Hacking HOME Reconnaissance(10) Resource Development(8) Initial Access(10) Execution(14) Persistence(20) Privilege Escalation(14) Defense Evasion(43) Credential Access(17) Discovery(32) Lateral Movement(9) Collection(17) Command and Control(17) Exfiltration(9) Impact(14)
DATE |
NAME |
INFO |
CATEGORY |
SUBCATE |
| 1.6.25 | Browser in the Middle (BiTM) | An adversary exploits the inherent functionalities of a web browser, in order to establish an unnoticed remote desktop connection in the victim's browser to the adversary's system. The adversary must deploy a web client with a remote desktop session that the victim can access. | HACKING | HACKING |
| 1.6.25 | Text-to-Malware: How Cybercriminals Weaponize Fake AI-Themed Websites | Since November 2024, Mandiant Threat Defense has been investigating an UNC6032 campaign that weaponizes the interest around AI tools, in particular those tools which can be used to generate videos based on user prompts. | HACKING | HACKING |
| 20.5.25 | Shadow Roles | Shadow Roles: AWS Defaults Can Open the Door to Service Takeover | HACKING | CLOUD |
| 4.5.24 | AirBorne | Wormable Zero-Click Remote Code Execution (RCE) in AirPlay Protocol Puts Apple & IoT Devices at Risk | HACKING | Apple |
| 29.4.25 | UyghurEdit++ Tool | Uyghur Language Software Hijacked to Deliver Malware | HACKING | SOFTWARE |
| 15.4.25 | Double-Edged Email Attack | Pick your Poison - A Double-Edged Email Attack | HACKING | SPAM |
| 4.4.25 | ClickFix tactic | From Contagious to ClickFake Interview: Lazarus leveraging the ClickFix tactic | HACKING | CRYPTOCURRENCY |
| 2.4.25 | CPU_HU: Fileless cryptominer | CPU_HU: Fileless cryptominer targeting exposed PostgreSQL with over 1.5K victims | HACKING | CRYPTOCURRENCY |
|
1.4.25 |
The Espionage Toolkit of Earth Alux: A Closer Look at its Advanced Techniques |
CyberSpionage |
||
|
29.3.25 |
A browser-in-the-browser (BitB) attack is a new phishing technique that simulates a login window with a spoofed domain within a parent browser window to steal credentials. |
PHISHING |
||
|
27.3.25 |
UI/UX changes | Over 150K websites hit by full-page hijack linking to Chinese gambling sites | HACKING | INJECT |
|
20.3.25 |
Auto Dealership Supply Chain Attack | Over 100 auto dealerships were being abused compliments of a supply chain attack of a shared video service unique to dealerships. | HACKING | MALWARE |
| 10.3.25 | Polymorphic Extensions | Polymorphic Extensions: The Sneaky Extension That Can Impersonate Any Browser Extension | HACKING | HACKING |
| 27.2.25 | 360XSS | 360XSS: Mass Website Exploitation via Virtual Tour Framework for SEO Poisoning | HACKING | EXPLOIT |
| 22.2.25 | Deceptive Employment Scheme | A network from North Korea linked to the fraudulent IT worker scheme that was involved in the creation of personal documentation for fictitious job applicants, such as resumés, online job profiles and cover letters, as well as come up convincing responses to explain unusual behaviors like avoiding video calls, accessing corporate systems from unauthorized countries or working irregular hours. Some of the bogus job applications were then shared on LinkedIn. | HACKING | AI |
| 22.2.25 | Sponsored Discontent | A network likely of Chinese origin that was involved in the creation of social media content in English and long-form articles in Spanish that were critical of the United States, and subsequently published by Latin American news websites in Peru, Mexico, and Ecuador. | HACKING | AI |
| 22.2.25 | Romance-baiting Scam | A network of accounts that was involved in the translation and generation of comments in Japanese, Chinese, and English for posting on social media platforms including Facebook, X and Instagram in connection with suspected Cambodia-origin romance and investment scams. | HACKING | AI |
| 22.2.25 | Iranian Influence Nexus | A network of five accounts that was involved in the generation of X posts and articles that were pro-Palestinian, pro-Hamas, and pro-Iran, and anti-Israel and anti-U.S., and shared on websites associated with an Iranian influence operations tracked as the International Union of Virtual Media (IUVM) and Storm-2035. | HACKING | AI |
| 22.2.25 | Kimsuky and BlueNoroff | A network of accounts operated by North Korean threat actors that was involved in gathering information related to cyber intrusion tools and cryptocurrency-related topics, and debugging code for Remote Desktop Protocol (RDP) brute-force attacks | HACKING | AI |
