mitre-t1078
534 articles with this tag
MEDIUM
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
CRITICAL
HIGH
CRITICAL
CRITICAL
CRITICAL
HIGH
HIGH
HIGH
MEDIUM
MEDIUM
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
MEDIUM
HIGH
HIGH
HIGH
MEDIUM
HIGH
HIGH
MEDIUM
HIGH
HIGH
HIGH
HIGH
MEDIUM
MEDIUM
MEDIUM
HIGH
MEDIUM
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
CRITICAL
HIGH
HIGH
HIGH
HIGH
HIGH
CRITICAL
HIGH
MEDIUM
MEDIUM
HIGH
HIGH
HIGH
MEDIUM
HIGH
MEDIUM
MEDIUM
HIGH
HIGH
MEDIUM
CRITICAL
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
MEDIUM
CRITICAL
HIGH
HIGH
HIGH
HIGH
MEDIUM
HIGH
CRITICAL
MEDIUM
MEDIUM
HIGH
CRITICAL
HIGH
HIGH
HIGH
HIGH
HIGH
CRITICAL
A week after Dutch FIOD seized 800+ servers, the hosting network's ASN (AS209847) is still scanning at its normal daily rate
Malicious npm packages abuse dependency confusion to profile developer environments
AI helps Russian-speaking GreyVibe run five parallel attack chains on Ukrainian targets
Lone attacker published 14 malicious npm packages mimicking popular OpenSearch, Elasticsearch libraries
‘Claude Code install’ search result leads to ClickFix infostealer attack
[NEU] [hoch] Froxlor: Mehrere Schwachstellen
Typosquatted npm packages used to steal cloud and CI/CD secrets
Lack of response to critical vulnerability in Gogs is a reminder of the limits of open source projects
Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft
Supply Chain Compromises Impact Nx Console and GitHub Repositories
Hackers exploit FortiClient EMS flaw to push infostealer malware
Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer
MacGregor Voyage Data Recorder (VDR) G4e
GPU mining malware spreads via SEO poisoning, AI chatbots
FBI warns US-based law firms to be on the lookout for cybercrime group that steals data in person
CrowdStrike disrupts Glassworm botnet that preyed on open-source supply chain
[local] Realtek rtl819x - Local Privilege
LA Metro Cyberattack Linked to Iranian State-Sponsored Hackers
BTMOB: A stealthy RAT burrowing deep into Android devices
MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries
MFA Prompt Bombing: Why Your Second Factor Isn't Saving You
Security experts caution MFA alone can no longer stop threat actors
Laravel-Lang Packages Poisoned for Malware Delivery
Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack
Laravel Lang packages hijacked to deploy credential-stealing malware
Paved With Intent: ROADtools and Nation-State Tactics in the Cloud
Mini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaign
Chinese APTs Share Linux Backdoor in Central Asia Telco Attacks
Grafana Labs Says Code Breach Stemmed from TanStack Attack
One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud ‘Patriot Bait’ Campaign
GitHub links repo breach to TanStack npm supply-chain attack
How a Webmail Log File Became a Root-Level Backdoor
Ukraine identifies infostealer operator tied to 28,000 stolen accounts
New Mini Shai-Hulud attack targets npm ecosystem
Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft
Storm-2949 actor targets Microsoft 365 and Azure environments
Grafana breach caused by missed token rotation after TanStack attack
Webworm APT targets European government organizations with new backdoors
GitHub says internal repositories were taken in poisoned VS Code extension attack
SHub Reaper impersonates Apple, Google, and Microsoft in one MacOS attack chain
Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack
Tracking TamperedChef Clusters via Certificate and Code Reuse
AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks
Mini Shai-Hulud returns, compromising hundreds of npm packages
How Storm-2949 turned a compromised identity into a cloud-wide breach
New Shai-Hulud malware wave compromises 600 npm packages
Critical Microsoft Vulnerabilities Doubled: From Exposure to Escalation
New macOS infostealer impersonates Apple, Microsoft, and Google in a single attack chain
Grafana Labs Confirms Hackers Stole Source Code
Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Published via Compromised Maintainer Account
Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
Malaysian government-linked campaign used hidden infrastructure for years
Shai-Hulud copycat worm infects yet another npm package
'Claw Chain' Vulnerabilities Threaten OpenClaw Deployments
Shai-Hulud Worm Clones Spread After Code Release
Turla group evolves Kazuar backdoor into modular P2P botnet
4 vulnerabilities in OpenClaw AI agent put thousands of servers at risk
The Canvas breach proved that prevention is no longer enough
Kazuar: Anatomy of a nation-state botnet
201 arrested in INTERPOL disruption of phishing and fraud networks
When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps
Russian hackers turn Kazuar backdoor into modular P2P botnet
TeamPCP releases ‘vibe coded’ Shai-Hulud source code, issues challenge
Undermining the trust boundary: Investigating a stealthy intrusion through third-party compromise
Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access
[local] Windows Snipping Tool - NTLMv2 Hash Hijack
NCSC-2026-0162 [1.00] [M/H] Kwetsbaarheden verholpen in F5 BIG-IP en BIG-IQ producten
TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates
OpenAI Hit by TanStack Supply Chain Attack
OpenAI caught in TanStack npm supply chain chaos after employee devices compromised
CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits
dMSA Ouroboros: Self-Sustaining Credential Extraction in Windows Server 2025
OpenAI confirms security breach in TanStack supply chain attack
When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps
Mustang Panda Linked to Updated FDMTP Backdoor in Asia-Pacific Espionage Campaign
VELVET CHOLLIMA Infostealer Campaign Using Trading App as Lure
Over 70% of organizations hit by identity breaches
Analyzing TeamPCP’s Supply Chain Attacks: Checkmarx KICS and elementary-data in CI/CD Credential Theft
Iranian hackers targeted major South Korean electronics maker
House committee chair calls on Instructure to testify in Canvas hack
ClickFix finds a backup plan in PySoxy proxy chains
Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub
‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack
‘Mini’ Shai-Hulud attack compromises hundreds of npm, PyPI packages
CVE-2026-41086 Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability
Undermining the trust boundary: Investigating a stealthy intrusion through third-party compromise
Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware
Attackers Combine ClickFix With PySoxy Proxying to Maintain Persistence
Fake Claude Code takes the IElevator to your browser secrets
cPanel flaw exposes enterprises to hosting supply-chain risks
1 in 8 employees have sold company logins or know someone who has
Stolen Canvas data was “returned” after hacker agreement, Instructure says
Official CheckMarx Jenkins package compromised with infostealer
Inside AD CS Escalation: Unpacking Advanced Misuse Techniques and Tools
TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack
New PamDOORa Linux backdoor sold on cybercrime forum
Malicious Hugging Face model masquerading as OpenAI release hits 244K downloads
Breaking the code: Multi-stage ‘code of conduct’ phishing campaign leads to AiTM token compromise
Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads
Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia