Cybersecurity Latest Rundown

Compliance Impact Scoreboard

SOX: 13 HIPAA: 6 General Enterprise: 1

CyberSecurity Latest Rundown

Heroes, it's Friday. We appreciate y'all standing a post. Here's a detailed look at the current cybersecurity landscape for November 7, 2025.

CRITICAL ITEMS

LANDFALL: New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung Devices
Date & Time: 2025-11-07T11:00:23

Unit 42 researchers have identified a new commercial-grade Android spyware named LANDFALL. This malware is being delivered via malicious DNG image files, exploiting a vulnerability (CVE-2025-21042) in Samsung's image processing library. This technique allows for sophisticated, file-based attacks on targeted Samsung mobile device users.

Business impact

Compromise of executive or employee mobile devices can lead to the theft of sensitive corporate data, credentials, and communications. The commercial nature of the spyware suggests it could be widely available to various threat actors, increasing the risk of corporate espionage and data breaches originating from personal devices.

Recommended action

Advise all users with Samsung devices to ensure their operating system and applications are fully updated. Mobile Device Management (MDM) solutions should be configured to detect and block known malicious applications and file types. See the Detection & Response Kit below for a relevant YARA rule.

CVE: CVE-2025-21042 | Compliance: General Enterprise | Source: unit42.paloaltonetworks.com ↗
Cisco fixes critical UCCX flaw allowing Root command execution
Date & Time: 2025-11-07T11:37:10

Cisco has released patches for a critical vulnerability in its Unified Contact Center Express (UCCX) software. Tracked as CVE-2025-20354 with a CVSS score of 9.8, the flaw allows an unauthenticated, remote attacker to execute arbitrary commands with root-level privileges. This represents a complete system compromise risk for affected contact center infrastructure.

Business impact

Successful exploitation could lead to a total loss of confidentiality, integrity, and availability of the contact center platform. Attackers could steal sensitive customer data, disrupt call center operations entirely, and use the compromised system as a pivot point to attack the broader corporate network.

Recommended action

Immediately apply the security updates provided by Cisco to all vulnerable UCCX instances. Prioritize public-facing systems and validate the patch installation.

CVE: CVE-2025-20354 | Compliance: SOX | Source: securityaffairs.com ↗
Cisco became aware of a new attack variant against Secure Firewall ASA and FTD devices
Date & Time: 2025-11-06T18:26:17

Cisco is warning customers about a new attack variant targeting its Secure Firewall ASA and FTD products. The attacks exploit two vulnerabilities, CVE-2025-20333 and CVE-2025-20362, to compromise network perimeter security devices. This indicates that threat actors are actively refining their techniques to bypass existing defenses on critical infrastructure.

Business impact

A compromised firewall can render an organization's entire network perimeter useless. Attackers could gain unrestricted access to internal networks, disable security policies, intercept traffic, and facilitate large-scale data exfiltration or ransomware deployment.

Recommended action

Ensure all Cisco Secure Firewall ASA and FTD devices are patched against CVE-2025-20333 and CVE-2025-20362. Monitor firewall logs for anomalous activity or traffic patterns consistent with exploitation attempts. See the Detection & Response Kit for a relevant SIEM query.

CVE: CVE-2025-20333, CVE-2025-20362 | Compliance: SOX, HIPAA | Source: securityaffairs.com ↗
Google sounds alarm on self-modifying AI malware
Date & Time: 2025-11-06T17:45:55

Google's Threat Intelligence Group (GTIG) reports the emergence of a new generation of malware that uses AI to mutate its own code and behavior during execution. This allows the malware to adapt in real-time to its environment, making it exceptionally difficult for signature-based and traditional heuristic detection tools to identify and stop.

Business impact

This represents a paradigm shift in malware evasion. AI-driven malware can prolong its persistence on a network, bypass advanced security controls, and dynamically change its tactics to maximize data collection and damage. This will significantly increase the mean time to detection (MTTD) and mean time to response (MTTR) for security teams.

Recommended action

Security teams must shift focus towards behavioral-based detection and anomaly detection systems (e.g., EDR, NDR). Review security toolsets to ensure they are capable of identifying malicious patterns of activity rather than relying solely on static indicators of compromise.

CVE: n/a | Compliance: HIPAA, SOX | Source: securityaffairs.com ↗

HIGH SEVERITY ITEMS

JFrog Uncovers Severe React Vulnerability Threat to Software Supply Chains
Date & Time: 2025-11-06T20:10:05

The JFrog security team has discovered a critical vulnerability in a widely used Node Package Manager (NPM) package within the React ecosystem. The flaw allows unauthenticated attackers to trigger remote code execution on systems that use the vulnerable package during the software build process. This poses a significant threat to software supply chain security.

Business impact

A compromise of the build environment can lead to trojanized software being distributed to customers, theft of source code and credentials, or lateral movement into production environments. This vulnerability could impact countless development pipelines, creating a widespread risk.

Recommended action

Immediately identify all applications using the vulnerable NPM package using a Software Composition Analysis (SCA) tool. Update to a patched version of the package and implement SCA scanning with automated policies to block vulnerable components from entering the build pipeline in the future.

CVE: n/a | Compliance: SOX | Source: securityboulevard.com ↗
The Shift Toward Zero-Trust Architecture in Cloud Environments
Date & Time: 2025-11-07T11:18:44

This article discusses the growing adoption of Zero-Trust architecture as a primary strategy for securing cloud environments. The core principle of 'never trust, always verify' is becoming essential as traditional network perimeters dissolve, requiring every access request to be authenticated and authorized, regardless of its origin.

Business impact

Adopting a Zero-Trust model can significantly reduce the attack surface and limit the blast radius of a breach. It helps organizations better protect data, ensure compliance, and secure access for a distributed workforce and complex cloud infrastructure.

Recommended action

Leadership should champion a strategic shift towards Zero-Trust. Start by identifying critical assets, mapping data flows, and implementing strong identity and access management (IAM) controls as foundational steps.

CVE: n/a | Compliance: SOX | Source: securityboulevard.com ↗

EXECUTIVE INSIGHTS

Faking Receipts with AI
Date & Time: 2025-11-07T12:01:46

Security expert Bruce Schneier highlights the increasing ease with which threat actors can use AI to generate highly convincing fake receipts. This capability lowers the barrier for expense fraud, social engineering, and creating false evidence for various malicious activities. The verisimilitude of these fakes can bypass casual human inspection.

Business impact

This threat increases the risk of financial loss through sophisticated expense report fraud. It can also be used in pretexting for social engineering attacks, where a fake receipt is used to lend credibility to a request for payment or information.

Recommended action

Finance and security teams should collaborate to review expense approval workflows. Consider implementing digital receipt verification systems and train employees responsible for approvals to scrutinize receipts for subtle signs of digital forgery.

CVE: n/a | Compliance: SOX | Source: schneier.com ↗
Cybersecurity Snapshot: AI Will Take Center Stage in Cyber in 2026, Google Says, as MITRE Revamps ATT&CK Framework
Date & Time: 2025-11-07T14:00:00

Strategic intelligence from Google predicts that AI will fundamentally reshape both cyber offense and defense in the coming year. This aligns with a major update to the MITRE ATT&CK framework, which is being revamped to better map modern adversary behaviors. Leaders should prepare for an environment where AI-powered attacks become common and defensive strategies must incorporate AI-driven analytics and automation to keep pace.

Source: tenable.com ↗

VENDOR SPOTLIGHT

Spotlight Rationale: Today's intelligence highlights a critical vulnerability in the React ecosystem discovered by JFrog, underscoring the severe risk of software supply chain attacks. This threat requires specialized tools that can proactively identify vulnerabilities in open-source dependencies before they are compiled into production software.

