Helm
Hermes Agent
HexKiller
hidden backdoor
hidden service
high explosives
higher education
Honduras
HONESTCUE
hospitality targeting
Host Radar
hosting control plane
hosting provider
hosting providers
hotel targeting
HR lures
HTA
- Gamaredon 2025 tunnels, workers, dead drops, and cloud exfiltration
- Gamaredon GammaPhish / GammaWorm / GammaSteel chain
- Operation XENOFISCAL SideCopy XenoRAT campaign
- SideCopy
HTML smuggling
HTTP C2
HttpMalice
HTTPSpy
Hugging Face
Hunt.io
- GHOST STADIUM FIFA World Cup ticket phishing
- Malicious infrastructure provider concentration
- Quest KACE SMA CVE-2025-32975 exploitation
- xlabs_v1 DDoS-for-hire IoT botnet
Huntress
hydropower
Hydropower Cooperation Project Proposal.zip
hypervisor escape
Hyunwoo Kim
I-SOON
ICE
ICONICSTEALER
ICS
IDE extension
IDE plugins
ide.cfm
identity
identity attacks
identity security
IDEs
IFEO persistence
IIOP
IIS
IKEv1
iMessage
Impacket
impersonation
import-time execution
improper privilege management
in-memory DLL loading
incident response
- Check Point VPN CVE-2026-50751 exploitation
- Cisco Catalyst SD-WAN Manager CVE-2026-20245 / CVE-2026-20262 exploitation
- Cisco Unified CM CVE-2026-20230 file-write exploitation
- FortiBleed Fortinet credential exposure
- FortiClient EMS CVE-2026-35616 EKZ Infostealer campaign
- Funnull RingH23 and MacCMS supply-chain attacks
- Klue Salesforce OAuth token abuse
- LiteSpeed cPanel CVE-2026-48172 exploitation
- LiteSpeed cPanel Plugin CVE-2026-54420 exploitation
- Malicious infrastructure provider concentration
- Mr_Rot13 cPanel CVE-2026-41940 backdoor campaign
- Oracle E-Business Suite CVE-2026-46817 exploitation
- Oracle WebLogic CVE-2024-21182 exploitation
- PAN-OS GlobalProtect CVE-2026-0257 exploitation
- Progress Kemp LoadMaster CVE-2026-8037 pre-auth RCE
- PTC Windchill / FlexPLM CVE-2026-12569 exploitation
- ServiceNow instance unauthenticated table-query exploitation
- SimpleHelp CVE-2026-48558 authentication-bypass exploitation
- SolarWinds Serv-U CVE-2026-28318 exploitation
- Splunk Enterprise CVE-2026-20253 pre-auth file write / RCE
incident-response
India
- Mustang Panda
- Mustang Panda ZOHOMURK / MINIRECON India campaigns
- Operation DragonReturn India tax-season DcRAT campaign
Indian government
indirect prompt injection
- AI-agent memory poisoning
- AI-augmented adversary operations
- MCP tool-description poisoning
- Sentry MCP Agentjacking
industrial control
industrial control systems
INFINITERED
Infoblox Threat Intel
information disclosure
infostealer
- Armored Likho
- Armored Likho BusySnake campaign
- BusySnake Stealer
- codexui-android OpenAI token stealer
- Djinn Stealer
- Famous Chollima Packagist dev-branch loader
- faster-axios / turbo-axios Epsilon Stealer npm campaign
- html-to-gutenberg / fetch-page-assets VS Code blockchain stealer
- IronWorm npm Rust infostealer campaign
- JINX-0164 crypto developer infrastructure campaign
- macOS.Gaslight Rust backdoor
- Malware-Slop Claude user-data npm infostealer
- PamStealer
- StealC / Amadey infrastructure disruption
- StegaBin Pastebin-steganography npm campaign
- TamperedChef-style productivity malware clusters
- Telnyx PyPI TeamPCP compromise
- VEIL#DROP Blogger-hosted PureLogs stealer chain
- wshu.net npm credential-stealer campaign
infrastructure
- First VPN
- Funnull RingH23 and MacCMS supply-chain attacks
- GHOST STADIUM FIFA World Cup ticket phishing
- Hunt.io global smishing infrastructure campaign
- Malicious infrastructure provider concentration
infrastructure disruption
initial access broker
initial-access
- AI-augmented adversary operations
- ClickOnce COM hijacking abuse
- Operation Endgame SocGholish disruption
input capture
install-time execution
install-time-execution
install.res.1033.dll
Integration Broker
Intercolo
internet-facing admin surface
internet-facing appliance
internet-facing applications
investment scam
InvisibleFerret
iOS
IoT
- Dutch Police / NCSC 17-million-device botnet disruption
- FatFs CVE-2026-6682 to CVE-2026-6688 embedded-filesystem bug cluster
- JDY SOHO / IoT reconnaissance botnet
IoT botnet
IP-in-IP
IPsec
IPv6
Iran
- Ababil of Minab MOIS-linked recovery-destruction campaign
- Cavern
- Cavern Manticore
- Handala
- Langflow CVE-2025-34291 exploitation
- Screening Serpens
- Seedworm / MuddyWater
Iran-nexus
Island Security Research
ISO image
Israel
IT providers
Italian foreign-policy targeting
Italy targeting
Ivanti Sentry
JADEPUFFER
Jamf Threat Labs
Januscape
Japan
Java malware
JavaScript
- Astro config blockchain C2 PR injection
- html-to-gutenberg / fetch-page-assets VS Code blockchain stealer
- Lazarus-linked Rollup polyfill npm malware
- Mastra
easy-day-jsnpm scope compromise - npm install explicit-trust controls
- Operation DangerousPassword axios npm compromise
- Operation XENOFISCAL SideCopy XenoRAT campaign
- postcss-minify-selector-parser npm RAT
- procwire / routecraft npm Windows dropper
- TaskWeaver
- wshu.net npm credential-stealer campaign
JavaScript bridge
JavaScript injection
JavaScript loader
JavaScript malware
JavaScript masquerading
JavaScript tampering
JCE
JDY
Jellyfin
JetBrains
JetBrains Marketplace
JetStream
JFrog
JFrog Security Research
- Linux DirtyClone CVE-2026-43503 local privilege escalation
- Solana FakeFix npm / PyPI developer stealer
JINX-0164
joblib
Joomla
Joomla Content Editor
journalists
JSCoreRunner
JSON:API
JSONKeeper
JSONPing
JSP web shell
JuicyPotato
JXA downloader
K1MORPHER
Kairos
Kaspersky
Kaspersky Securelist
Kazakhstan
KAZUAR
KAZUAR overlap
Keitaro
Kemp LoadMaster
kernel driver
kernelCTF
KEV
- Drupal Core CVE-2026-9082 exploitation
- Langflow CVE-2025-34291 exploitation
- PAN-OS GlobalProtect CVE-2026-0257 exploitation
keychain theft
KeyHunter
keylogger
keylogging
Kimsuky
Klue
KnowledgeDeliver
KongTuke
KORKERDS
Kubernetes
KV-botnet
KVM
KVM escape
kvmCTF
L2TP/IPSec
LA Metro
LangChain
Langflow
- JADEPUFFER Langflow agentic ransomware
- Langflow CVE-2025-34291 exploitation
- Langflow CVE-2026-33017 cryptominer SSH worm
- NATS-as-C2 KeyHunter credential-harvesting operation
LangFlow
LangGraph
Language Servers for AWS
Lantronix
Laravel
lateral movement
- Gamaredon 2025 tunnels, workers, dead drops, and cloud exfiltration
- Quest KACE SMA CVE-2025-32975 exploitation
- The Gentlemen ransomware
lateral-movement
Latin America
- Grandoreiro and BTMOB Latin America / Europe malware campaigns
- SHADOW-AETHER AI-augmented Latin America intrusions
LaunchAgent
launchctl
law enforcement
law-enforcement-disruption
LayerX
Lazarus
- Famous Chollima Packagist dev-branch loader
- Lazarus-linked Rollup polyfill npm malware
- Operation DangerousPassword axios npm compromise
- RemotePE
- StegaBin Pastebin-steganography npm campaign
LD_PRELOAD
LDAP
leaked credentials
least privilege
legacy botnet hijacking
legacy infrastructure
legacy software
legal sector
LegionRelay
Leo Platform
LevelBlue
liblzma
libp2p
libpeconv
lifecycle hooks
lifecycle-hooks
Lightning Shared Scooter Co.
Linksys
Linux
- Atomic Arch AUR package hijack
- Djinn Stealer
- GitHub / Packagist postinstall hook campaign
- IronWorm npm Rust infostealer campaign
- Januscape KVM CVE-2026-53359 guest-to-host escape
- js-logger-pack Hugging Face exfiltration campaign
- Linux Bad Epoll CVE-2026-46242 local privilege escalation
- Linux DirtyClone CVE-2026-43503 local privilege escalation
- Linux Kernel CVE-2022-0492 cgroup release_agent exploitation
- Linux nftables CVE-2026-23111 public LPE exploits
- Linux pedit COW CVE-2026-46331 local privilege escalation
- MYRA RAT
- Ollama P2P cryptominer RAT campaign
- Operation DangerousPassword axios npm compromise
- Operation Highland Velvet Ant authentication-stack backdoors
- PCPJack cloud SMTP relay network
- QuimaRAT
- Showboat
- Velvet Ant
- VerdantBamboo
- VerdantBamboo appliance BRICKSTORM operation
- XZ Utils backdoor
Linux kernel
- Januscape KVM CVE-2026-53359 guest-to-host escape
- Linux Bad Epoll CVE-2026-46242 local privilege escalation
- Linux DirtyClone CVE-2026-43503 local privilege escalation
- Linux pedit COW CVE-2026-46331 local privilege escalation
Linux malware
LiteLLM
- LiteLLM CVE-2026-42271 MCP stdio command injection
- MCP stdio command-execution boundary
- Telnyx PyPI TeamPCP compromise
LiteSpeed
living off the land
living-off-the-land
living-off-the-land binaries
LLM
- AI-augmented adversary operations
- GREYVIBE
- Marimo CVE-2026-39987 LLM-agent post-exploitation
- Ollama P2P cryptominer RAT campaign
LLM security
LLM-driven intrusion
LLMjacking
LMS
LNK
- APT28 LNK SmartScreen bypass and CVE-2026-32202 coercion chain
- Armored Likho BusySnake campaign
- Avalon / CrownX malware framework
- Crypto Clipper Tor / USB worm
- Gamaredon GammaPhish / GammaWorm / GammaSteel chain
- Operation GriefLure Southeast Asia LNK dropper
- Operation XENOFISCAL SideCopy XenoRAT campaign
- Photo ZIP hospitality Node.js implant campaign
- SideCopy
- UAC-0226 / SHADOW-EARTH-066
LNK files
load balancer
loader
- Famous Chollima Packagist dev-branch loader
- RustDuck
- StealC / Amadey infrastructure disruption
- TaskWeaver
local LLMs
local privilege escalation
- Januscape KVM CVE-2026-53359 guest-to-host escape
- Linux Bad Epoll CVE-2026-46242 local privilege escalation
- Linux DirtyClone CVE-2026-43503 local privilege escalation
- Linux pedit COW CVE-2026-46331 local privilege escalation
- MiniPlasma Windows Cloud Filter LPE exploitation
local-file-inclusion
localhost
log poisoning
logging
login item persistence
LOLBins
long-lived tokens
long-term access
LONGSTREAM
LOOKVALJS
LOOKVALPS
loopback
Loophole
low-confidence attribution
LPE
LS-DYNA
LSASS
LSHIY
LSSC
Lua
Lumen
Lumen Black Lotus Labs
Luna Moth
Lyceum
MaaS
MacCMS
Maccy impersonation
machine-learning
macOS
- 3CX desktop app compromise
- Djinn Stealer
- JINX-0164
- JINX-0164 crypto developer infrastructure campaign
- js-logger-pack Hugging Face exfiltration campaign
- macOS.Gaslight Rust backdoor
- Operation DangerousPassword axios npm compromise
- Operation FlutterBridge FlutterShell macOS malvertising
- PamStealer
- QuimaRAT
macOS malware
Magento
MagicYUV
mail server compromise
mailbox theft
MAIN world injection
maintainer compromise
maintainer persona
maintainer-compromise
malicious GPO
malicious releases
malvertising
- AI-brand impersonation phishing and malvertising
- Operation FlutterBridge FlutterShell macOS malvertising
- StealC / Amadey infrastructure disruption
- TamperedChef-style productivity malware clusters
malware
- AI-augmented adversary operations
- Backdoor.Mistic / KongTuke ModeloRAT activity
- binding.gyp npm CI/CD worm
- BusySnake Stealer
- CanisterWorm
- Cavern
- ChocoPoC
- CrownX
- Crypto Clipper Tor / USB worm
- Djinn Stealer
- Fast16
- forge-jsxy
- IronWorm npm Rust infostealer campaign
- macOS.Gaslight Rust backdoor
- MYRA RAT
- Operation Endgame SocGholish disruption
- PamStealer
- postcss-minify-selector-parser npm RAT
- QuimaRAT
- RemotePE
- RustDuck
- Showboat
- SprySOCKS
- StealC / Amadey infrastructure disruption
- STOCKSTAY
- StrikeShark SharkLoader / Cobalt Strike campaign
- TA4922
- TamperedChef-style productivity malware clusters
- TaskWeaver
- TeamPCP
- The Gentlemen ransomware
- TinyRCT
- Umbrij
- UNC6692 SNOW malware social-engineering campaign
malware analysis
malware delivery
- ClickFix CPaaS API-driven payload delivery
- Ghost CMS CVE-2026-26980 ClickFix poisoning
- VEIL#DROP Blogger-hosted PureLogs stealer chain
malware framework
Malware-as-a-Service
malware-as-a-service
malware-signing-as-a-service
MALXMR
managed file transfer
managed service provider
ManageEngine Endpoint Central
management plane
- FortiClient EMS CVE-2026-35616 EKZ Infostealer campaign
- Lantronix EDS5000 CVE-2025-67038 exploitation
- Ubiquiti UniFi OS CVE-2026-34908 / CVE-2026-34909 / CVE-2026-34910 exploitation
Manifest V3
manufacturing
Mapbox
marimo
MARKETMAKER
marketplace abuse
marketplace trust
Maven Central
mawesome
Mbed
McAfee Labs
MCP
- Agent localhost control-plane RCE
- Amazon Q CVE-2026-12957 MCP auto-execution
- LiteLLM CVE-2026-42271 MCP stdio command injection
- MCP stdio command-execution boundary
- MCP tool-description poisoning
- SANDWORM_MODE AI-toolchain npm worm
- Sentry MCP Agentjacking
media processing
medical research
Mekotio
memfd
memory corruption
memory disclosure
memory overread
memory poisoning
memory-only malware
MeshAgent
MeshCentral
MEV bot lure
Mexico
MFA bypass
- 0ktapus phishing campaign
- Anubis ransomware CitrixBleed 2 / RMM / cloudflared intrusions
- Azure CLI LSHIY password-spray campaign
- Chinese-language PhaaS wallet-tokenization ecosystem
- CitrixBleed session-hijack wave
- ROADtools
- SimpleHelp CVE-2026-48558 authentication-bypass exploitation
MFA fatigue
MFA-bypass
Miasma
- AI scanner anti-analysis
- binding.gyp npm CI/CD worm
- Developer-tool config auto-execution
- Immobiliare Labs Backstage plugins npm compromise
- Leo Platform npm Miasma-style compromise
- npm install explicit-trust controls
MicroPython
Microsoft
- Agent localhost control-plane RCE
- AI-agent memory poisoning
- AI-brand impersonation phishing and malvertising
- Fox Tempest
- MCP tool-description poisoning
- Microsoft SharePoint CVE-2026-45659 RCE exploitation
Microsoft .NET
Microsoft 365
- Azure CLI LSHIY password-spray campaign
- BlackFile / UNC6671 vishing extortion operation
- Kali365 device-code phishing expansion
Microsoft 365 Copilot
Microsoft Authentication Broker
Microsoft Defender
Microsoft Defender Security Research
Microsoft dev tunnels
Microsoft Digital Crimes Unit
Microsoft Edge
Microsoft Edge Add-ons
Microsoft Edge Extensions Security Team
Microsoft Entra ID
Microsoft Graph
Microsoft Identity Platform
Microsoft Office SharePoint
Microsoft Security Blog
Microsoft SQL Server
Microsoft Teams
Microsoft-signed binary abuse
Middle East
middleware
Midnight Blizzard
military research
Mimikatz
- Anubis ransomware CitrixBleed 2 / RMM / cloudflared intrusions
- CL-STA-1062
- CL-STA-1062 Southeast Asia government and energy intrusions
Minecraft DDoS
Mini Shai-Hulud
MiniJunk
MiniPlasma
MINIRAT
MINIRECON
Ministry of Finance
- Operation DragonReturn India tax-season DcRAT campaign
- Operation XENOFISCAL SideCopy XenoRAT campaign
MiniUpdate
Mirai
- Malicious infrastructure provider concentration
- NetNut / Popa residential proxy network disruption
- Ubiquiti UniFi OS CVE-2026-34908 / CVE-2026-34909 / CVE-2026-34910 exploitation
Mirai-derived botnet
Mistic
MITRE ATT&CK T1005
MITRE ATT&CK T1562
MLTBackdoor
mobile
Mobile Access
mobile device management
mobile devices
mobile malware
MobileIron Sentry
Model Context Protocol
- Agent localhost control-plane RCE
- Amazon Q CVE-2026-12957 MCP auto-execution
- LiteLLM CVE-2026-42271 MCP stdio command injection
- MCP stdio command-execution boundary
- MCP tool-description poisoning
model poisoning
model-provider abuse
ModeloRAT
module-proxy
MOIS
- Ababil of Minab MOIS-linked recovery-destruction campaign
- Cavern
- Cavern Manticore
- Handala
- Seedworm / MuddyWater
Monero
Mozi
MpExtMs.exe
MPR network provider
Mr_Rot13
MSBuild
msgpack
mshta
- Gamaredon GammaPhish / GammaWorm / GammaSteel chain
- Operation XENOFISCAL SideCopy XenoRAT campaign
- SideCopy
MSI
MSP
- ConnectWise ScreenConnect exploitation wave
- VerdantBamboo
- VerdantBamboo appliance BRICKSTORM operation
MSSQL
mTLS
MuddyWater
multi-tenant cloud
Mustang Panda
Mustard Tempest
mutable tags
MYRA
MySQL
Mythos
Nacos
named pipes
namespace recycling
namespace squatting
NAS targeting
nation-state
native addon
native extension
NativeAOT
NATS
NCSC-NL
Nebo
negotiation
Neo-reGeorg
nested virtualization
Netherlands
NetNut
NetScaler
NetScaler ADC
- Anubis ransomware CitrixBleed 2 / RMM / cloudflared intrusions
- Citrix NetScaler CVE-2026-8451 memory overread
NetScaler Gateway
- Anubis ransomware CitrixBleed 2 / RMM / cloudflared intrusions
- Citrix NetScaler CVE-2026-8451 memory overread
network infrastructure
network policies
Nextcloud
nf_tables
nftables
Nginx
Nginx module
no attribution
No-IP
node-gyp
node-ipc
node-pty
Node.js
Node.js implant
Node.js malware
North Korea
- Famous Chollima Packagist dev-branch loader
- Kimsuky / Emerald Sleet / TA427
- Lazarus-linked Rollup polyfill npm malware
- macOS.Gaslight Rust backdoor
- Operation DangerousPassword axios npm compromise
- PolinRider cross-ecosystem supply-chain campaign
- RemotePE
- ScarCruft Yanbian game-platform supply-chain attack
- StegaBin Pastebin-steganography npm campaign
- UNK_DeadDrop developer repository phishing
- Void Dokkaebi