| 22.2.25 | Youth Initiative Covert Influence Operation | A network of accounts that was involved in the creation of English-language articles for a website named "Empowering Ghana" and social media comments targeting the Ghana presidential election | HACKING | AI |
| 22.2.25 | Task Scam | A network of accounts likely originating from Cambodia that was involved in the translation of comments between Urdu and English as part of a scam that lures unsuspecting people into jobs performing simple tasks (e.g., liking videos or writing reviews) in exchange for earning a non-existent commission, accessing which requires victims to part with their own money. | HACKING | AI |
| 5.2.25 | CVE-2025-0411 | CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks | HACKING | VULNEREBILITY |
|
18.1.25 | Planet WGS-804HPT | Hack The Emulated Planet: Vulnerability Hunting Planet WGS-804HPT Industrial Switch | HACKING | Hardware |
|
14.1.25 | Stealthy Credit Card Skimmer Targets WordPress Checkout Pages via Database Injection | Recently, we released an article where a credit card skimmer was targeting checkout pages on a Magento site. Now we’ve come across sophisticated credit card skimmer malware while investigating a compromised WordPress website. | HACKING | HACKING |
| 21.12.24 | cShell DDoS Bot Attack | ASEC recently identified a new DDoS malware strain targeting Linux servers while monitoring numerous external attacks. The threat actor initially targeted poorly managed SSH services and ultimately installed a DDoS bot named cShell. cShell is developed in the Go language and is characterized by exploiting Linux tools called screen and hping3 to perform DDoS attacks. | HACKING | HACKING |
| 11.12.24 | Windows UI Automation | Teaching an Old Framework New Tricks: The Dangers of Windows UI Automation | HACKING | HACKING |
|
28.11.24 |
Dozens of Machines Infected: Year-Long NPM Supply Chain Attack Combines Crypto Mining and Data Theft |
HACKING |
||
|
20.11.24 |
Ghost Tap: New cash-out tactic with NFC Relay |
NFC |
||
5.9.24 | Macropack | Threat actors using MacroPack to deploy Brute Ratel, Havoc and PhantomCore payloads | HACKING | Malware |
5.9.24 | Revival Hijack | Revival Hijack – PyPI hijack technique exploited in the wild, puts 22K packages at risk | HACKING | HACKING |
30.8.24 | Malicious npm Packages | North Korea Still Attacking Developers via npm | HACKING | Malware |
21.8.24 | pwish | Be careful what you pwish for – Phishing in PWA applications | HACKING | PHISHING |
15.8.24 | ArtiPACKED | ArtiPACKED: Hacking Giants Through a Race Condition in GitHub Actions Artifacts | HACKING | HACKING |
9.8.24 | Downgrade Attacks | Windows Downdate: Downgrade Attacks Using Windows Updates | HACKING | Attack |
9.7.24 | Jenkins Script Console | Turning Jenkins Into a Cryptomining Machine From an Attacker's Perspective | HACKING | CRYPTOCURRENCY |
| 14.6.24 | Sleepy Pickle Part 2 | Exploiting ML models with pickle file attacks: Part 2 | HACKING | ML |
| 14.6.24 | Sleepy Pickle Part 1 | Exploiting ML models with pickle file attacks: Part 1 | HACKING | ML |
5.6.24 |
FortiGuard Labs has recently identified a sophisticated cyberattack involving an Excel file embedded with a VBA macro designed to deploy a DLL file. | HACKING |
||
3.6.24 | Hacking Millions of Modems (and Investigating Who Hacked My Modem) | Hardware | ||
1.6.24 | Lumen Technologies’ Black Lotus Labs identified a destructive event, as over 600,000 small office/home office (SOHO) routers were taken offline belonging to a single internet service provider (ISP). | Hardware | ||
28.5.24 | DNSBomb | DNSBomb is a new practical and powerful pulsing DoS attack exploiting DNS queries and responses. | Hacking | DNS |
28.5.24 | Server Side Credit Card Skimmer Lodged in Obscure Plugin | Attackers are always finding new ways to inject malware into websites and new ways to obscure it to avoid detection, but they’re always up to their same old tricks. In this post, we’ll explore how attackers are using a very obscure PHP snippet WordPress plugin to install server-side malware to harvest credit card details from a WooCommerce online store. | Hacking | Hacking |