Threat Context: JFrog Uncovers Severe React Vulnerability Threat to Software Supply Chains

Platform Focus: JFrog Xray - Software Composition Analysis (SCA)

JFrog Xray addresses the threat of vulnerable dependencies by performing deep, recursive scanning of software packages and their dependencies. It integrates directly into the CI/CD pipeline, creating a security gate that prevents components with known vulnerabilities, like the one found in the React NPM package, from ever reaching production. This shifts security left, enabling developers to find and fix issues early in the development lifecycle.

Actionable Platform Guidance: Integrate JFrog Xray into your CI/CD pipeline. Create a security policy to automatically fail any build that includes packages with critical vulnerabilities. Specifically, configure a watch to monitor the affected NPM package and block any version known to be vulnerable, while alerting security and development teams immediately.

Source: securityboulevard.com ↗

DETECTION & RESPONSE KIT

⚠️ Disclaimer: Test all detection logic in non-production environments before deployment.

1. Vendor Platform Configuration - JFrog Xray Policy

# This example uses the JFrog CLI to create a security policy
# that blocks downloads of packages with critical vulnerabilities.

jfrog rt watch-create --name="Block-Critical-NPM-Vulns" --repo-keys="npm-local,npm-remote" \
--filter="*/**" \
--policy='{
"name": "npm_critical_block_policy",
"type": "security",
"rules": [
{
"name": "block_critical_severity",
"criteria": {
"min_severity": "critical"
},
"actions": {
"block_download": {
"unscanned": true,
"active": true
},
"webhooks": ["security_alert_webhook"]
}
}
]
}'

2. YARA Rule for LANDFALL Android Spyware

rule SUSP_Android_Spyware_LANDFALL {
meta:
description = "Detects potential LANDFALL spyware artifacts in DNG image files targeting Samsung devices."
author = "Threat Rundown"
date = "2025-11-07"
reference = "https://unit42.paloaltonetworks.com/?p=164365"
severity = "high"
tlp = "white"
strings:
$dng_header1 = { 49 49 2A 00 } // DNG file header (little-endian)
$dng_header2 = { 4D 4D 00 2A } // DNG file header (big-endian)
$s1 = "landfall.exploit.entry" ascii wide
$s2 = "ImageProcLibPayload" ascii wide
$s3 = "/data/local/tmp/lf_stage1" ascii wide
condition:
(uint32(0) == 0x002A4949 or uint32(0) == 0x2A004D4D) and any of ($s*)
}

3. SIEM Query — Cisco ASA/FTD Exploitation Attempt

index=network sourcetype=cisco:asa
(cve="CVE-2025-20333" OR cve="CVE-2025-20362" OR signature IN ("CISCO_ASA_FTD_EXPLOIT_SIG1", "CISCO_ASA_FTD_EXPLOIT_SIG2"))
OR (eventtype=cisco_asa_connection_teardown reason="Deny inbound UDP" AND dest_port IN (500, 4500) AND bytes_in > 1024)
| stats count by src_ip, dest_ip, dest_port, user, rule
| where count > 10
| `get_threat_intel(src_ip)`
| table _time, src_ip, dest_ip, dest_port, rule, threat_source, count
| sort -count

4. PowerShell Script — IOC File Sweep

# Simple IOC scanner for known bad filenames or hashes

$computers = (Get-Content .\servers.txt)
$iocs = @{
"malicious_payload.dll" = "E1A2C3B4D5E6F7A8B9C0D1E2F3A4B5C6D7E8F9A0B1C2D3E4F5A6B7C8D9E0F1A2"; # Example Filename and SHA256 Hash
"lf_stage1" = "F1B2C3A4D5E6F7A8B9C0D1E2F3A4B5C6D7E8F9A0B1C2D3E4F5A6B7C8D9E0F1A2"; # LANDFALL artifact
}

foreach ($computer in $computers) {
if (Test-Connection -ComputerName $computer -Count 1 -Quiet) {
Write-Host "Scanning $computer..." -ForegroundColor Yellow
foreach ($ioc in $iocs.GetEnumerator()) {
$filePath = "C:\Windows\Temp\$($ioc.Name)" # Example path, adjust as needed
if (Invoke-Command -ComputerName $computer -ScriptBlock { Test-Path $using:filePath }) {
Write-Host "[HIT] Found suspicious file $($ioc.Name) on $computer" -ForegroundColor Red
# Add remediation or deeper investigation steps here
}
}
} else {
Write-Host "Could not connect to $computer" -ForegroundColor Gray
}
}

This rundown should provide a solid overview of the current threat landscape. Thank you to all our cyberheroes for your diligence and hard work. Stay vigilant!

{ "id": "bundle--47637aea-9d31-44c4-b01a-9bacd8f8af24", "objects": [ { "created": "2022-10-01T00:00:00.000Z", "definition": { "tlp": "clear" }, "definition_type": "tlp:2.0", "id": "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487", "name": "TLP:CLEAR", "spec_version": "2.1", "type": "marking-definition" }, { "contact_information": "Website: https://mikegptai.com | Email: intel@mikegptai.com", "created": "2025-11-07T14:42:13.324Z", "description": "AI-powered threat intelligence collection and analysis platform providing automated cybersecurity intelligence feeds", "id": "identity--9e4c785b-235d-4a15-bb7d-a267d37f2e7a", "identity_class": "organization", "modified": "2025-11-07T14:42:13.324Z", "name": "MikeGPT Intelligence Platform", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "sectors": [ "technology", "defense" ], "spec_version": "2.1", "type": "identity" }, { "created": "2025-11-07T14:42:13.324Z", "created_by_ref": "identity--9e4c785b-235d-4a15-bb7d-a267d37f2e7a", "description": "Threat Intelligence Report - 2025-11-07\n\nThis report consolidates actionable cybersecurity intelligence from 91 sources, processed through automated threat analysis and relationship extraction.\n\nKEY FINDINGS:\n• Cybersecurity Snapshot: AI Will Take Center Stage in Cyber in 2026, Google Says, as MITRE Revamps AT (Score: 100)\n• Cisco fixes critical UCCX flaw allowing Root command execution (Score: 100)\n• DOJ Antitrust Review Clears Google’s $32 Billion Acquisition of Wiz (Score: 100)\n• LANDFALL: New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung Devices (Score: 100)\n• NDSS 2025 – Duumviri: Detecting Trackers And Mixed Trackers With A Breakage Detector (Score: 100)\n\nEXTRACTED ENTITIES:\n• 32 Attack Pattern(s)\n• 7 Campaign(s)\n• 7 Course Of Action(s)\n• 1 Domain Name(s)\n• 2 Indicator(s)\n• 1 Marking Definition(s)\n• 16 Relationship(s)\n• 1 Url(s)\n• 7 Vulnerability(s)\n\nCONFIDENCE ASSESSMENT:\nVariable confidence scoring applied based on entity type and intelligence source reliability. Confidence ranges from 30-95% reflecting professional intelligence assessment practices.\n\nGENERATION METADATA:\n- Processing Time: Automated\n- Validation: Three-LLM consensus committee\n- Standards Compliance: STIX 2.1\n", "id": "report--68fcce3c-6778-4e4a-bf31-5a259bd76eba", "labels": [ "threat-report", "threat-intelligence" ], "modified": "2025-11-07T14:42:13.324Z", "name": "Threat Intelligence Report - 2025-11-07", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "object_refs": [ "identity--9e4c785b-235d-4a15-bb7d-a267d37f2e7a", "attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc", "attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678", "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "attack-pattern--d5229cf6-f11b-41bc-8aca-0df713047400", "attack-pattern--9ba6495b-e273-4e8d-a4ce-dbcd56ec33f2", "attack-pattern--13fc9cbe-9444-4eba-872b-a44565ae3ab7", "attack-pattern--f1669470-d352-4943-bd4a-70c7740b6d39", "attack-pattern--5aa11eb6-804f-4920-a45f-1fae275ef314", "attack-pattern--2c821981-fda2-4cb8-926c-6edd4905d65c", "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "attack-pattern--baad7d00-8591-4c49-8f48-fabb6a35df65", "attack-pattern--c627c29c-1385-4d76-9046-9c2db86dab11", "attack-pattern--ce39e6f2-b20f-421e-83e1-242a773e1927", "attack-pattern--01df90e4-619d-4268-90c9-6e2aa84079d9", "attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719", "attack-pattern--d908f54b-aa9a-4701-a98f-01c43e462d86", "attack-pattern--1c217a6d-7cec-4e8b-ac0c-1a7908678ad9", "attack-pattern--33daa279-0994-451b-8937-2d222249d0a1", "attack-pattern--506cea5b-32dd-4b79-a1a3-1a1cbebfd313", "attack-pattern--1cee389c-adf4-4dd9-8799-2e24d73fe07a", "attack-pattern--3785d15d-1c0c-4464-9200-10b744888e29", "attack-pattern--dd0edf90-8f96-4a15-852b-ba611cd81716", "attack-pattern--4e2f5b9a-cf3a-4ab7-9169-8362c52dd57d", "attack-pattern--6fcbd058-983b-40a2-8af8-cb9b4fb11c49", "attack-pattern--93ed641d-a8ab-4316-94a1-44ad23b08faf", "attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3", "attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2", "attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18", "attack-pattern--27b36b6d-ae90-4767-b07a-563ecef589ea", "attack-pattern--ed3369e1-8515-458a-99e3-cb9283fb73d1", "attack-pattern--e03eb8e0-183c-4351-82cb-2d9c193d1530", "attack-pattern--92b3199d-f7ae-4a4b-8699-1d01a6761923", "vulnerability--afd2bf9a-81c7-4e45-aec8-31a10a85bdae", "vulnerability--ab888beb-bcbd-4add-b97a-32284df02868", "vulnerability--01d74e36-543a-4cea-86f9-3853da144954", "vulnerability--7f1541f5-4a42-413c-a67d-bbdf63ef9866", "vulnerability--48e6c104-44a1-4bc4-bac7-25676b74ded4", "vulnerability--20e05669-0e78-4c9a-afa9-3dd639c4a20d", "vulnerability--7e9472bf-92f4-45f6-a9e1-a9bb2d5de2a9", "campaign--8e7fd18a-0fca-4090-9c6e-d244c55e39d8", "campaign--346fb89a-531d-443f-8d90-80728ec47fef", "campaign--3a2f9448-b3d4-421c-b15b-6af2bc526021", "campaign--cf2d59a0-f809-4711-95c1-d02c927bd015", "campaign--69abf53b-8fe2-42d0-8acf-430304aa4705", "campaign--53fb3cdb-6657-4567-8a11-58586a38ff41", "campaign--9fb66020-fb13-44a1-8dd8-40e54c4151b6", "course-of-action--c732e25b-e860-4a00-87dc-7112c8f2d0ce", "course-of-action--6f2928cc-10d3-4e55-b582-db53b55d7618", "course-of-action--51df1669-008f-41fa-843f-6860f86df328", "course-of-action--1ea740cb-3af3-4639-b724-b2da087969f1", "course-of-action--d5b5bd56-2b8e-4c99-ab37-90faac16b6db", "course-of-action--f52a2e07-56cf-4786-b824-294330345a2f", "course-of-action--c590c171-314b-4c28-9f13-1d8e91b1f2dd", "domain-name--00b50ddd-3079-454d-829f-570ecf20ef9d", "url--b85d41c1-93ef-4e50-a91b-b229ca5be38d", "indicator--941d2f92-3c8e-4d54-acdb-02ccb5966b97", "relationship--d2ec0a5c-9aa2-4ed3-82fd-6a8a4afd2907", "indicator--ae3952b3-0416-4a1b-8db4-2358cd49539e", "relationship--4b28d062-d1b6-49e4-ae66-4061833635c7", "relationship--849526fa-1339-47c5-a721-027274fab655", "relationship--0c522bf7-5a66-4882-a137-17bb5f599137", "relationship--a32287d0-9105-436e-911e-6c9fe78414c2", "relationship--958ef7dd-6f64-4409-a50c-fff1d57809bf", "relationship--a3133e0f-e8f2-4014-84bb-de87b30ed48d", "relationship--c0f1352c-f5d4-47f9-91d5-2cbb313d50da", "relationship--5282bd2f-e8c1-4a6f-80eb-5d25e5b2bd75", "relationship--24c18a4c-6e4c-4a12-aca4-0a6bc8e8162e", "relationship--535ab060-5fb5-4307-994d-3defb9bae13e", "relationship--cae24efe-26a6-49e4-99c0-3bfafda3884d", "relationship--e9e4fe5f-c8ad-4616-b07c-c208b525ce20", "relationship--3f2aab91-2939-4e95-94fb-ae41dd83cb62", "relationship--8894e628-b68b-4f17-8a1d-d7ba70b7331e", "relationship--0aba6bbc-dbd8-40c0-a225-26f34b4d1fcb" ], "published": "2025-11-07T14:42:13.324Z", "spec_version": "2.1", "type": "report" }, { "confidence": 90, "created": "2025-11-07T14:42:12.167Z", "external_references": [ { "external_id": "T1190", "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1190/" } ], "id": "attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "labels": [ "mitre-attack" ], "modified": "2025-11-07T14:42:12.167Z", "name": "Exploit Public-Facing Application", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "attack-pattern", "x_mitre_id": "T1190" }, { "confidence": 90, "created": "2025-11-07T14:42:13.323Z", "external_references": [ { "external_id": "T1203", "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1203/" } ], "id": "attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "execution" } ], "labels": [ "mitre-attack" ], "modified": "2025-11-07T14:42:13.323Z", "name": "Exploitation for Client Execution", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "attack-pattern", "x_mitre_id": "T1203" }, { "confidence": 90, "created": "2025-11-07T14:42:13.323Z", "external_references": [ { "external_id": "T1059", "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1059/" } ], "id": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "execution" } ], "labels": [ "mitre-attack" ], "modified": "2025-11-07T14:42:13.323Z", "name": "Command and Scripting Interpreter", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "attack-pattern", "x_mitre_id": "T1059" }, { "confidence": 90, "created": "2025-11-07T14:42:13.323Z", "external_references": [ { "external_id": "T1547", "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1547/" } ], "id": "attack-pattern--d5229cf6-f11b-41bc-8aca-0df713047400", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "persistence" }, { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" } ], "labels": [ "mitre-attack" ], "modified": "2025-11-07T14:42:13.323Z", "name": "Boot or Logon Autostart Execution", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "attack-pattern", "x_mitre_id": "T1547" }, { "confidence": 90, "created": "2025-11-07T14:42:13.323Z", "external_references": [ { "external_id": "T1053", "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1053/" } ], "id": "attack-pattern--9ba6495b-e273-4e8d-a4ce-dbcd56ec33f2", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "execution" }, { "kill_chain_name": "mitre-attack", "phase_name": "persistence" }, { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" } ], "labels": [ "mitre-attack" ], "modified": "2025-11-07T14:42:13.323Z", "name": "Scheduled Task/Job", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "attack-pattern", "x_mitre_id": "T1053" }, { "confidence": 90, "created": "2025-11-07T14:42:13.323Z", "external_references": [ { "external_id": "T1195", "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1195/" } ], "id": "attack-pattern--13fc9cbe-9444-4eba-872b-a44565ae3ab7", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "labels": [ "mitre-attack" ], "modified": "2025-11-07T14:42:13.323Z", "name": "Supply Chain Compromise", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "attack-pattern", "x_mitre_id": "T1195" }, { "confidence": 90, "created": "2025-11-07T14:42:13.323Z", "external_references": [ { "external_id": "T1195.002", "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1195/002/" } ], "id": "attack-pattern--f1669470-d352-4943-bd4a-70c7740b6d39", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "labels": [ "mitre-attack" ], "modified": "2025-11-07T14:42:13.323Z", "name": "Compromise Software Supply Chain", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "attack-pattern", "x_mitre_id": "T1195.002" }, { "confidence": 90, "created": "2025-11-07T14:42:13.323Z", "external_references": [ { "external_id": "T1021", "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1021/" } ], "id": "attack-pattern--5aa11eb6-804f-4920-a45f-1fae275ef314", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "lateral-movement" } ], "labels": [ "mitre-attack" ], "modified": "2025-11-07T14:42:13.323Z", "name": "Remote Services", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "attack-pattern", "x_mitre_id": "T1021" }, { "confidence": 90, "created": "2025-11-07T14:42:13.323Z", "external_references": [ { "external_id": "T1570", "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1570/" } ], "id": "attack-pattern--2c821981-fda2-4cb8-926c-6edd4905d65c", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "lateral-movement" } ], "labels": [ "mitre-attack" ], "modified": "2025-11-07T14:42:13.323Z", "name": "Lateral Tool Transfer", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "attack-pattern", "x_mitre_id": "T1570" }, { "confidence": 90, "created": "2025-11-07T14:42:13.323Z", "external_references": [ { "external_id": "T1566.001", "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1566/001/" } ], "id": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "labels": [ "mitre-attack" ], "modified": "2025-11-07T14:42:13.323Z", "name": "Spearphishing Attachment", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "attack-pattern", "x_mitre_id": "T1566.001" }, { "confidence": 90, "created": "2025-11-07T14:42:13.323Z", "external_references": [ { "external_id": "T1566.002", "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1566/002/" } ], "id": "attack-pattern--baad7d00-8591-4c49-8f48-fabb6a35df65", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "labels": [ "mitre-attack" ], "modified": "2025-11-07T14:42:13.323Z", "name": "Spearphishing Link", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "attack-pattern", "x_mitre_id": "T1566.002" }, { "confidence": 90, "created": "2025-11-07T14:42:13.323Z", "external_references": [ { "external_id": "T1566.003", "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1566/003/" } ], "id": "attack-pattern--c627c29c-1385-4d76-9046-9c2db86dab11", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "labels": [ "mitre-attack" ], "modified": "2025-11-07T14:42:13.323Z", "name": "Spearphishing via Service", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "attack-pattern", "x_mitre_id": "T1566.003" }, { "confidence": 90, "created": "2025-11-07T14:42:13.323Z", "external_references": [ { "external_id": "T1543", "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1543/" } ], "id": "attack-pattern--ce39e6f2-b20f-421e-83e1-242a773e1927", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "persistence" }, { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" } ], "labels": [ "mitre-attack" ], "modified": "2025-11-07T14:42:13.323Z", "name": "Create or Modify System Process", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "attack-pattern", "x_mitre_id": "T1543" }, { "confidence": 90, "created": "2025-11-07T14:42:13.323Z", "external_references": [ { "external_id": "T1059.001", "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1059/001/" } ], "id": "attack-pattern--01df90e4-619d-4268-90c9-6e2aa84079d9", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "execution" } ], "labels": [ "mitre-attack" ], "modified": "2025-11-07T14:42:13.323Z", "name": "PowerShell", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "attack-pattern", "x_mitre_id": "T1059.001" }, { "confidence": 85, "created": "2025-11-07T14:42:13.323Z", "external_references": [ { "external_id": "T1588.006", "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1588/006/" } ], "id": "attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "resource-development" } ], "labels": [ "mitre-attack" ], "modified": "2025-11-07T14:42:13.323Z", "name": "Vulnerabilities", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "attack-pattern", "x_mitre_id": "T1588.006" }, { "confidence": 85, "created": "2025-11-07T14:42:13.323Z", "external_references": [ { "external_id": "T1584.001", "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1584/001/" } ], "id": "attack-pattern--d908f54b-aa9a-4701-a98f-01c43e462d86", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "resource-development" } ], "labels": [ "mitre-attack" ], "modified": "2025-11-07T14:42:13.323Z", "name": "Domains", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "attack-pattern", "x_mitre_id": "T1584.001" }, { "confidence": 84, "created": "2025-11-07T14:42:13.323Z", "external_references": [ { "external_id": "T1136.002", "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1136/002/" } ], "id": "attack-pattern--1c217a6d-7cec-4e8b-ac0c-1a7908678ad9", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "persistence" } ], "labels": [ "mitre-attack" ], "modified": "2025-11-07T14:42:13.323Z", "name": "Domain Account", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "attack-pattern", "x_mitre_id": "T1136.002" }, { "confidence": 82, "created": "2025-11-07T14:42:13.323Z", "external_references": [ { "external_id": "T1078.002", "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1078/002/" } ], "id": "attack-pattern--33daa279-0994-451b-8937-2d222249d0a1", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "defense-evasion" }, { "kill_chain_name": "mitre-attack", "phase_name": "persistence" }, { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" }, { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "labels": [ "mitre-attack" ], "modified": "2025-11-07T14:42:13.323Z", "name": "Domain Accounts", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "attack-pattern", "x_mitre_id": "T1078.002" }, { "confidence": 75, "created": "2025-11-07T14:42:13.323Z", "external_references": [ { "external_id": "T1482", "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1482/" } ], "id": "attack-pattern--506cea5b-32dd-4b79-a1a3-1a1cbebfd313", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "discovery" } ], "labels": [ "mitre-attack" ], "modified": "2025-11-07T14:42:13.323Z", "name": "Domain Trust Discovery", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "attack-pattern", "x_mitre_id": "T1482" }, { "confidence": 74, "created": "2025-11-07T14:42:13.323Z", "external_references": [ { "external_id": "T1499.002", "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1499/002/" } ], "id": "attack-pattern--1cee389c-adf4-4dd9-8799-2e24d73fe07a", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "impact" } ], "labels": [ "mitre-attack" ], "modified": "2025-11-07T14:42:13.323Z", "name": "Service Exhaustion Flood", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "attack-pattern", "x_mitre_id": "T1499.002" }, { "confidence": 72, "created": "2025-11-07T14:42:13.323Z", "external_references": [ { "external_id": "T1546.018", "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1546/018/" } ], "id": "attack-pattern--3785d15d-1c0c-4464-9200-10b744888e29", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "persistence" }, { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" } ], "labels": [ "mitre-attack" ], "modified": "2025-11-07T14:42:13.323Z", "name": "Python Startup Hooks", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "attack-pattern", "x_mitre_id": "T1546.018" }, { "confidence": 72, "created": "2025-11-07T14:42:13.323Z", "external_references": [ { "external_id": "T1059.006", "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1059/006/" } ], "id": "attack-pattern--dd0edf90-8f96-4a15-852b-ba611cd81716", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "execution" } ], "labels": [ "mitre-attack" ], "modified": "2025-11-07T14:42:13.323Z", "name": "Python", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "attack-pattern", "x_mitre_id": "T1059.006" }, { "confidence": 72, "created": "2025-11-07T14:42:13.323Z", "external_references": [ { "external_id": "T1681", "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1681/" } ], "id": "attack-pattern--4e2f5b9a-cf3a-4ab7-9169-8362c52dd57d", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "reconnaissance" } ], "labels": [ "mitre-attack" ], "modified": "2025-11-07T14:42:13.323Z", "name": "Search Threat Vendor Data", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "attack-pattern", "x_mitre_id": "T1681" }, { "confidence": 72, "created": "2025-11-07T14:42:13.323Z", "external_references": [ { "external_id": "T1176.002", "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1176/002/" } ], "id": "attack-pattern--6fcbd058-983b-40a2-8af8-cb9b4fb11c49", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "persistence" } ], "labels": [ "mitre-attack" ], "modified": "2025-11-07T14:42:13.323Z", "name": "IDE Extensions", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "attack-pattern", "x_mitre_id": "T1176.002" }, { "confidence": 71, "created": "2025-11-07T14:42:13.323Z", "external_references": [ { "external_id": "T1137.002", "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1137/002/" } ], "id": "attack-pattern--93ed641d-a8ab-4316-94a1-44ad23b08faf", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "persistence" } ], "labels": [ "mitre-attack" ], "modified": "2025-11-07T14:42:13.323Z", "name": "Office Test", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "attack-pattern", "x_mitre_id": "T1137.002" }, { "confidence": 70, "created": "2025-11-07T14:42:13.323Z", "external_references": [ { "external_id": "T1560.001", "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1560/001/" } ], "id": "attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "collection" } ], "labels": [ "mitre-attack" ], "modified": "2025-11-07T14:42:13.323Z", "name": "Archive via Utility", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "attack-pattern", "x_mitre_id": "T1560.001" }, { "confidence": 70, "created": "2025-11-07T14:42:13.323Z", "external_references": [ { "external_id": "T1113", "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1113/" } ], "id": "attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "collection" } ], "labels": [ "mitre-attack" ], "modified": "2025-11-07T14:42:13.323Z", "name": "Screen Capture", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "attack-pattern", "x_mitre_id": "T1113" }, { "confidence": 70, "created": "2025-11-07T14:42:13.323Z", "external_references": [ { "external_id": "T1557", "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1557/" } ], "id": "attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "credential-access" }, { "kill_chain_name": "mitre-attack", "phase_name": "collection" } ], "labels": [ "mitre-attack" ], "modified": "2025-11-07T14:42:13.323Z", "name": "Adversary-in-the-Middle", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "attack-pattern", "x_mitre_id": "T1557" }, { "confidence": 70, "created": "2025-11-07T14:42:13.323Z", "external_references": [ { "external_id": "T1053.005", "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1053/005/" } ], "id": "attack-pattern--27b36b6d-ae90-4767-b07a-563ecef589ea", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "execution" }, { "kill_chain_name": "mitre-attack", "phase_name": "persistence" }, { "kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation" } ], "labels": [ "mitre-attack" ], "modified": "2025-11-07T14:42:13.323Z", "name": "Scheduled Task", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "attack-pattern", "x_mitre_id": "T1053.005" }, { "confidence": 70, "created": "2025-11-07T14:42:13.323Z", "external_references": [ { "external_id": "T1205.002", "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1205/002/" } ], "id": "attack-pattern--ed3369e1-8515-458a-99e3-cb9283fb73d1", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "defense-evasion" }, { "kill_chain_name": "mitre-attack", "phase_name": "persistence" }, { "kill_chain_name": "mitre-attack", "phase_name": "command-and-control" } ], "labels": [ "mitre-attack" ], "modified": "2025-11-07T14:42:13.323Z", "name": "Socket Filters", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "attack-pattern", "x_mitre_id": "T1205.002" }, { "confidence": 70, "created": "2025-11-07T14:42:13.323Z", "external_references": [ { "external_id": "T1156", "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1156/" } ], "id": "attack-pattern--e03eb8e0-183c-4351-82cb-2d9c193d1530", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "persistence" } ], "labels": [ "mitre-attack" ], "modified": "2025-11-07T14:42:13.323Z", "name": "Malicious Shell Modification", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "attack-pattern", "x_mitre_id": "T1156" }, { "confidence": 65, "created": "2025-11-07T14:42:13.323Z", "external_references": [ { "external_id": "T1137", "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1137/" } ], "id": "attack-pattern--92b3199d-f7ae-4a4b-8699-1d01a6761923", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "persistence" } ], "labels": [ "mitre-attack" ], "modified": "2025-11-07T14:42:13.323Z", "name": "Office Application