notarized malware
npm
- @marketfront / @tqm-mfe dependency-confusion stealer
- @withgoogle/stitch-sdk scope squat
- AI scanner anti-analysis
- art-template Coruna-style iOS watering-hole compromise
- Atomic Arch AUR package hijack
- binding.gyp npm CI/CD worm
- Bitwarden / Checkmarx Shai-Hulud Third Coming campaign
- CanisterWorm
- codexui-android OpenAI token stealer
- faster-axios / turbo-axios Epsilon Stealer npm campaign
- forge-jsxy
- GitHub / Packagist postinstall hook campaign
- Glassworm developer supply-chain botnet
- html-to-gutenberg / fetch-page-assets VS Code blockchain stealer
- Immobiliare Labs Backstage plugins npm compromise
- IronWorm npm Rust infostealer campaign
- JINX-0164
- JINX-0164 crypto developer infrastructure campaign
- js-logger-pack Hugging Face exfiltration campaign
- Lazarus-linked Rollup polyfill npm malware
- Leo Platform npm Miasma-style compromise
- Malware-Slop Claude user-data npm infostealer
- Mastra
easy-day-jsnpm scope compromise - Megalodon GitHub Actions workflow backdooring
- Mini Shai-Hulud npm/PyPI worm campaign
- MYRA RAT
- node-ipc 2026 npm maintainer-account compromise
- npm install explicit-trust controls
- oob.moika.tech dependency-confusion environment stealer
- Operation DangerousPassword axios npm compromise
- PolinRider cross-ecosystem supply-chain campaign
- Polymarket npm wallet-drainer packages
- postcss-minify-selector-parser npm RAT
- procwire / routecraft npm Windows dropper
- SANDWORM_MODE AI-toolchain npm worm
- Sentry MCP Agentjacking
- Solana FakeFix npm / PyPI developer stealer
- StegaBin Pastebin-steganography npm campaign
- TeamPCP
- TrapDoor crypto-stealer cross-ecosystem campaign
- Trivy → TeamPCP → CanisterWorm: compromise timeline
- vpmdhaj OpenSearch npm cloud-secret stealer
- wshu.net npm credential-stealer campaign
npm lifecycle hook
- Mastra
easy-day-jsnpm scope compromise - Operation DangerousPassword axios npm compromise
- procwire / routecraft npm Windows dropper
npm tokens
npx
NSecKrnl.sys
NTDS.dit
- Anubis ransomware CitrixBleed 2 / RMM / cloudflared intrusions
- Storm-2603 parallel SharePoint ransomware intrusion
NTFS ADS
NTLM
nuclear weapons
NuGet
Nuitka
NVGRE
OAuth
- Azure CLI LSHIY password-spray campaign
- Browser-based developer IDE OAuth token theft
- Kali365 device-code phishing expansion
- Klue Salesforce OAuth token abuse
OAuth abuse
OAuth token abuse
OAuth token exposure
OAuth tokens
OBF networks
obfuscation
obfuscator.io
OFAC
Offshore LC
OIDC
- Claude Code GitHub Action prompt-injection boundary
- codfish semantic-release-action tag compromise
- GitHub Actions OIDC subject-claim collisions
- Megalodon GitHub Actions workflow backdooring
- Mini Shai-Hulud npm/PyPI worm campaign
- SimpleHelp CVE-2026-48558 authentication-bypass exploitation
OilRig
Okta
- 0ktapus phishing campaign
- BlackFile / UNC6671 vishing extortion operation
- Kali365 device-code phishing expansion
- Okta support-system compromise
OKX
Ollama
Oman
Omnibox
OneDrive
OneDrive access
Open Interpreter
OpenAI
OpenAI Codex
opencode
OpenConnect
OpenHands
OpenSearch
OpenSSH
OpenVPN
OpenVPN-shaped UDP
OpenVSX
operation
Operation DangerousPassword
Operation Endgame
Operation Highland
operational relay box
operational resilience
operations
- 0ktapus phishing campaign
- 3CX desktop app compromise
- @marketfront / @tqm-mfe dependency-confusion stealer
- @withgoogle/stitch-sdk scope squat
- Ababil of Minab MOIS-linked recovery-destruction campaign
- Accellion FTA exploitation campaign
- actions-cool GitHub Actions tag compromise
- Adblock for YouTube BadBlocker remote-script injection risk
- Adobe ColdFusion APSB26-68 CVE bonanza
- AI chatbot and SEO poisoning GPU-cryptojacking campaign
- Amazon Q CVE-2026-12957 MCP auto-execution
- Android Framework CVE-2025-48595 exploitation
- Anubis ransomware CitrixBleed 2 / RMM / cloudflared intrusions
- APT28 LNK SmartScreen bypass and CVE-2026-32202 coercion chain
- Argo CD repo-server unauthenticated RCE
- Arista EOS CVE-2026-7473 tunnel decapsulation exploitation
- Armored Likho BusySnake campaign
- art-template Coruna-style iOS watering-hole compromise
- AryStinger legacy-router recon proxy network
- Astro config blockchain C2 PR injection
- Atomic Arch AUR package hijack
- Avalon / CrownX malware framework
- Azure CLI LSHIY password-spray campaign
- Banana RAT / SHADOW-WATER-063 Brazilian banking fraud
- Barracuda ESG zero-day backdoor campaign
- binding.gyp npm CI/CD worm
- Bitwarden / Checkmarx Shai-Hulud Third Coming campaign
- BlackFile / UNC6671 vishing extortion operation
- BufferZoneCorp RubyGems / Go module CI poisoning
- CanisterWorm
- CCleaner signed-update compromise
- Check Point VPN CVE-2026-50751 exploitation
- Chinese-language PhaaS wallet-tokenization ecosystem
- Chrome live-wallpaper extension ad-fraud network
- Chrome V8 CVE-2026-11645 exploitation
- CircleCI 2023 customer secret exposure incident
- Cisco Catalyst SD-WAN Manager CVE-2026-20245 / CVE-2026-20262 exploitation
- Cisco Unified CM CVE-2026-20230 file-write exploitation
- Citrix NetScaler CVE-2026-8451 memory overread
- CitrixBleed session-hijack wave
- CL-STA-1062 Southeast Asia government and energy intrusions
- ClickFix CPaaS API-driven payload delivery
- Codecov Bash Uploader compromise
- codexui-android OpenAI token stealer
- codfish semantic-release-action tag compromise
- ConnectWise ScreenConnect exploitation wave
- Crypto Clipper Tor / USB worm
- DAEMON Tools Lite supply-chain compromise
- DCloud Uni-App scam infrastructure ecosystem
- Drupal Core CVE-2026-9082 exploitation
- Dutch Police / NCSC 17-million-device botnet disruption
- Everest Forms Pro CVE-2026-3300 exploitation
- Fake-reputation crypto clipboard hijacker
- Famous Chollima Packagist dev-branch loader
- faster-axios / turbo-axios Epsilon Stealer npm campaign
- FatFs CVE-2026-6682 to CVE-2026-6688 embedded-filesystem bug cluster
- FFmpeg PixelSmash CVE-2026-8461 media-file RCE
- FortiBleed Fortinet credential exposure
- FortiClient EMS CVE-2026-35616 EKZ Infostealer campaign
- Funnull RingH23 and MacCMS supply-chain attacks
- Gamaredon 2025 tunnels, workers, dead drops, and cloud exfiltration
- Gamaredon GammaPhish / GammaWorm / GammaSteel chain
- Ghost CMS CVE-2026-26980 ClickFix poisoning
- GHOST STADIUM FIFA World Cup ticket phishing
- Gitea Docker CVE-2026-20896 probing
- GitHub / Packagist postinstall hook campaign
- Glassworm developer supply-chain botnet
- Grandoreiro and BTMOB Latin America / Europe malware campaigns
- Gravity SMTP CVE-2026-4020 exploitation
- HackerBot Claw
- HackerBot Claw GitHub Actions exploitation campaign
- html-to-gutenberg / fetch-page-assets VS Code blockchain stealer
- Hunt.io global smishing infrastructure campaign
- Immobiliare Labs Backstage plugins npm compromise
- IronWorm npm Rust infostealer campaign
- Ivanti Sentry CVE-2026-10520 exploitation
- JADEPUFFER Langflow agentic ransomware
- Januscape KVM CVE-2026-53359 guest-to-host escape
- JDY SOHO / IoT reconnaissance botnet
- JetBrains AI plugin API-key theft
- JINX-0164 crypto developer infrastructure campaign
- Joomla JCE CVE-2026-48907 exploitation
- js-logger-pack Hugging Face exfiltration campaign
- Kairos data-extortion government payment
- Kali365 device-code phishing expansion
- Klue Salesforce OAuth token abuse
- KnowledgeDeliver CVE-2026-5426 ViewState exploitation
- Langflow CVE-2025-34291 exploitation
- Langflow CVE-2026-33017 cryptominer SSH worm
- Lantronix EDS5000 CVE-2025-67038 exploitation
- Laravel-Lang Composer tag-rewrite compromise
- Lazarus-linked Rollup polyfill npm malware
- Leo Platform npm Miasma-style compromise
- Linux Bad Epoll CVE-2026-46242 local privilege escalation
- Linux DirtyClone CVE-2026-43503 local privilege escalation
- Linux Kernel CVE-2022-0492 cgroup release_agent exploitation
- Linux nftables CVE-2026-23111 public LPE exploits
- Linux pedit COW CVE-2026-46331 local privilege escalation
- LiteLLM compromise
- LiteLLM CVE-2026-42271 MCP stdio command injection
- LiteSpeed cPanel CVE-2026-48172 exploitation
- LiteSpeed cPanel Plugin CVE-2026-54420 exploitation
- macOS.Gaslight Rust backdoor
- Malware-Slop Claude user-data npm infostealer
- Marimo CVE-2026-39987 LLM-agent post-exploitation
- Mastra
easy-day-jsnpm scope compromise - Megalodon GitHub Actions workflow backdooring
- Microsoft Defender CVE-2026-41091 / CVE-2026-45498 exploitation
- Microsoft SharePoint CVE-2026-45659 RCE exploitation
- Mini Shai-Hulud npm/PyPI worm campaign
- MiniPlasma Windows Cloud Filter LPE exploitation
- Mirasvit Cache Warmer CVE-2026-45247 exploitation
- Mr_Rot13 cPanel CVE-2026-41940 backdoor campaign
- Mustang Panda ZOHOMURK / MINIRECON India campaigns
- NATS-as-C2 KeyHunter credential-harvesting operation
- node-ipc 2026 npm maintainer-account compromise
- Nx Console VS Code extension compromise
- Okta support-system compromise
- Ollama P2P cryptominer RAT campaign
- Oman government Iranian-nexus webshell C2
- oob.moika.tech dependency-confusion environment stealer
- Operation DangerousPassword axios npm compromise
- Operation Dragon Weave Azure Blob C2 campaign
- Operation DragonReturn India tax-season DcRAT campaign
- Operation Endgame SocGholish disruption
- Operation FlutterBridge FlutterShell macOS malvertising
- Operation GriefLure Southeast Asia LNK dropper
- Operation Highland Velvet Ant authentication-stack backdoors
- Operation XENOFISCAL SideCopy XenoRAT campaign
- Oracle E-Business Suite CVE-2026-46817 exploitation