27.5.24 | HTML Smuggling | HTML smuggling is an innovative attack technique, which abuses HTML5 and JavaScript features to inject or extract data across network boundaries. | Hacking | HTML |
27.5.24 | Transparent Phishing and HTML Smuggling | Phishing with Cloudflare Workers: Transparent Phishing and HTML Smuggling | Hacking | Phishing |
10.5.24 | Tunnelcrack | TunnelCrack is a combination of two widespread security vulnerabilities in VPNs. An adversary can abuse these vulnerabilities to leak traffic outside the VPN tunnel. | Hacking | VPN |
10.5.24 | TunnelVision | A local network VPN leaking technique that affects all routing-based VPNs | Hacking | VPN |
11.4.24 |
Trick Developers Detected in an Open Source Supply Chain Attack |
In a recent attack campaign, cybercriminals were discovered cleverly manipulating GitHub's search functionality, and using meticulously crafted repositories to distribute malware. | Hacking |
|
| 22.3.24 | z0Miner | z0Miner Exploits Korean Web Servers to Attack WebLogic Server | Hacking | Exploit |
| 7.3.24 | Quishing | QR codes have had a great run in the past few years, diffusing into almost every aspect of our lives, from looking at restaurant menus and paying for products or services online and offline to accessing websites with greater ease. While the positives of QR codes are clearly visible, both from a business and user perspective, their usage has some pitfalls. | Hacking | Mobil |
18.1.24 |
iShutdown | A lightweight method to detect potential iOS malware | Hacking | iOS |
| 3.1.24 | SMTP Smuggling | In the course of a research project in collaboration with the SEC Consult Vulnerability Lab, Timo Longin (@timolongin) - known for his DNS protocol attacks | Hacking | SPAM |
1.1.24 |
Hijack Execution Flow: DLL Search Order Hijacking | Adversaries may execute their own malicious payloads by hijacking the search order used to load DLLs. Windows systems use a common method to look for required DLLs to load into a program.Hijacking DLL loads may be for the purpose of establishing persistence as well as elevating privileges and/or evading restrictions on file execution. | Hacking | DLL |
26.12.23 |
RTF template injection | Injection is the New Black: Novel RTF Template Inject Technique Poised for Widespread Adoption Beyond APT Actors | Hacking | Phishing |
24.12.23 |
Insta-Phish-A-Gram | Following Trustwave SpiderLabs’ blog on social media-themed phishing on Facebook, comes another flavor of ‘infringement’ phishing. In this case, the targets, still under the umbrella of Meta, are Instagram users | Hacking | Phishing |
9.12.23 |
5GHOUL | 5Ghoul : Unleashing Chaos on 5G Edge Devices | Hacking | 5G |
8.12.23 |
Ongoing attacks | Star Blizzard increases sophistication and evasion in ongoing attacks | Hacking | Phishing |
6.12.23 |
Fake Lockdown Mode | Fake Lockdown Mode: A post-exploitation tampering technique | Hacking | Apple |
28.11.23 |
PERFORM NTLM FORCED AUTHENTICATION ATTACKS | ABUSING MICROSOFT ACCESS “LINKED TABLE” FEATURE TO PERFORM NTLM FORCED AUTHENTICATION ATTACKS | Hacking | Hacking |
| 6.11.23 | Agonizing Serpens | The attacks are characterized by attempts to steal sensitive data, such as personally identifiable information (PII) and intellectual property. | Hacking | Hacking |
| 2.11.23 | Kopeechka | How Kopeechka, an Automated Social Media Accounts Creation Service, Can Facilitate Cybercrime | Hacking | Tool |
3.10.23 |
Authenticated Origin Pulls (mTLS) | When visitors request content from your domain, Cloudflare first attempts to serve content from the cache. If this attempt fails, Cloudflare sends a request — or an origin pull — back to your origin web server to get the content. | Hacking | Hacking |
3.10.23 |
Silent Skimmer | Silent Skimmer: Online Payment Scraping Campaign Shifts Targets From APAC to NALA | Hacking | Hacking |
1.10.23 |
ZeroFont phishing technique |
Phishing |
||
14.9.23 | Repo Jacking: Exploiting the Dependency Supply Chain |
Hacking | ||
24.7.23 | drIBAN | Uncovering drIBAN fraud operations. Chapter 3: Exploring the drIBAN web inject kit | Hacking | Hacking |
| 4.7.23 | HTML Smuggling | HTML Smuggling: The Hidden Threat in Your Inbox | Hacking | Hacking |
1.7.23 | Proxyjacking | Proxyjacking: The Latest Cybercriminal Side Hustle | Hacking | Hacking |
| 28.6.23 | Process Mockingjay | Process Mockingjay: Echoing RWX In Userland To Achieve Code Execution | Hacking | Hacking |