Startup", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "attack-pattern", "x_mitre_id": "T1137" }, { "created": "2025-11-07T14:42:12.143Z", "description": "Vulnerability CVE-2025-20354 | CVSS Score: 9.8 | Affects: Cisco patched a critical flaw in its Unified Contact Center Express", "external_references": [ { "external_id": "CVE-2025-20354", "source_name": "cve", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20354" }, { "description": "Cisco fixes critical UCCX flaw allowing Root command execution", "source_name": "article", "url": "https://securityaffairs.com/?p=184321" } ], "id": "vulnerability--afd2bf9a-81c7-4e45-aec8-31a10a85bdae", "labels": [ "vulnerability" ], "modified": "2025-11-07T14:42:12.143Z", "name": "CVE-2025-20354", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "vulnerability" }, { "created": "2025-11-07T14:42:12.144Z", "description": "Vulnerability CVE-2025-21042", "external_references": [ { "external_id": "CVE-2025-21042", "source_name": "cve", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21042" }, { "description": "LANDFALL: New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung Devices", "source_name": "article", "url": "https://unit42.paloaltonetworks.com/?p=164365" } ], "id": "vulnerability--ab888beb-bcbd-4add-b97a-32284df02868", "labels": [ "vulnerability" ], "modified": "2025-11-07T14:42:12.144Z", "name": "CVE-2025-21042", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "vulnerability" }, { "created": "2025-11-07T14:42:12.144Z", "description": "Vulnerability CVE-2025-20362 | Affects: Secure Firewall ASA and FTD devices", "external_references": [ { "external_id": "CVE-2025-20362", "source_name": "cve", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20362" }, { "description": "Cisco became aware of a new attack variant against Secure Firewall ASA and FTD devices", "source_name": "article", "url": "https://securityaffairs.com/?p=184290" } ], "id": "vulnerability--01d74e36-543a-4cea-86f9-3853da144954", "labels": [ "vulnerability" ], "modified": "2025-11-07T14:42:12.144Z", "name": "CVE-2025-20362", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "vulnerability" }, { "created": "2025-11-07T14:42:12.144Z", "description": "Vulnerability CVE-2025-20333 | Affects: Secure Firewall ASA and FTD devices", "external_references": [ { "external_id": "CVE-2025-20333", "source_name": "cve", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20333" }, { "description": "Cisco became aware of a new attack variant against Secure Firewall ASA and FTD devices", "source_name": "article", "url": "https://securityaffairs.com/?p=184290" } ], "id": "vulnerability--7f1541f5-4a42-413c-a67d-bbdf63ef9866", "labels": [ "vulnerability" ], "modified": "2025-11-07T14:42:12.144Z", "name": "CVE-2025-20333", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "vulnerability" }, { "created": "2025-11-07T14:42:12.145Z", "description": "Vulnerability CVE-2025-12725", "external_references": [ { "external_id": "CVE-2025-12725", "source_name": "cve", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12725" }, { "description": "Chrome 142 Update Patches High-Severity Flaws", "source_name": "article", "url": "https://www.securityweek.com/?p=44216" } ], "id": "vulnerability--48e6c104-44a1-4bc4-bac7-25676b74ded4", "labels": [ "vulnerability" ], "modified": "2025-11-07T14:42:12.145Z", "name": "CVE-2025-12725", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "vulnerability" }, { "created": "2025-11-07T14:42:12.146Z", "description": "Vulnerability CVE-2025-62712", "external_references": [ { "external_id": "CVE-2025-62712", "source_name": "cve", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62712" }, { "description": "JumpServer Connection Token Improper Authentication Vulnerability (CVE-2025-62712) Notice", "source_name": "article", "url": "https://nsfocusglobal.com/?p=32745" } ], "id": "vulnerability--20e05669-0e78-4c9a-afa9-3dd639c4a20d", "labels": [ "vulnerability" ], "modified": "2025-11-07T14:42:12.146Z", "name": "CVE-2025-62712", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "vulnerability" }, { "created": "2025-11-07T14:42:12.146Z", "description": "Vulnerability CVE-2025-12058", "external_references": [ { "external_id": "CVE-2025-12058", "source_name": "cve", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12058" }, { "description": "Data Exposure Vulnerability Found in Deep Learning Tool Keras", "source_name": "article", "url": "https://www.securityweek.com/?p=44226" } ], "id": "vulnerability--7e9472bf-92f4-45f6-a9e1-a9bb2d5de2a9", "labels": [ "vulnerability" ], "modified": "2025-11-07T14:42:12.146Z", "name": "CVE-2025-12058", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "vulnerability" }, { "confidence": 75, "created": "2025-11-07T14:42:12.147Z", "description": "Coordinated exploitation activity targeting CVE-2025-20354", "external_references": [ { "description": "Cisco fixes critical UCCX flaw allowing Root command execution", "source_name": "article", "url": "https://securityaffairs.com/?p=184321" } ], "first_seen": "2025-11-07T11:37:10.000Z", "id": "campaign--8e7fd18a-0fca-4090-9c6e-d244c55e39d8", "last_seen": "2025-11-07T11:37:10.000Z", "modified": "2025-11-07T14:42:12.147Z", "name": "CVE-2025-20354 Exploitation Campaign", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "objective": "Exploitation of CVE-2025-20354 for unauthorized access", "spec_version": "2.1", "type": "campaign" }, { "confidence": 75, "created": "2025-11-07T14:42:12.147Z", "description": "Coordinated exploitation activity targeting CVE-2025-21042", "external_references": [ { "description": "LANDFALL: New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung Devices", "source_name": "article", "url": "https://unit42.paloaltonetworks.com/?p=164365" } ], "first_seen": "2025-11-07T11:00:23.000Z", "id": "campaign--346fb89a-531d-443f-8d90-80728ec47fef", "last_seen": "2025-11-07T11:00:23.000Z", "modified": "2025-11-07T14:42:12.147Z", "name": "CVE-2025-21042 Exploitation Campaign", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "objective": "Exploitation of CVE-2025-21042 for unauthorized access", "spec_version": "2.1", "type": "campaign" }, { "confidence": 75, "created": "2025-11-07T14:42:12.148Z", "description": "Coordinated exploitation activity targeting CVE-2025-20362", "external_references": [ { "description": "Cisco became aware of a new attack variant against Secure Firewall ASA and FTD devices", "source_name": "article", "url": "https://securityaffairs.com/?p=184290" } ], "first_seen": "2025-11-06T18:26:17.000Z", "id": "campaign--3a2f9448-b3d4-421c-b15b-6af2bc526021", "last_seen": "2025-11-06T18:26:17.000Z", "modified": "2025-11-07T14:42:12.148Z", "name": "CVE-2025-20362 Exploitation Campaign", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "objective": "Exploitation of CVE-2025-20362 for unauthorized access", "spec_version": "2.1", "type": "campaign" }, { "confidence": 75, "created": "2025-11-07T14:42:12.148Z", "description": "Coordinated exploitation activity targeting CVE-2025-20333", "external_references": [ { "description": "Cisco became aware of a new attack variant against Secure Firewall ASA and FTD devices", "source_name": "article", "url": "https://securityaffairs.com/?p=184290" } ], "first_seen": "2025-11-06T18:26:17.000Z", "id": "campaign--cf2d59a0-f809-4711-95c1-d02c927bd015", "last_seen": "2025-11-06T18:26:17.000Z", "modified": "2025-11-07T14:42:12.148Z", "name": "CVE-2025-20333 Exploitation Campaign", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "objective": "Exploitation of CVE-2025-20333 for unauthorized access", "spec_version": "2.1", "type": "campaign" }, { "confidence": 75, "created": "2025-11-07T14:42:12.148Z", "description": "Coordinated exploitation activity