- Oracle PeopleSoft CVE-2026-35273 ShinyHunters exploitation
- Oracle WebLogic CVE-2024-21182 exploitation
- Outsider Enterprise smishing PhaaS
- PAN-OS GlobalProtect CVE-2026-0257 exploitation
- Perplexity AI-spoofing Chromium extension search hijacker
- Photo ZIP hospitality Node.js implant campaign
- Pirated media SilentCryptoMiner RAT campaign
- PolinRider cross-ecosystem supply-chain campaign
- Polymarket npm wallet-drainer packages
- postcss-minify-selector-parser npm RAT
- PraisonAI CVE-2026-44338 rapid exploitation
- procwire / routecraft npm Windows dropper
- Progress Kemp LoadMaster CVE-2026-8037 pre-auth RCE
- PTC Windchill / FlexPLM CVE-2026-12569 exploitation
- Quest KACE SMA CVE-2025-32975 exploitation
- Russian intelligence commercial-messaging backup-key phishing
- SANDWORM_MODE AI-toolchain npm worm
- ScarCruft Yanbian game-platform supply-chain attack
- ScreenConnect freeware / AsyncRAT SEO campaign
- ServiceNow instance unauthenticated table-query exploitation
- SHADOW-AETHER AI-augmented Latin America intrusions
- shopsprint/decimal Go typosquat DNS backdoor
- Sicoob.Sdk NuGet banking certificate stealer
- Silent Swap Google Notes crypto clipper
- simonecorsi/mawesome GitHub Action compromise
- SimpleHelp CVE-2026-48558 authentication-bypass exploitation
- SolarWinds Serv-U CVE-2026-28318 exploitation
- Splunk Enterprise CVE-2026-20253 pre-auth file write / RCE
- StealC / Amadey infrastructure disruption
- StegaBin Pastebin-steganography npm campaign
- StegoAd Edge extension steganography campaign
- Stock exchange executive mailbox espionage
- Storm-2603 parallel SharePoint ransomware intrusion
- TamperedChef-style productivity malware clusters
- TeamPCP
- Telnyx PyPI TeamPCP compromise
- Thailand healthcare RAR / Python stealer campaign
- tj-actions and reviewdog compromise
- TrapDoor crypto-stealer cross-ecosystem campaign
- Trend Micro Apex One CVE-2026-34926 exploitation
- Trivy compromise
- Trivy → TeamPCP → CanisterWorm: compromise timeline
- Turla STOCKSTAY backdoor operations
- Ubiquiti UniFi OS CVE-2026-34908 / CVE-2026-34909 / CVE-2026-34910 exploitation
- UNK_DeadDrop developer repository phishing
- VEIL#DROP Blogger-hosted PureLogs stealer chain
- VerdantBamboo appliance BRICKSTORM operation
- vpmdhaj OpenSearch npm cloud-secret stealer
- VPN Go browser-extension clipboard stealer
- WhatsApp VBScript ManageEngine RMM campaign
- WP Maps Pro CVE-2026-8732 exploitation
- wshu.net npm credential-stealer campaign
- Xinference PyPI compromise
- XZ Utils backdoor
OpFauxSign
ops
- 0ktapus phishing campaign
- 3CX desktop app compromise
- @marketfront / @tqm-mfe dependency-confusion stealer
- @withgoogle/stitch-sdk scope squat
- Ababil of Minab MOIS-linked recovery-destruction campaign
- Accellion FTA exploitation campaign
- actions-cool GitHub Actions tag compromise
- Adblock for YouTube BadBlocker remote-script injection risk
- Adobe ColdFusion APSB26-68 CVE bonanza
- AI chatbot and SEO poisoning GPU-cryptojacking campaign
- Amazon Q CVE-2026-12957 MCP auto-execution
- Android Framework CVE-2025-48595 exploitation
- Anubis ransomware CitrixBleed 2 / RMM / cloudflared intrusions
- APT28 LNK SmartScreen bypass and CVE-2026-32202 coercion chain
- Argo CD repo-server unauthenticated RCE
- Arista EOS CVE-2026-7473 tunnel decapsulation exploitation
- Armored Likho BusySnake campaign
- art-template Coruna-style iOS watering-hole compromise
- AryStinger legacy-router recon proxy network
- Astro config blockchain C2 PR injection
- Atomic Arch AUR package hijack
- Avalon / CrownX malware framework
- Azure CLI LSHIY password-spray campaign
- Backdoor.Mistic / KongTuke ModeloRAT activity
- Banana RAT / SHADOW-WATER-063 Brazilian banking fraud
- Barracuda ESG zero-day backdoor campaign
- BeyondTrust RS / PRA CVE-2026-40138 and CVE-2026-40139 authentication bypass
- binding.gyp npm CI/CD worm
- Bitwarden / Checkmarx Shai-Hulud Third Coming campaign
- BlackFile / UNC6671 vishing extortion operation
- BufferZoneCorp RubyGems / Go module CI poisoning
- CCleaner signed-update compromise
- Check Point VPN CVE-2026-50751 exploitation
- Chinese-language PhaaS wallet-tokenization ecosystem
- ChocoPoC fake PoC supply-chain campaign
- Chrome live-wallpaper extension ad-fraud network
- Chrome V8 CVE-2026-11645 exploitation
- CircleCI 2023 customer secret exposure incident
- Cisco Catalyst SD-WAN Manager CVE-2026-20245 / CVE-2026-20262 exploitation
- Cisco Unified CM CVE-2026-20230 file-write exploitation
- Citrix NetScaler CVE-2026-8451 memory overread
- CitrixBleed session-hijack wave
- CL-STA-1062 Southeast Asia government and energy intrusions
- ClickFix CPaaS API-driven payload delivery
- Codecov Bash Uploader compromise
- codexui-android OpenAI token stealer
- codfish semantic-release-action tag compromise
- ConnectWise ScreenConnect exploitation wave
- Crypto Clipper Tor / USB worm
- DAEMON Tools Lite supply-chain compromise
- DCloud Uni-App scam infrastructure ecosystem
- Drupal Core CVE-2026-9082 exploitation
- Dutch Police / NCSC 17-million-device botnet disruption
- Everest Forms Pro CVE-2026-3300 exploitation
- Fake-reputation crypto clipboard hijacker
- Famous Chollima Packagist dev-branch loader
- faster-axios / turbo-axios Epsilon Stealer npm campaign
- FatFs CVE-2026-6682 to CVE-2026-6688 embedded-filesystem bug cluster
- FFmpeg PixelSmash CVE-2026-8461 media-file RCE
- FortiBleed Fortinet credential exposure
- FortiClient EMS CVE-2026-35616 EKZ Infostealer campaign
- Funnull RingH23 and MacCMS supply-chain attacks
- Gamaredon 2025 tunnels, workers, dead drops, and cloud exfiltration
- Gamaredon GammaPhish / GammaWorm / GammaSteel chain
- Ghost CMS CVE-2026-26980 ClickFix poisoning
- GHOST STADIUM FIFA World Cup ticket phishing
- Gitea Docker CVE-2026-20896 probing
- GitHub / Packagist postinstall hook campaign
- Glassworm developer supply-chain botnet
- Grandoreiro and BTMOB Latin America / Europe malware campaigns
- Gravity SMTP CVE-2026-4020 exploitation
- HackerBot Claw GitHub Actions exploitation campaign
- html-to-gutenberg / fetch-page-assets VS Code blockchain stealer
- Hunt.io global smishing infrastructure campaign
- Immobiliare Labs Backstage plugins npm compromise
- IronWorm npm Rust infostealer campaign
- Ivanti Sentry CVE-2026-10520 exploitation
- JADEPUFFER Langflow agentic ransomware
- Januscape KVM CVE-2026-53359 guest-to-host escape
- JDY SOHO / IoT reconnaissance botnet
- JetBrains AI plugin API-key theft
- JINX-0164 crypto developer infrastructure campaign
- Joomla JCE CVE-2026-48907 exploitation
- js-logger-pack Hugging Face exfiltration campaign
- Kairos data-extortion government payment
- Kali365 device-code phishing expansion
- Klue Salesforce OAuth token abuse
- KnowledgeDeliver CVE-2026-5426 ViewState exploitation
- Langflow CVE-2025-34291 exploitation
- Langflow CVE-2026-33017 cryptominer SSH worm
- Lantronix EDS5000 CVE-2025-67038 exploitation
- Laravel-Lang Composer tag-rewrite compromise
- Lazarus-linked Rollup polyfill npm malware
- Leo Platform npm Miasma-style compromise
- Linux Bad Epoll CVE-2026-46242 local privilege escalation
- Linux DirtyClone CVE-2026-43503 local privilege escalation
- Linux Kernel CVE-2022-0492 cgroup release_agent exploitation
- Linux nftables CVE-2026-23111 public LPE exploits
- Linux pedit COW CVE-2026-46331 local privilege escalation
- LiteLLM compromise
- LiteLLM CVE-2026-42271 MCP stdio command injection
- LiteSpeed cPanel CVE-2026-48172 exploitation
- LiteSpeed cPanel Plugin CVE-2026-54420 exploitation
- macOS.Gaslight Rust backdoor
- Malware-Slop Claude user-data npm infostealer
- Marimo CVE-2026-39987 LLM-agent post-exploitation
- Mastra
easy-day-jsnpm scope compromise - Megalodon GitHub Actions workflow backdooring
- Microsoft Defender CVE-2026-41091 / CVE-2026-45498 exploitation
- Microsoft SharePoint CVE-2026-45659 RCE exploitation
- Mini Shai-Hulud npm/PyPI worm campaign
- MiniPlasma Windows Cloud Filter LPE exploitation
- Mirasvit Cache Warmer CVE-2026-45247 exploitation
- Mr_Rot13 cPanel CVE-2026-41940 backdoor campaign
- Mustang Panda ZOHOMURK / MINIRECON India campaigns
- NATS-as-C2 KeyHunter credential-harvesting operation
- node-ipc 2026 npm maintainer-account compromise
- Nx Console VS Code extension compromise
- Okta support-system compromise
- Ollama P2P cryptominer RAT campaign
- Oman government Iranian-nexus webshell C2
- oob.moika.tech dependency-confusion environment stealer
- Operation DangerousPassword axios npm compromise
- Operation Dragon Weave Azure Blob C2 campaign
- Operation DragonReturn India tax-season DcRAT campaign
- Operation Endgame SocGholish disruption
- Operation FlutterBridge FlutterShell macOS malvertising
- Operation GriefLure Southeast Asia LNK dropper
- Operation Highland Velvet Ant authentication-stack backdoors
- Operation XENOFISCAL SideCopy XenoRAT campaign
- Oracle E-Business Suite CVE-2026-46817 exploitation
- Oracle PeopleSoft CVE-2026-35273 ShinyHunters exploitation
- Oracle WebLogic CVE-2024-21182 exploitation
- Outsider Enterprise smishing PhaaS
- PAN-OS GlobalProtect CVE-2026-0257 exploitation
- Perplexity AI-spoofing Chromium extension search hijacker
- Photo ZIP hospitality Node.js implant campaign
- Pirated media SilentCryptoMiner RAT campaign
- PolinRider cross-ecosystem supply-chain campaign
- Polymarket npm wallet-drainer packages
- postcss-minify-selector-parser npm RAT
- PraisonAI CVE-2026-44338 rapid exploitation
- procwire / routecraft npm Windows dropper
- Progress Kemp LoadMaster CVE-2026-8037 pre-auth RCE
- PTC Windchill / FlexPLM CVE-2026-12569 exploitation
- Quest KACE SMA CVE-2025-32975 exploitation
- Russian intelligence commercial-messaging backup-key phishing
- SANDWORM_MODE AI-toolchain npm worm
- ScarCruft Yanbian game-platform supply-chain attack
- ScreenConnect freeware / AsyncRAT SEO campaign
- ServiceNow instance unauthenticated table-query exploitation
- SHADOW-AETHER AI-augmented Latin America intrusions
- shopsprint/decimal Go typosquat DNS backdoor
- Sicoob.Sdk NuGet banking certificate stealer
- Silent Swap Google Notes crypto clipper
- simonecorsi/mawesome GitHub Action compromise
- SimpleHelp CVE-2026-48558 authentication-bypass exploitation
- Solana FakeFix npm / PyPI developer stealer
- SolarWinds Serv-U CVE-2026-28318 exploitation
- Splunk Enterprise CVE-2026-20253 pre-auth file write / RCE
- StealC / Amadey infrastructure disruption
- StegaBin Pastebin-steganography npm campaign
- StegoAd Edge extension steganography campaign
- Stock exchange executive mailbox espionage
- Storm-2603 parallel SharePoint ransomware intrusion
- StrikeShark SharkLoader / Cobalt Strike campaign
- TamperedChef-style productivity malware clusters
- Telnyx PyPI TeamPCP compromise
- Tenda firmware CVE-2026-11405 hidden authentication backdoor
- Thailand healthcare RAR / Python stealer campaign
- tj-actions and reviewdog compromise
- ToddyCat Umbrij Gmail OAuth operation
- TrapDoor crypto-stealer cross-ecosystem campaign
- Trend Micro Apex One CVE-2026-34926 exploitation
- Trivy compromise
- Trivy → TeamPCP → CanisterWorm: compromise timeline
- Turla STOCKSTAY backdoor operations
- Ubiquiti UniFi OS CVE-2026-34908 / CVE-2026-34909 / CVE-2026-34910 exploitation
- UNC6692 SNOW malware social-engineering campaign
- UNK_DeadDrop developer repository phishing
- UNK_MassTraction Roundcube university mailserver campaign
- VEIL#DROP Blogger-hosted PureLogs stealer chain
- VerdantBamboo appliance BRICKSTORM operation
- vpmdhaj OpenSearch npm cloud-secret stealer
- VPN Go browser-extension clipboard stealer
- WhatsApp VBScript ManageEngine RMM campaign
- WP Maps Pro CVE-2026-8732 exploitation
- wshu.net npm credential-stealer campaign
- Xinference PyPI compromise
- XZ Utils backdoor
opsec failure
Oracle
Oracle E-Business Suite
Oracle Payments
Oracle PeopleSoft
Oracle WebLogic Server
OT
OTA update
OTP interception
Outlook
OX Security
OxideHarvest
OYSTERBLUES
OYSTERFRESH
OYSTERSHUCK
P2P
package masquerading
package registry
- Mastra
easy-day-jsnpm scope compromise - Operation DangerousPassword axios npm compromise
- Telnyx PyPI TeamPCP compromise
package registry credentials
package scanning
package-cooldowns
package-manager-hardening
package-splitting
package-takeover
Packagist
- Famous Chollima Packagist dev-branch loader
- GitHub / Packagist postinstall hook campaign
- Laravel-Lang Composer tag-rewrite compromise
- PolinRider cross-ecosystem supply-chain campaign
page cache
- Linux DirtyClone CVE-2026-43503 local privilege escalation
- Linux pedit COW CVE-2026-46331 local privilege escalation
page poisoning
Pakistan
Pakistan-linked
Palo Alto Networks
PAM
PAM credential validation
PamStealer
PAN-OS
parallel-intrusion
password spray
password spraying
Pastebin
patch management
path traversal
patterns
- Agent localhost control-plane RCE
- Agent skill marketplace poisoning
- AI scanner anti-analysis
- AI-agent memory poisoning
- AI-augmented adversary operations
- AI-brand impersonation phishing and malvertising
- Browser-based developer IDE OAuth token theft
- Claude Code GitHub Action prompt-injection boundary
- ClickOnce COM hijacking abuse
- Cloud bucket namespace hijacking
- Cloud logging control-plane tampering
- Crypto supply-chain path to transaction authority
- Developer-tool config auto-execution
- GitHub Actions deployment poisoning
- GitHub Actions OIDC subject-claim collisions
- GuardFall AI-agent shell-guard bypass
- LangGraph checkpointer injection and unsafe deserialization
- Malicious infrastructure provider concentration
- MCP stdio command-execution boundary
- MCP tool-description poisoning
- Microsoft Teams external-chat phishing
- npm install explicit-trust controls
- Phantom squatting: AI-hallucinated domains
- Sentry MCP Agentjacking
- Vertex AI staging-bucket squatting
payload loader
payload staging
payload-as-a-service
payment fraud
payment workflow exposure
payment-card theft
payment-card-theft
payroll lures
pe_to_shellcode
PebbleDash
pedit
pentesting
people
PeopleTools
PerfWatson2.exe
Perplexity AI
persistence
- Bitwarden / Checkmarx Shai-Hulud Third Coming campaign
- CanisterWorm
- ChocoPoC
- ChocoPoC fake PoC supply-chain campaign
- ClickOnce COM hijacking abuse
- forge-jsxy
- Mastra
easy-day-jsnpm scope compromise - MYRA RAT
- Nx Console VS Code extension compromise
- Ollama P2P cryptominer RAT campaign
- Operation Highland Velvet Ant authentication-stack backdoors
- Pirated media SilentCryptoMiner RAT campaign
- postcss-minify-selector-parser npm RAT
- QuimaRAT
- ROADtools
- Showboat
- Stock exchange executive mailbox espionage
- TamperedChef-style productivity malware clusters
- TeamPCP
- TrapDoor crypto-stealer cross-ecosystem campaign
- Trivy compromise
- Trivy → TeamPCP → CanisterWorm: compromise timeline
- Velvet Ant
- wshu.net npm credential-stealer campaign
pfSense
PhaaS
Phantom Gyp
- binding.gyp npm CI/CD worm
- Immobiliare Labs Backstage plugins npm compromise
- Leo Platform npm Miasma-style compromise
PhantomClick
PhantomMail
PhantomRelay
Philippines
phishing
- AI-brand impersonation phishing and malvertising
- Avalon / CrownX malware framework
- Chinese-language PhaaS wallet-tokenization ecosystem
- Cloud Atlas
- Dutch Police / NCSC 17-million-device botnet disruption
- GHOST STADIUM FIFA World Cup ticket phishing
- Ghostwriter
- Grandoreiro and BTMOB Latin America / Europe malware campaigns
- Hunt.io global smishing infrastructure campaign
- Kali365 device-code phishing expansion
- Outsider Enterprise smishing PhaaS
- Phantom squatting: AI-hallucinated domains
- Photo ZIP hospitality Node.js implant campaign
- Russian intelligence commercial-messaging backup-key phishing
- TA4922
- UNK_DeadDrop developer repository phishing
phishing-as-a-service
PHP
PHP code injection
PHP object injection
PHP upload
physics
PicassoLoader
pickle
pig butchering
pig-butchering
piracy
Piriform
Pix
PixelSmash
PKGBUILD
plaintext HTTP
Plandex
PLENET
plugin architecture
poisoned-branch
PolinRider
polyfill
Polymarket
polymorphic loader
polymorphic payloads
Popa
portmap
Portugal
post-authentication RCE
post-exploitation
- AI-augmented adversary operations
- Marimo CVE-2026-39987 LLM-agent post-exploitation
- Showboat
- TaskWeaver
post-exploitation framework
postal-impersonation
PostCSS
PostgreSQL
- Drupal Core CVE-2026-9082 exploitation
- Marimo CVE-2026-39987 LLM-agent post-exploitation
- Splunk Enterprise CVE-2026-20253 pre-auth file write / RCE
postinstall
- @marketfront / @tqm-mfe dependency-confusion stealer
- faster-axios / turbo-axios Epsilon Stealer npm campaign
- Malware-Slop Claude user-data npm infostealer
- Mastra
easy-day-jsnpm scope compromise - MYRA RAT
- oob.moika.tech dependency-confusion environment stealer
- Operation DangerousPassword axios npm compromise
- Polymarket npm wallet-drainer packages
- wshu.net npm credential-stealer campaign
PowerCloud
PowerShell
- Armored Likho BusySnake campaign
- ClickFix CPaaS API-driven payload delivery
- Cloud Atlas
- FortiClient EMS CVE-2026-35616 EKZ Infostealer campaign
- Gamaredon
- Gamaredon 2025 tunnels, workers, dead drops, and cloud exfiltration
- Gamaredon GammaPhish / GammaWorm / GammaSteel chain
- GREYVIBE
- Oman government Iranian-nexus webshell C2
- Photo ZIP hospitality Node.js implant campaign
- postcss-minify-selector-parser npm RAT
- Seedworm / MuddyWater
- StealC / Amadey infrastructure disruption
- UAC-0226 / SHADOW-EARTH-066
- VEIL#DROP Blogger-hosted PureLogs stealer chain
PowerShell malware
PowerShower
PPtP
PRA
PraisonAI
PRC
PRC-aligned
PRC-nexus
pre-auth RCE
pre-authentication
- Citrix NetScaler CVE-2026-8451 memory overread
- Splunk Enterprise CVE-2026-20253 pre-auth file write / RCE
preinstall
Primitive Bear
PrincessClub
privacy
privacy exposure
private registry fallback
private-key theft
privilege escalation
- Android Framework CVE-2025-48595 exploitation
- Cisco Catalyst SD-WAN Manager CVE-2026-20245 / CVE-2026-20262 exploitation
- Drupal Core CVE-2026-9082 exploitation
- Linux Kernel CVE-2022-0492 cgroup release_agent exploitation
- Linux nftables CVE-2026-23111 public LPE exploits
- LiteSpeed cPanel CVE-2026-48172 exploitation
- LiteSpeed cPanel Plugin CVE-2026-54420 exploitation
- WP Maps Pro CVE-2026-8732 exploitation
Privileged Remote Access
process doppelgänging
process environment scraping
process hollowing
- AI chatbot and SEO poisoning GPU-cryptojacking campaign
- Pirated media SilentCryptoMiner RAT campaign
process injection
- OceanLotus
- Operation DragonReturn India tax-season DcRAT campaign
- Operation GriefLure Southeast Asia LNK dropper
product lifecycle management
professional services
profile.d
Progress Kemp LoadMaster
Project Proposal.exe
prompt injection
- Agent localhost control-plane RCE
- Agent skill marketplace poisoning
- AI scanner anti-analysis
- AI-agent memory poisoning
- Claude Code GitHub Action prompt-injection boundary
- GuardFall AI-agent shell-guard bypass
- macOS.Gaslight Rust backdoor
- MCP tool-description poisoning
prompt-injection
- AI-augmented adversary operations
- HackerBot Claw GitHub Actions exploitation campaign
- SANDWORM_MODE AI-toolchain npm worm
- TrapDoor crypto-stealer cross-ecosystem campaign
PROMPTFLUX
PROMPTSPY
proof of deletion
Proofpoint
protestware
Protobuf
provenance
proxy
- First VPN
- PCPJack cloud SMTP relay network
- Showboat
- TamperedChef-style productivity malware clusters
- VPN Go browser-extension clipboard stealer
- Webworm
proxy network
ProxyChains
PSEMHUB
PsExec
PSIGW
psychological operations
PTC
PteroBox
PteroPaste
PteroPSDoor
PteroSetup
PteroVDoor
public exploit
- Linux Bad Epoll CVE-2026-46242 local privilege escalation
- MiniPlasma Windows Cloud Filter LPE exploitation
public file-transfer exfiltration
public sector
pull requests
PUP
PureLogs Stealer
pwn-request
PyArmor
PyPI
- binding.gyp npm CI/CD worm
- ChocoPoC
- ChocoPoC fake PoC supply-chain campaign
- Glassworm developer supply-chain botnet
- LiteLLM compromise
- Mini Shai-Hulud npm/PyPI worm campaign
- Solana FakeFix npm / PyPI developer stealer
- Telnyx PyPI TeamPCP compromise
- TrapDoor crypto-stealer cross-ecosystem campaign
- Xinference PyPI compromise
Python
- ChocoPoC
- ChocoPoC fake PoC supply-chain campaign
- html-to-gutenberg / fetch-page-assets VS Code blockchain stealer
- macOS.Gaslight Rust backdoor
- postcss-minify-selector-parser npm RAT
- Seedworm / MuddyWater
- Telnyx PyPI TeamPCP compromise
- Xinference PyPI compromise
Python extension modules
Python malware
Python stealer
QiAnXin XLab
Qilin
QNAP
QR code interception
query injection
Quest KACE SMA
QuimaRAT
RaaS
race condition
RainbowEx
RakNet flood
RAM disk
Ransom-ISAC
ransomware
- Anubis ransomware CitrixBleed 2 / RMM / cloudflared intrusions
- Avalon / CrownX malware framework
- Check Point VPN CVE-2026-50751 exploitation
- CrownX
- First VPN
- Fox Tempest
- Kairos data-extortion government payment
- Storm-2603 parallel SharePoint ransomware intrusion
- The Gentlemen ransomware
ransomware access
ransomware enablement
ransomware-access
rapid exploitation
RAR archives
RAR staging
RAT
- Armored Likho
- ChocoPoC
- ChocoPoC fake PoC supply-chain campaign
- DAEMON Tools Lite supply-chain compromise
- Famous Chollima Packagist dev-branch loader
- faster-axios / turbo-axios Epsilon Stealer npm campaign
- forge-jsxy
- Glassworm developer supply-chain botnet
- Grandoreiro and BTMOB Latin America / Europe malware campaigns
- GREYVIBE
- JINX-0164 crypto developer infrastructure campaign
- Mastra
easy-day-jsnpm scope compromise - MYRA RAT
- Ollama P2P cryptominer RAT campaign
- Operation DangerousPassword axios npm compromise
- Pirated media SilentCryptoMiner RAT campaign
- postcss-minify-selector-parser npm RAT
- QuimaRAT
- RemotePE
- Screening Serpens
- SprySOCKS
- StegaBin Pastebin-steganography npm campaign
- STOCKSTAY
- TamperedChef-style productivity malware clusters
- TinyRCT
RC4
- @marketfront / @tqm-mfe dependency-confusion stealer
- OP-512
- StealC / Amadey infrastructure disruption
- UAC-0226 / SHADOW-EARTH-066
RC4 C2
RCE
- Agent localhost control-plane RCE
- LangGraph checkpointer injection and unsafe deserialization
- LiteLLM CVE-2026-42271 MCP stdio command injection
- MCP stdio command-execution boundary
- Splunk Enterprise CVE-2026-20253 pre-auth file write / RCE
- Vertex AI staging-bucket squatting
Rclone
rclone
RCS
RDP
RDP phishing
RDS
Reality
Reaper
reconnaissance
recovery denial
recovery disruption
recruitment lures
Red Dev 10
Red Hat
REDCap
Redis
Redis backdoor
RediSearch
reflective .NET loading
refresh token theft
refresh tokens
RegAsm process hollowing
registry persistence
- Operation XENOFISCAL SideCopy XenoRAT campaign
- Photo ZIP hospitality Node.js implant campaign
- SideCopy
- The Gentlemen ransomware
- Turla STOCKSTAY backdoor operations
registry-controls
release automation
release tampering
remote access
- Citrix NetScaler CVE-2026-8451 memory overread
- ConnectWise ScreenConnect exploitation wave
- FortiBleed Fortinet credential exposure
- Lazarus-linked Rollup polyfill npm malware
- Pirated media SilentCryptoMiner RAT campaign
- WhatsApp VBScript ManageEngine RMM campaign
Remote Access VPN
remote code execution
- Crypto Clipper Tor / USB worm
- Drupal Core CVE-2026-9082 exploitation
- Everest Forms Pro CVE-2026-3300 exploitation
- FFmpeg PixelSmash CVE-2026-8461 media-file RCE
- Ivanti Sentry CVE-2026-10520 exploitation
- Joomla JCE CVE-2026-48907 exploitation
- Microsoft SharePoint CVE-2026-45659 RCE exploitation
- PTC Windchill / FlexPLM CVE-2026-12569 exploitation
- StegoAd Edge extension steganography campaign
remote debugging
remote monitoring and management
remote script injection
Remote Support
remote support
- BeyondTrust RS / PRA CVE-2026-40138 and CVE-2026-40139 authentication bypass
- SimpleHelp CVE-2026-48558 authentication-bypass exploitation
remote-access
Remotely
RemotePE
RemotePELoader
removable media
Rentry
replication
repo-server
repository poisoning
residential proxies
residential proxy
REST C2
restart-triggered execution
reverse proxy
reverse SSH tunneling
REVERSE_PROXY_TRUSTED_PROXIES
ReverseSocks
reviewdog
RingH23
RMM
- BeyondTrust RS / PRA CVE-2026-40138 and CVE-2026-40139 authentication bypass
- SimpleHelp CVE-2026-48558 authentication-bypass exploitation
- UNC3753
RMM abuse
- AI chatbot and SEO poisoning GPU-cryptojacking campaign
- Anubis ransomware CitrixBleed 2 / RMM / cloudflared intrusions
- Cavern
- Cavern Manticore
- ScreenConnect freeware / AsyncRAT SEO campaign
- TaskWeaver
- WhatsApp VBScript ManageEngine RMM campaign
ROADrecon
ROADtools
roadtx
RokRAT
Rollup
RomulusLoader
Roo-Code
root
root escalation
root execution
rootkit
- Atomic Arch AUR package hijack
- Funnull RingH23 and MacCMS supply-chain attacks
- IronWorm npm Rust infostealer campaign
- MYRA RAT
ROPC
Rouki obfuscation
Roundcube
router
router malware
RSA
RSA-2048
RT-Thread
RTL819X
RubyGems
rundll32
Runner.Worker
runtime execution
runtime mutation
runZero
Russia
- APT29
- Armored Likho
- Cloud Atlas
- Dragonfly
- Gamaredon
- Gamaredon 2025 tunnels, workers, dead drops, and cloud exfiltration
- Gamaredon GammaPhish / GammaWorm / GammaSteel chain
- UAC-0226 / SHADOW-EARTH-066
Russia-linked
Russia-linked cybercrime
Russia-nexus
Russian Intelligence Services
Russian-speaking forums
Rust
- Atomic Arch AUR package hijack
- IronWorm npm Rust infostealer campaign
- macOS.Gaslight Rust backdoor
- Operation Dragon Weave Azure Blob C2 campaign
- RustDuck
- TrapDoor crypto-stealer cross-ecosystem campaign
- wshu.net npm credential-stealer campaign
Rust malware
S3 Browser
S3-compatible storage
s5cmd
SaaS
- BlackFile / UNC6671 vishing extortion operation
- Klue Salesforce OAuth token abuse
- ServiceNow instance unauthenticated table-query exploitation
SaaS exposure
sabotage
Safari
SafeDep
Salesforce
SAML IdP
Samsung TizenRT
sandboxing
scam infrastructure
scambling
scanner evasion
ScarCruft
scheduled task
scheduled task persistence
- Armored Likho BusySnake campaign
- Banana RAT / SHADOW-WATER-063 Brazilian banking fraud
- BusySnake Stealer
- Mustang Panda ZOHOMURK / MINIRECON India campaigns
- ScreenConnect freeware / AsyncRAT SEO campaign
scheduled tasks
- Operation XENOFISCAL SideCopy XenoRAT campaign
- Stock exchange executive mailbox espionage
- StrikeShark SharkLoader / Cobalt Strike campaign
- The Gentlemen ransomware
scope squatting
screen capture
ScreenConnect
- AI chatbot and SEO poisoning GPU-cryptojacking campaign
- Anubis ransomware CitrixBleed 2 / RMM / cloudflared intrusions
- ConnectWise ScreenConnect exploitation wave
- ScreenConnect freeware / AsyncRAT SEO campaign
screenshot theft
script-injection
SD-WAN
search hijacking
search result poisoning
Secret Blizzard
secret exposure
secrets
- binding.gyp npm CI/CD worm
- CircleCI 2023 customer secret exposure incident
- Claude Code GitHub Action prompt-injection boundary
- Codecov Bash Uploader compromise
- GitHub Actions deployment poisoning
secrets management
Secure Preferences
security platform
seed phrase theft
Seedworm
segmented networks
Sekoia
self-delete
self-hosted AI services
self-hosted media
self-propagation
semantic-release
sendit.sh
sensitive information exposure
Sentinel
Sentry
Sentry abuse
SEO poisoning
- AI chatbot and SEO poisoning GPU-cryptojacking campaign
- AI-brand impersonation phishing and malvertising
- ScreenConnect freeware / AsyncRAT SEO campaign
- StealC / Amadey infrastructure disruption
Serv-U
service accounts
service-agent
ServiceNow
session hijacking
session secret exposure
session theft
session token theft
shadow copy deletion
shadow MMU
SHADOW-AETHER-040
SHADOW-AETHER-064
SHADOW-EARTH-066
SHADOW-WATER-063
ShadowPad
Shai-Hulud
- AI scanner anti-analysis
- binding.gyp npm CI/CD worm
- Bitwarden / Checkmarx Shai-Hulud Third Coming campaign
- Developer-tool config auto-execution
- Mini Shai-Hulud npm/PyPI worm campaign
- npm install explicit-trust controls
- SANDWORM_MODE AI-toolchain npm worm
SHARDLOADER
share propagation
shared hosting
- LiteSpeed cPanel CVE-2026-48172 exploitation
- LiteSpeed cPanel Plugin CVE-2026-54420 exploitation
- Mr_Rot13 cPanel CVE-2026-41940 backdoor campaign
shared secrets
SharePoint
- BlackFile / UNC6671 vishing extortion operation
- Microsoft SharePoint CVE-2026-45659 RCE exploitation
- Storm-2603 parallel SharePoint ransomware intrusion
SharePoint Server
SharkLoader
shell injection
ShinyHunters
Shuckworm
SideCopy
Signal
Signal interception
signed malware
signed updates
signed-binary
Silent Ransom Group
Silent Swap
SilentCryptoMiner
SilentRunLoader
SiliconFlow
SimpleHelp
simulation tampering
Site Member permissions
skb
SkillCloak
SkillDetonate
sleeper packages
Sliver
SLSA
smart TVs
SmartScreen
SMB
SMB brute force
SMB egress
smishing
- 0ktapus phishing campaign
- Crypto supply-chain path to transaction authority
- Hunt.io global smishing infrastructure campaign
- Outsider Enterprise smishing PhaaS
sms-phishing
SMTP
Snake
SNOWLIGHT
SocGholish
social engineering
- AI-brand impersonation phishing and malvertising
- Chinese-language PhaaS wallet-tokenization ecosystem
- ClickFix CPaaS API-driven payload delivery
- Fake-reputation crypto clipboard hijacker
- JINX-0164
- JINX-0164 crypto developer infrastructure campaign
- Microsoft Teams external-chat phishing
- Polymarket npm wallet-drainer packages
- Russian intelligence commercial-messaging backup-key phishing
- Screening Serpens
- UNC3753
- UNC6692 SNOW malware social-engineering campaign
- Void Dokkaebi
- WhatsApp VBScript ManageEngine RMM campaign
social-engineering
Socket
Socket Security Research
Socket.IO
SOCKS tunneling
SOCKS5
SOCKS5 tunneling
SoftEther VPN
software impersonation
software supply chain
software-deployment
SOHO router
SOHO routers
Solana
SolarWinds
Solid PDF Creator
SolidPDFCreator.dll
SolidPDFPcl2Bmp
Sophos
source control
source-code compromise
source-package drift
source-package mismatch
source-repository poisoning
- Astro config blockchain C2 PR injection
- Developer-tool config auto-execution
- PolinRider cross-ecosystem supply-chain campaign
SourceForge abuse
South Africa
South Asia
South Korea
Southeast Asia
- CL-STA-1062
- CL-STA-1062 Southeast Asia government and energy intrusions
- OceanLotus
- Operation GriefLure Southeast Asia LNK dropper
- Showboat
spam
spear phishing
- Armored Likho
- Armored Likho BusySnake campaign
- Kimsuky / Emerald Sleet / TA427
- Operation DragonReturn India tax-season DcRAT campaign
- Operation XENOFISCAL SideCopy XenoRAT campaign
- SideCopy
- Thailand healthcare RAR / Python stealer campaign
- UAC-0226 / SHADOW-EARTH-066
spear-phishing
spearphishing
SPECTRALVIPER
Sphinx ransomware
SpiderLabs
Splunk
SprySOCKS
SQL injection
- Drupal Core CVE-2026-9082 exploitation
- Ghost CMS CVE-2026-26980 ClickFix poisoning
- LangGraph checkpointer injection and unsafe deserialization
SQLite
SquareShell
SSH
SSH bastion
SSH brute force
SSH key exposure
SSH key persistence
SSH keys
SSH lateral movement
SSH persistence
SSH tunnels
SSL VPN
SSRF
- Cisco Unified CM CVE-2026-20230 file-write exploitation
- GitHub Actions deployment poisoning
- Oracle PeopleSoft CVE-2026-35273 ShinyHunters exploitation
staged malicious update
stale access
stale credentials
Startup folder persistence
state-linked
state-owned enterprise
Static Kitten
stdio
- Agent localhost control-plane RCE
- LiteLLM CVE-2026-42271 MCP stdio command injection
- MCP stdio command-execution boundary
StealC
stealer
steganography
StegoAd
STM32Cube
stock exchange
STOCKSTAY
storage deletion
Storm-2603
Storm-2697
Storm-3075
STRD
streaming boxes
STUN
Stuxnet lineage
subject claim
SUMMIT
Supabase
supply chain
- ChocoPoC
- ChocoPoC fake PoC supply-chain campaign
- FFmpeg PixelSmash CVE-2026-8461 media-file RCE
- MYRA RAT
- Solana FakeFix npm / PyPI developer stealer
supply chain compromise
supply-chain
- 3CX desktop app compromise
- @marketfront / @tqm-mfe dependency-confusion stealer
- @withgoogle/stitch-sdk scope squat
- actions-cool GitHub Actions tag compromise
- Agent skill marketplace poisoning
- AI scanner anti-analysis
- AI-augmented adversary operations
- APT29
- art-template Coruna-style iOS watering-hole compromise
- Astro config blockchain C2 PR injection
- Atomic Arch AUR package hijack
- binding.gyp npm CI/CD worm
- Bitwarden / Checkmarx Shai-Hulud Third Coming campaign
- Browser-based developer IDE OAuth token theft
- BufferZoneCorp RubyGems / Go module CI poisoning
- CanisterWorm
- Claude Code GitHub Action prompt-injection boundary
- Codecov Bash Uploader compromise
- codexui-android OpenAI token stealer
- codfish semantic-release-action tag compromise
- Crypto supply-chain path to transaction authority
- DAEMON Tools Lite supply-chain compromise
- Developer-tool config auto-execution
- Famous Chollima Packagist dev-branch loader
- faster-axios / turbo-axios Epsilon Stealer npm campaign
- forge-jsxy
- Funnull RingH23 and MacCMS supply-chain attacks
- GitHub / Packagist postinstall hook campaign
- GitHub Actions deployment poisoning
- GitHub Actions OIDC subject-claim collisions
- Glassworm developer supply-chain botnet
- HackerBot Claw
- HackerBot Claw GitHub Actions exploitation campaign
- html-to-gutenberg / fetch-page-assets VS Code blockchain stealer
- Immobiliare Labs Backstage plugins npm compromise
- IronWorm npm Rust infostealer campaign
- JetBrains AI plugin API-key theft
- JiaT75
- JINX-0164
- JINX-0164 crypto developer infrastructure campaign
- js-logger-pack Hugging Face exfiltration campaign
- Klue Salesforce OAuth token abuse
- Laravel-Lang Composer tag-rewrite compromise
- Lazarus-linked Rollup polyfill npm malware
- Leo Platform npm Miasma-style compromise
- LiteLLM compromise
- Malware-Slop Claude user-data npm infostealer
- Mastra
easy-day-jsnpm scope compromise - MCP stdio command-execution boundary
- MCP tool-description poisoning
- Megalodon GitHub Actions workflow backdooring
- Mini Shai-Hulud npm/PyPI worm campaign
- node-ipc 2026 npm maintainer-account compromise
- npm install explicit-trust controls
- Nx Console VS Code extension compromise
- oob.moika.tech dependency-confusion environment stealer
- Operation DangerousPassword axios npm compromise
- Phantom squatting: AI-hallucinated domains
- PolinRider cross-ecosystem supply-chain campaign
- Polymarket npm wallet-drainer packages
- postcss-minify-selector-parser npm RAT
- procwire / routecraft npm Windows dropper
- SANDWORM_MODE AI-toolchain npm worm
- ScarCruft Yanbian game-platform supply-chain attack
- shopsprint/decimal Go typosquat DNS backdoor
- Sicoob.Sdk NuGet banking certificate stealer
- simonecorsi/mawesome GitHub Action compromise
- StegaBin Pastebin-steganography npm campaign
- TeamPCP
- Telnyx PyPI TeamPCP compromise
- tj-actions and reviewdog compromise
- TrapDoor crypto-stealer cross-ecosystem campaign
- Trivy compromise
- Trivy → TeamPCP → CanisterWorm: compromise timeline
- Vertex AI staging-bucket squatting
- Void Dokkaebi
- vpmdhaj OpenSearch npm cloud-secret stealer
- VPN Go browser-extension clipboard stealer
- wshu.net npm credential-stealer campaign
- Xinference PyPI compromise
- XZ Utils backdoor
suspected China-aligned
SWE-agent
SWUpdate
Symantec Threat Hunter Team
symlink following
Synacktiv
Synology
Sysdig
SYSTEM
systemd-userdbd
T1204.004
T3
TA427
TA569
Tactical RMM
tag rewrite
tag tampering
- actions-cool GitHub Actions tag compromise
- codfish semantic-release-action tag compromise
- simonecorsi/mawesome GitHub Action compromise
- tj-actions and reviewdog compromise
TAG-124
TAG-22
Taiwan
- CL-STA-1062
- CL-STA-1062 Southeast Asia government and energy intrusions
- FishMonger
- Mustang Panda
- Mustang Panda ZOHOMURK / MINIRECON India campaigns
- Operation Dragon Weave Azure Blob C2 campaign
- SprySOCKS
takedown
- Dutch Police / NCSC 17-million-device botnet disruption
- First VPN
- Glassworm developer supply-chain botnet
TamperedChef
targeted operations
TartarusGate
TaskWeaver
tax-season phishing
tc
TCP traffic diversion
TDS
TeamPCP
- actions-cool GitHub Actions tag compromise
- AI-augmented adversary operations
- Bitwarden / Checkmarx Shai-Hulud Third Coming campaign
- Mini Shai-Hulud npm/PyPI worm campaign
- Nx Console VS Code extension compromise
- Telnyx PyPI TeamPCP compromise
- Trivy compromise
- Xinference PyPI compromise
TeamPCP-adjacent
Teams access
TeamViewer
TEASOUP
Tebi
technician session
telecom
telecom-impersonation
telecommunications
Telegra.ph
Telegram
- 0ktapus phishing campaign
- Chinese-language PhaaS wallet-tokenization ecosystem
- Gamaredon 2025 tunnels, workers, dead drops, and cloud exfiltration
- Gamaredon GammaPhish / GammaWorm / GammaSteel chain
- GREYVIBE
- UAC-0226 / SHADOW-EARTH-066
telegram
Telegram C2
- macOS.Gaslight Rust backdoor
- Solana FakeFix npm / PyPI developer stealer
- wshu.net npm credential-stealer campaign
Telegram exfiltration
telemetry
Teletype
Telnet brute force
Telnyx
Temp Zagros
tenant-project
Tenda
Tenet Security
Tetrade
Thailand
The Gentlemen
The Hacker News
- Azure CLI LSHIY password-spray campaign
- Gitea Docker CVE-2026-20896 probing
- StegoAd Edge extension steganography campaign
third-party integrations
threat hunting
ThrottleBlood
thumbnail generation
TinyGo
TinyRCT
tj-actions
ToddyCat
token forgery
token replay
token theft
token-theft
TONESHELL
tool
tool output injection
tool poisoning
tool use
tooling
- CanisterWorm
- HackerBot Claw
- LiteLLM compromise
- TeamPCP
- Trivy → TeamPCP → CanisterWorm: compromise timeline
tools
- BusySnake Stealer
- Cavern
- CrownX
- Djinn Stealer
- Fast16
- First VPN
- forge-jsxy
- MYRA RAT
- PamStealer
- QuimaRAT
- RemotePE
- ROADtools
- RustDuck
- Showboat
- SprySOCKS
- STOCKSTAY
- TaskWeaver
- The Gentlemen ransomware
- TinyRCT
- Umbrij
Tor
Total Software Deployment
Trading Technologies
traffic control
traffic hijacking
traffic-distribution-system
traffic-fraud
transaction authority
transnational repression
Transparent Tribe
Trend Micro
- Langflow CVE-2026-33017 cryptominer SSH worm
- SHADOW-AETHER AI-augmented Latin America intrusions