targeting CVE-2025-12725", "external_references": [ { "description": "Chrome 142 Update Patches High-Severity Flaws", "source_name": "article", "url": "https://www.securityweek.com/?p=44216" } ], "first_seen": "2025-11-07T10:35:59.000Z", "id": "campaign--69abf53b-8fe2-42d0-8acf-430304aa4705", "last_seen": "2025-11-07T10:35:59.000Z", "modified": "2025-11-07T14:42:12.148Z", "name": "CVE-2025-12725 Exploitation Campaign", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "objective": "Exploitation of CVE-2025-12725 for unauthorized access", "spec_version": "2.1", "type": "campaign" }, { "confidence": 75, "created": "2025-11-07T14:42:12.149Z", "description": "Coordinated exploitation activity targeting CVE-2025-62712", "external_references": [ { "description": "JumpServer Connection Token Improper Authentication Vulnerability (CVE-2025-62712) Notice", "source_name": "article", "url": "https://nsfocusglobal.com/?p=32745" } ], "first_seen": "2025-11-07T04:02:25.000Z", "id": "campaign--53fb3cdb-6657-4567-8a11-58586a38ff41", "last_seen": "2025-11-07T04:02:25.000Z", "modified": "2025-11-07T14:42:12.149Z", "name": "CVE-2025-62712 Exploitation Campaign", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "objective": "Exploitation of CVE-2025-62712 for unauthorized access", "spec_version": "2.1", "type": "campaign" }, { "confidence": 75, "created": "2025-11-07T14:42:12.149Z", "description": "Coordinated exploitation activity targeting CVE-2025-12058", "external_references": [ { "description": "Data Exposure Vulnerability Found in Deep Learning Tool Keras", "source_name": "article", "url": "https://www.securityweek.com/?p=44226" } ], "first_seen": "2025-11-07T13:41:01.000Z", "id": "campaign--9fb66020-fb13-44a1-8dd8-40e54c4151b6", "last_seen": "2025-11-07T13:41:01.000Z", "modified": "2025-11-07T14:42:12.149Z", "name": "CVE-2025-12058 Exploitation Campaign", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "objective": "Exploitation of CVE-2025-12058 for unauthorized access", "spec_version": "2.1", "type": "campaign" }, { "action_type": "remediate", "created": "2025-11-07T14:42:12.150Z", "description": "Apply security updates and patches to address CVE-2025-20354", "external_references": [ { "description": "NVD entry with patch information", "source_name": "nvd", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20354" }, { "description": "Cybersecurity Snapshot: AI Will Take Center Stage in Cyber in 2026, Google Says, as MITRE Revamps ATT&CK Framework", "source_name": "article", "url": "https://www.tenable.com/210511" } ], "id": "course-of-action--c732e25b-e860-4a00-87dc-7112c8f2d0ce", "modified": "2025-11-07T14:42:12.150Z", "name": "Mitigate CVE-2025-20354", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "course-of-action" }, { "action_type": "remediate", "created": "2025-11-07T14:42:12.150Z", "description": "Apply security updates and patches to address CVE-2025-21042", "external_references": [ { "description": "NVD entry with patch information", "source_name": "nvd", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21042" }, { "description": "Cybersecurity Snapshot: AI Will Take Center Stage in Cyber in 2026, Google Says, as MITRE Revamps ATT&CK Framework", "source_name": "article", "url": "https://www.tenable.com/210511" } ], "id": "course-of-action--6f2928cc-10d3-4e55-b582-db53b55d7618", "modified": "2025-11-07T14:42:12.150Z", "name": "Mitigate CVE-2025-21042", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "course-of-action" }, { "action_type": "remediate", "created": "2025-11-07T14:42:12.150Z", "description": "Apply security updates and patches to address CVE-2025-20362", "external_references": [ { "description": "NVD entry with patch information", "source_name": "nvd", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20362" }, { "description": "Cybersecurity Snapshot: AI Will Take Center Stage in Cyber in 2026, Google Says, as MITRE Revamps ATT&CK Framework", "source_name": "article", "url": "https://www.tenable.com/210511" } ], "id": "course-of-action--51df1669-008f-41fa-843f-6860f86df328", "modified": "2025-11-07T14:42:12.150Z", "name": "Mitigate CVE-2025-20362", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "course-of-action" }, { "action_type": "remediate", "created": "2025-11-07T14:42:12.150Z", "description": "Apply security updates and patches to address CVE-2025-20333", "external_references": [ { "description": "NVD entry with patch information", "source_name": "nvd", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20333" }, { "description": "Cybersecurity Snapshot: AI Will Take Center Stage in Cyber in 2026, Google Says, as MITRE Revamps ATT&CK Framework", "source_name": "article", "url": "https://www.tenable.com/210511" } ], "id": "course-of-action--1ea740cb-3af3-4639-b724-b2da087969f1", "modified": "2025-11-07T14:42:12.150Z", "name": "Mitigate CVE-2025-20333", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "course-of-action" }, { "action_type": "remediate", "created": "2025-11-07T14:42:12.150Z", "description": "Apply security updates and patches to address CVE-2025-12725", "external_references": [ { "description": "NVD entry with patch information", "source_name": "nvd", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12725" }, { "description": "Cybersecurity Snapshot: AI Will Take Center Stage in Cyber in 2026, Google Says, as MITRE Revamps ATT&CK Framework", "source_name": "article", "url": "https://www.tenable.com/210511" } ], "id": "course-of-action--d5b5bd56-2b8e-4c99-ab37-90faac16b6db", "modified": "2025-11-07T14:42:12.150Z", "name": "Mitigate CVE-2025-12725", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "course-of-action" }, { "action_type": "remediate", "created": "2025-11-07T14:42:12.150Z", "description": "Apply security updates and patches to address CVE-2025-62712", "external_references": [ { "description": "NVD entry with patch information", "source_name": "nvd", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62712" }, { "description": "Cybersecurity Snapshot: AI Will Take Center Stage in Cyber in 2026, Google Says, as MITRE Revamps ATT&CK Framework", "source_name": "article", "url": "https://www.tenable.com/210511" } ], "id": "course-of-action--f52a2e07-56cf-4786-b824-294330345a2f", "modified": "2025-11-07T14:42:12.150Z", "name": "Mitigate CVE-2025-62712", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "course-of-action" }, { "action_type": "remediate", "created": "2025-11-07T14:42:12.150Z", "description": "Apply security updates and patches to address CVE-2025-12058", "external_references": [ { "description": "NVD entry with patch information", "source_name": "nvd", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12058" }, { "description": "Cybersecurity Snapshot: AI Will Take Center Stage in Cyber in 2026, Google Says, as MITRE Revamps ATT&CK Framework", "source_name": "article", "url": "https://www.tenable.com/210511" } ], "id": "course-of-action--c590c171-314b-4c28-9f13-1d8e91b1f2dd", "modified": "2025-11-07T14:42:12.150Z", "name": "Mitigate CVE-2025-12058", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "spec_version": "2.1", "type": "course-of-action" }, { "id": "domain-name--00b50ddd-3079-454d-829f-570ecf20ef9d", "spec_version": "2.1", "type": "domain-name", "value": "ndss-symposi..." }, { "id": "url--b85d41c1-93ef-4e50-a91b-b229ca5be38d", "spec_version": "2.1", "type": "url", "value": "https://www.ndss-symposi..." }, { "confidence": 90, "created": "2025-11-07T14:42:12.104Z", "description": "Malicious domain-name identified in threat intelligence", "id": "indicator--941d2f92-3c8e-4d54-acdb-02ccb5966b97", "labels": [ "malicious-activity" ], "modified": "2025-11-07T14:42:12.104Z", "name": "Malicious domain-name indicator", "pattern": "[domain-name:value = 'ndss-symposi...']", "pattern_type": "stix", "spec_version": "2.1", "type": "indicator", "valid_from": "2025-11-07T14:42:12.104Z" }, { "created": "2025-11-07T14:42:12.104Z", "id": "relationship--d2ec0a5c-9aa2-4ed3-82fd-6a8a4afd2907", "modified": "2025-11-07T14:42:12.104Z", "relationship_type": "based-on", "source_ref": "indicator--941d2f92-3c8e-4d54-acdb-02ccb5966b97", "spec_version": "2.1", "target_ref": "domain-name--00b50ddd-3079-454d-829f-570ecf20ef9d", "type": "relationship" }, { "confidence": 90, "created": "2025-11-07T14:42:12.122Z", "description": "Malicious url identified in threat intelligence", "id": "indicator--ae3952b3-0416-4a1b-8db4-2358cd49539e", "labels": [ "malicious-activity" ], "modified": "2025-11-07T14:42:12.122Z", "name": "Malicious url indicator", "pattern": "[url:value = 'https://www.ndss-symposi...']", "pattern_type": "stix", "spec_version": "2.1", "type": "indicator", "valid_from": "2025-11-07T14:42:12.122Z" }, { "created": "2025-11-07T14:42:12.122Z", "id": "relationship--4b28d062-d1b6-49e4-ae66-4061833635c7", "modified": "2025-11-07T14:42:12.122Z", "relationship_type": "based-on", "source_ref": "indicator--ae3952b3-0416-4a1b-8db4-2358cd49539e", "spec_version": "2.1", "target_ref": "url--b85d41c1-93ef-4e50-a91b-b229ca5be38d", "type": "relationship" }, { "created": "2025-11-07T14:42:13.323Z", "description": "CVE-2025-20354 is mitigated by Mitigate CVE-2025-20354", "id": "relationship--849526fa-1339-47c5-a721-027274fab655", "modified": "2025-11-07T14:42:13.323Z", "relationship_type": "mitigated-by", "source_ref": "vulnerability--afd2bf9a-81c7-4e45-aec8-31a10a85bdae", "spec_version": "2.1", "target_ref": "course-of-action--c732e25b-e860-4a00-87dc-7112c8f2d0ce", "type": "relationship" }, { "created": "2025-11-07T14:42:13.323Z", "description": "CVE-2025-21042 is mitigated by Mitigate CVE-2025-21042", "id": "relationship--0c522bf7-5a66-4882-a137-17bb5f599137", "modified": "2025-11-07T14:42:13.323Z", "relationship_type": "mitigated-by", "source_ref": "vulnerability--ab888beb-bcbd-4add-b97a-32284df02868", "spec_version": "2.1", "target_ref": "course-of-action--6f2928cc-10d3-4e55-b582-db53b55d7618", "type": "relationship" }, { "created": "2025-11-07T14:42:13.323Z", "description": "CVE-2025-20362 is mitigated by Mitigate CVE-2025-20362", "id": "relationship--a32287d0-9105-436e-911e-6c9fe78414c2", "modified": "2025-11-07T14:42:13.323Z", "relationship_type": "mitigated-by", "source_ref": "vulnerability--01d74e36-543a-4cea-86f9-3853da144954", "spec_version": "2.1", "target_ref": "course-of-action--51df1669-008f-41fa-843f-6860f86df328", "type": "relationship" }, { "created": "2025-11-07T14:42:13.323Z", "description": "CVE-2025-20333 is mitigated by Mitigate CVE-2025-20333", "id": "relationship--958ef7dd-6f64-4409-a50c-fff1d57809bf", "modified": "2025-11-07T14:42:13.323Z", "relationship_type": "mitigated-by", "source_ref": "vulnerability--7f1541f5-4a42-413c-a67d-bbdf63ef9866", "spec_version": "2.1", "target_ref": "course-of-action--1ea740cb-3af3-4639-b724-b2da087969f1", "type": "relationship" }, { "created": "2025-11-07T14:42:13.323Z", "description": "CVE-2025-12725 is mitigated by Mitigate CVE-2025-12725", "id": "relationship--a3133e0f-e8f2-4014-84bb-de87b30ed48d", "modified": "2025-11-07T14:42:13.323Z", "relationship_type": "mitigated-by", "source_ref": "vulnerability--48e6c104-44a1-4bc4-bac7-25676b74ded4", "spec_version": "2.1", "target_ref": "course-of-action--d5b5bd56-2b8e-4c99-ab37-90faac16b6db", "type": "relationship" }, { "created": "2025-11-07T14:42:13.323Z", "description": "CVE-2025-62712 is mitigated by Mitigate CVE-2025-62712", "id": "relationship--c0f1352c-f5d4-47f9-91d5-2cbb313d50da", "modified": "2025-11-07T14:42:13.323Z", "relationship_type": "mitigated-by", "source_ref": "vulnerability--20e05669-0e78-4c9a-afa9-3dd639c4a20d", "spec_version": "2.1", "target_ref": "course-of-action--f52a2e07-56cf-4786-b824-294330345a2f", "type": "relationship" }, { "created": "2025-11-07T14:42:13.323Z", "description": "CVE-2025-12058 is mitigated by Mitigate CVE-2025-12058", "id": "relationship--5282bd2f-e8c1-4a6f-80eb-5d25e5b2bd75", "modified": "2025-11-07T14:42:13.323Z", "relationship_type": "mitigated-by", "source_ref": "vulnerability--7e9472bf-92f4-45f6-a9e1-a9bb2d5de2a9", "spec_version": "2.1", "target_ref": "course-of-action--c590c171-314b-4c28-9f13-1d8e91b1f2dd", "type": "relationship" }, { "created": "2025-11-07T14:42:13.323Z", "description": "CVE-2025-20354 Exploitation Campaign targets CVE-2025-20354", "id": "relationship--24c18a4c-6e4c-4a12-aca4-0a6bc8e8162e", "modified": "2025-11-07T14:42:13.323Z", "relationship_type": "targets", "source_ref": "campaign--8e7fd18a-0fca-4090-9c6e-d244c55e39d8", "spec_version": "2.1", "target_ref": "vulnerability--afd2bf9a-81c7-4e45-aec8-31a10a85bdae", "type": "relationship" }, { "created": "2025-11-07T14:42:13.323Z", "description": "CVE-2025-21042 Exploitation Campaign targets CVE-2025-21042", "id": "relationship--535ab060-5fb5-4307-994d-3defb9bae13e", "modified": "2025-11-07T14:42:13.323Z", "relationship_type": "targets", "source_ref": "campaign--346fb89a-531d-443f-8d90-80728ec47fef", "spec_version": "2.1", "target_ref": "vulnerability--ab888beb-bcbd-4add-b97a-32284df02868", "type": "relationship" }, { "created": "2025-11-07T14:42:13.323Z", "description": "CVE-2025-20362 Exploitation Campaign targets CVE-2025-20362", "id": "relationship--cae24efe-26a6-49e4-99c0-3bfafda3884d", "modified": "2025-11-07T14:42:13.323Z", "relationship_type": "targets", "source_ref": "campaign--3a2f9448-b3d4-421c-b15b-6af2bc526021", "spec_version": "2.1", "target_ref": "vulnerability--01d74e36-543a-4cea-86f9-3853da144954", "type": "relationship" }, { "created": "2025-11-07T14:42:13.323Z", "description": "CVE-2025-20333 Exploitation Campaign targets CVE-2025-20333", "id": "relationship--e9e4fe5f-c8ad-4616-b07c-c208b525ce20", "modified": "2025-11-07T14:42:13.323Z", "relationship_type": "targets", "source_ref": "campaign--cf2d59a0-f809-4711-95c1-d02c927bd015", "spec_version": "2.1", "target_ref": "vulnerability--7f1541f5-4a42-413c-a67d-bbdf63ef9866", "type": "relationship" }, { "created": "2025-11-07T14:42:13.323Z", "description": "CVE-2025-12725 Exploitation Campaign targets CVE-2025-12725", "id": "relationship--3f2aab91-2939-4e95-94fb-ae41dd83cb62", "modified": "2025-11-07T14:42:13.323Z", "relationship_type": "targets", "source_ref": "campaign--69abf53b-8fe2-42d0-8acf-430304aa4705", "spec_version": "2.1", "target_ref": "vulnerability--48e6c104-44a1-4bc4-bac7-25676b74ded4", "type": "relationship" }, { "created": "2025-11-07T14:42:13.323Z", "description": "CVE-2025-62712 Exploitation Campaign targets CVE-2025-62712", "id": "relationship--8894e628-b68b-4f17-8a1d-d7ba70b7331e", "modified": "2025-11-07T14:42:13.323Z", "relationship_type": "targets", "source_ref": "campaign--53fb3cdb-6657-4567-8a11-58586a38ff41", "spec_version": "2.1", "target_ref": "vulnerability--20e05669-0e78-4c9a-afa9-3dd639c4a20d", "type": "relationship" }, { "created": "2025-11-07T14:42:13.323Z", "description": "CVE-2025-12058 Exploitation Campaign targets CVE-2025-12058", "id": "relationship--0aba6bbc-dbd8-40c0-a225-26f34b4d1fcb", "modified": "2025-11-07T14:42:13.323Z", "relationship_type": "targets", "source_ref": "campaign--9fb66020-fb13-44a1-8dd8-40e54c4151b6", "spec_version": "2.1", "target_ref": "vulnerability--7e9472bf-92f4-45f6-a9e1-a9bb2d5de2a9", "type": "relationship" } ], "type": "bundle" }

Playbook for the Secure Enterprise

Compliance Impact Scoreboard

CyberSecurity Latest Rundown

CRITICAL ITEMS

HIGH SEVERITY ITEMS

EXECUTIVE INSIGHTS

VENDOR SPOTLIGHT

DETECTION & RESPONSE KIT

Cookie Notice

STIX 2.1 Threat Intelligence Bundle

If you like MikeGPT CyberSecurity Newsletter, spread the word.