- Trend Micro Apex One CVE-2026-34926 exploitation
TrendAI
TrickBot
Trident Ursa
Tron
trusted publishing
tunnel decapsulation
tunnel services
Turla
- Gamaredon 2025 tunnels, workers, dead drops, and cloud exfiltration
- STOCKSTAY
- Turla
- Turla STOCKSTAY backdoor operations
Turla collaboration
Twilio
TypeScript
typosquat
typosquatting
- @withgoogle/stitch-sdk scope squat
- faster-axios / turbo-axios Epsilon Stealer npm campaign
- Funnull RingH23 and MacCMS supply-chain attacks
- Hunt.io global smishing infrastructure campaign
- Lazarus-linked Rollup polyfill npm malware
- Microsoft Teams external-chat phishing
- SANDWORM_MODE AI-toolchain npm worm
- ScreenConnect freeware / AsyncRAT SEO campaign
- shopsprint/decimal Go typosquat DNS backdoor
- StegaBin Pastebin-steganography npm campaign
- vpmdhaj OpenSearch npm cloud-secret stealer
UAC
UAC bypass
UAC-0010
- Gamaredon
- Gamaredon 2025 tunnels, workers, dead drops, and cloud exfiltration
- Gamaredon GammaPhish / GammaWorm / GammaSteel chain
UAC-0098
UAC-0194
UAC-0226
UAT-7237
Ubiquiti
Ubuntu
Udev persistence
UDP C2
Ukraine
- APT28 LNK SmartScreen bypass and CVE-2026-32202 coercion chain
- Gamaredon
- Gamaredon 2025 tunnels, workers, dead drops, and cloud exfiltration
- Gamaredon GammaPhish / GammaWorm / GammaSteel chain
- Ghostwriter
- GREYVIBE
- Russian intelligence commercial-messaging backup-key phishing
- Showboat
- UAC-0226 / SHADOW-EARTH-066
Ukraine targeting
UltraVNC
Umbrij
unauthenticated access
unauthenticated HTTP exploitation
unauthenticated RCE
- Argo CD repo-server unauthenticated RCE
- Oracle PeopleSoft CVE-2026-35273 ShinyHunters exploitation
- Progress Kemp LoadMaster CVE-2026-8037 pre-auth RCE
UNC1543
UNC2814
UNC3753
UNC4221
UNC4736
UNC5792
UNC6240
UNC6508
UNC6671
UNC6692
UNC6780
Uni-App
UniFi OS
Unified CM SME
uninitialized heap memory
Unit 42
- FortiBleed Fortinet credential exposure
- Operation FlutterBridge FlutterShell macOS malvertising
- Phantom squatting: AI-hallucinated domains
United States
university targeting
UNK_MassTraction
unpatched vulnerability
unsafe deserialization
unsigned installer
uranium compression
USB propagation
USB weaponizer
USB worm
use-after-free
user execution
user namespaces
- Linux DirtyClone CVE-2026-43503 local privilege escalation
- Linux pedit COW CVE-2026-46331 local privilege escalation
UTA0355
uTLS
V4bel
V8
valid accounts
ValleyRAT
VBCloud
VBE
VBS
VBScript
- BusySnake Stealer
- Cloud Atlas
- Gamaredon
- Gamaredon 2025 tunnels, workers, dead drops, and cloud exfiltration
- Gamaredon GammaPhish / GammaWorm / GammaSteel chain
- WhatsApp VBScript ManageEngine RMM campaign
VEIL#DROP
Velociraptor
Velvet Ant
VELVETSHELL
vendor compromise
vendor credentials
VENOMOUS BEAR
Vercel
Vertex AI
Vidar Stealer
Vietnam
Vietnam-aligned
Views
ViewState deserialization
virtualization
- Ababil of Minab MOIS-linked recovery-destruction campaign
- Januscape KVM CVE-2026-53359 guest-to-host escape
VirusTotal sentiment abuse
vishing
Visual Studio
Visual Studio Code Remote SSH
VLESS
vManage
VMware
VNT
Volt Typhoon
VPN
- Check Point VPN CVE-2026-50751 exploitation
- Citrix NetScaler CVE-2026-8451 memory overread
- First VPN
- PAN-OS GlobalProtect CVE-2026-0257 exploitation
- VPN Go browser-extension clipboard stealer
VPN gateway
VPN Go
VPN session hijacking
VS Code
- Amazon Q CVE-2026-12957 MCP auto-execution
- Bitwarden / Checkmarx Shai-Hulud Third Coming campaign
- Browser-based developer IDE OAuth token theft
- Glassworm developer supply-chain botnet
- html-to-gutenberg / fetch-page-assets VS Code blockchain stealer
- Nx Console VS Code extension compromise
- PolinRider cross-ecosystem supply-chain campaign
- UNK_DeadDrop developer repository phishing
VS Code tunnels
VShell
VSIX
vSphere
VU#213560
vulnerability
- Adobe ColdFusion APSB26-68 CVE bonanza
- Amazon Q CVE-2026-12957 MCP auto-execution
- Android Framework CVE-2025-48595 exploitation
- BeyondTrust RS / PRA CVE-2026-40138 and CVE-2026-40139 authentication bypass
- Citrix NetScaler CVE-2026-8451 memory overread
- FatFs CVE-2026-6682 to CVE-2026-6688 embedded-filesystem bug cluster
- Januscape KVM CVE-2026-53359 guest-to-host escape
- Linux Bad Epoll CVE-2026-46242 local privilege escalation
- Linux DirtyClone CVE-2026-43503 local privilege escalation
- Linux Kernel CVE-2022-0492 cgroup release_agent exploitation
- Linux nftables CVE-2026-23111 public LPE exploits
- Linux pedit COW CVE-2026-46331 local privilege escalation
- Microsoft Defender CVE-2026-41091 / CVE-2026-45498 exploitation
- Mirasvit Cache Warmer CVE-2026-45247 exploitation
- Progress Kemp LoadMaster CVE-2026-8037 pre-auth RCE
- Quest KACE SMA CVE-2025-32975 exploitation
- Tenda firmware CVE-2026-11405 hidden authentication backdoor
- Trend Micro Apex One CVE-2026-34926 exploitation
vulnerability research
vulnerability-research
VXLAN
w3wp.exe
wallet address replacement
wallet drainer
wallet infrastructure
wallet replacement
wallet theft
- Fake-reputation crypto clipboard hijacker
- Mastra
easy-day-jsnpm scope compromise - Solana FakeFix npm / PyPI developer stealer
- Void Dokkaebi
wallet-drainer
wallet-theft
Wasabi
watchdog
watchTowr
- Adobe ColdFusion APSB26-68 CVE bonanza
- Citrix NetScaler CVE-2026-8451 memory overread
- Progress Kemp LoadMaster CVE-2026-8037 pre-auth RCE
watering hole
watering-hole
weak passwords
web application
- Drupal Core CVE-2026-9082 exploitation
- Everest Forms Pro CVE-2026-3300 exploitation
- Gravity SMTP CVE-2026-4020 exploitation
- WP Maps Pro CVE-2026-8732 exploitation
web hosting
web IDE
web management interface
web RCE
web shell
- Everest Forms Pro CVE-2026-3300 exploitation
- KnowledgeDeliver CVE-2026-5426 ViewState exploitation
- LiteSpeed cPanel Plugin CVE-2026-54420 exploitation
- Oman government Iranian-nexus webshell C2
- UNC6508
web shells
- CL-STA-1062
- CL-STA-1062 Southeast Asia government and energy intrusions
- StrikeShark SharkLoader / Cobalt Strike campaign
web supply chain
web-shells
WebAssembly
WebKit
WebLogic
webmail
WebRTC
webshell
website-compromise
WebSocket
WebSocket C2
- Cavern
- GREYVIBE
- Mustang Panda ZOHOMURK / MINIRECON India campaigns
- SprySOCKS
- STOCKSTAY
- Turla STOCKSTAY backdoor operations
websocket-sharp
WebView
Webworm
WhatsApp phishing
WHM
- LiteSpeed cPanel CVE-2026-48172 exploitation
- LiteSpeed cPanel Plugin CVE-2026-54420 exploitation
- Mr_Rot13 cPanel CVE-2026-41940 backdoor campaign
Widget Factory
WILDDAY
Windchill
Windchill PDMLink
WinDirStat
Windows
- 3CX desktop app compromise
- APT28 LNK SmartScreen bypass and CVE-2026-32202 coercion chain
- Backdoor.Mistic / KongTuke ModeloRAT activity
- BusySnake Stealer
- CCleaner signed-update compromise
- ClickOnce COM hijacking abuse
- Crypto Clipper Tor / USB worm
- DAEMON Tools Lite supply-chain compromise
- Djinn Stealer
- faster-axios / turbo-axios Epsilon Stealer npm campaign
- js-logger-pack Hugging Face exfiltration campaign
- Microsoft Defender CVE-2026-41091 / CVE-2026-45498 exploitation
- MiniPlasma Windows Cloud Filter LPE exploitation
- Operation DangerousPassword axios npm compromise
- Pirated media SilentCryptoMiner RAT campaign
- postcss-minify-selector-parser npm RAT
- procwire / routecraft npm Windows dropper
- QuimaRAT
- ScarCruft Yanbian game-platform supply-chain attack
- StrikeShark SharkLoader / Cobalt Strike campaign
- TamperedChef-style productivity malware clusters
- The Gentlemen ransomware
- TinyRCT
Windows Defender exclusions
Windows Forms
Windows malware
- Armored Likho BusySnake campaign
- CrownX
- Fake-reputation crypto clipboard hijacker
- Thailand healthcare RAR / Python stealer campaign
- WhatsApp VBScript ManageEngine RMM campaign
Windows persistence
Windows Run dialog
Windows Script Host
Windows service persistence
Windows Terminal
Winnti Group
Winos4.0
WinPython
WinRAR
- Gamaredon
- Gamaredon 2025 tunnels, workers, dead drops, and cloud exfiltration
- Gamaredon GammaPhish / GammaWorm / GammaSteel chain
- UAC-0226 / SHADOW-EARTH-066
wiper
wiper-adjacent
WireGuard
Wiz Research
WM_COPYDATA IPC
Woodgnat
WordPress
- Everest Forms Pro CVE-2026-3300 exploitation
- Gravity SMTP CVE-2026-4020 exploitation
- Operation Endgame SocGholish disruption
- WP Maps Pro CVE-2026-8732 exploitation
WordPress credential theft
workflow backdoor
workspace trust
World Cup
worm
- binding.gyp npm CI/CD worm
- Bitwarden / Checkmarx Shai-Hulud Third Coming campaign
- CanisterWorm
- Crypto Clipper Tor / USB worm
- Immobiliare Labs Backstage plugins npm compromise
- IronWorm npm Rust infostealer campaign
- Leo Platform npm Miasma-style compromise
- Mini Shai-Hulud npm/PyPI worm campaign
- PCPJack cloud SMTP relay network
- SANDWORM_MODE AI-toolchain npm worm
- TeamPCP
- Trivy → TeamPCP → CanisterWorm: compromise timeline
WP Maps Pro
WScript
X-Secret
X-WEBAUTH-USER
X_TRADER
XChaCha20
XenoRAT
XFRM
xlabs_v1
XMLDecoder
XMRig
- GREYVIBE
- Langflow CVE-2026-33017 cryptominer SSH worm
- Ollama P2P cryptominer RAT campaign
- Pirated media SilentCryptoMiner RAT campaign
XOR
XOR obfuscation
XSLT SSRF
XSS
XSS.is
XXE
xz
Yanbian
YesWeHack
YouTube abuse
Yuechi Shared Technology
yuze
ZAPiXDESK
Zendesk
Zephyr RTOS
Zero Trust
zero-click
zero-day
- KnowledgeDeliver CVE-2026-5426 ViewState exploitation
- MiniPlasma Windows Cloud Filter LPE exploitation
- Oracle PeopleSoft CVE-2026-35273 ShinyHunters exploitation
zero-reputation infrastructure
Zoho Assist
- Anubis ransomware CitrixBleed 2 / RMM / cloudflared intrusions
- Storm-2603 parallel SharePoint ransomware intrusion