🇺🇸 To the special brand of heroes who gave all, thank you. This site is meant to bestow a vocabulary so teams may guard against digital threats, but there are still no words for those who those who went to places--much of the time places they had never heard of--only never to return. 🇺🇸
Here's a look at the cybersecurity landscape for November 11, 2025.
Google's Mandiant reports active n-day exploitation of a critical authentication bypass vulnerability in Gladinet's Triofox file-sharing platform. Tracked as CVE-2025-12480, the flaw allows unauthenticated attackers to gain access and deploy remote access tools. This represents an immediate and severe threat to organizations utilizing this platform for secure file sharing and remote access.
Business impact
Successful exploitation can lead to a full network compromise, data exfiltration, and subsequent ransomware deployment. As the vulnerability bypasses authentication, it nullifies a primary security control, placing all sensitive corporate data managed by the platform at high risk of exposure and theft.
Recommended action
Deploy the vendor-supplied patch for CVE-2025-12480 immediately across all affected systems. Initiate threat hunting activities focusing on unusual outbound network connections from Triofox servers and the presence of unauthorized remote access software or suspicious scheduled tasks.
A new Android Remote Access Trojan (RAT) named 'Fantasy Hub' is being distributed on Russian-speaking Telegram channels under a Malware-as-a-Service (MaaS) model. This service lowers the barrier to entry for threat actors, enabling them to easily launch espionage and device control campaigns against Android users.
Business impact
For organizations with Bring Your Own Device (BYOD) policies, infected personal devices can act as a gateway into the corporate network. This could facilitate corporate espionage, theft of sensitive credentials, and interception of multi-factor authentication codes, undermining enterprise security.
Recommended action
Enforce strict Mobile Device Management (MDM) policies that prohibit application sideloading and installation from untrusted or third-party sources. Conduct user awareness training focused on the risks of downloading applications from outside official app stores.
New research from Cisco reveals that open-weight AI models are susceptible to 'conversational persistence' attacks. In long, multi-turn conversations, attackers can gradually bypass built-in security safeguards, potentially leading to data exposure or malicious output generation. This highlights a significant and emerging attack surface in enterprise AI deployments.
Business impact
Exploitation of these vulnerabilities in customer-facing or internal AI agents could lead to the leakage of proprietary data, manipulation of business processes, or reputational damage. As AI integration deepens, these security flaws pose a growing risk to data confidentiality and operational integrity.
Recommended action
Security and development teams should implement strict input validation and context-reset mechanisms for AI chat applications. Monitor conversations for anomalous patterns and consider limiting the length or complexity of interactions with public-facing AI models.
A sophisticated scam technique known as 'ClickFix' is gaining traction, successfully compromising both macOS and Windows users. The method is notable for its ability to bypass most endpoint protection solutions, making it a stealthy and effective infection vector for unsuspecting users.
Business impact
This technique poses a significant threat to corporate environments, as a compromised employee device can lead to credential theft, malware propagation, and financial fraud. Its evasion capabilities mean initial infections may go undetected by standard security tools, allowing attackers a persistent foothold.
Recommended action
Distribute an urgent security advisory to all employees detailing the 'ClickFix' threat. Update security awareness training to include specific examples of this social engineering tactic. Configure EDR solutions for heightened behavioral monitoring to catch post-exploitation activities that signature-based tools might miss.
A malicious npm package, `@acitons/artifact`, has been identified typosquatting the official `@actions/artifact` library. The package is specifically designed to execute malicious code during the build process of a GitHub-owned repository, creating a severe software supply chain risk.
Business impact
If this malicious package is integrated into a CI/CD pipeline, it could exfiltrate source code, API keys, credentials, and other secrets from the build environment. This could compromise the integrity of the software development lifecycle and lead to a breach of the organization's core intellectual property.
Recommended action
Immediately audit all CI/CD pipelines and developer environments to ensure the typosquatted package `@acitons/artifact` is not in use. Implement automated dependency scanning tools capable of detecting typosquatting and other supply chain attack vectors.
Google is actively encouraging Gmail users to adopt passkeys, moving away from traditional passwords in response to the increasing sophistication of phishing attacks. This industry-wide shift towards stronger, phishing-resistant authentication methods marks a critical evolution in identity and access management.
Business impact
The adoption of passkeys can significantly reduce the risk of account takeovers stemming from phishing and credential stuffing attacks. However, organizations must prepare their infrastructure and user base for this transition to ensure a smooth and secure rollout.
Recommended action
Develop a strategic roadmap for adopting passkeys and other passwordless authentication methods within your organization. Begin by identifying critical applications for pilot programs and create user training materials to facilitate the transition.
BigBear.ai's acquisition of Ask Sage for approximately $250 million signals a major consolidation in the secure AI market for the public sector. This move highlights the growing demand for generative AI platforms that can be safely deployed within defense, intelligence, and other highly regulated government environments, emphasizing a market shift towards security-first AI solutions.
Microsoft's latest progress report on its Secure Future Initiative (SFI) details ongoing efforts to enhance product resilience and innovate in cybersecurity. For executives, this report provides insight into the strategic priorities of a major technology provider, indicating future directions in cloud security, AI-driven defense, and threat intelligence that will shape enterprise security stacks.
Research from KAIST into mathematically correct, automatic C-to-Rust code conversion represents a significant step towards mitigating memory safety vulnerabilities, a root cause of many critical exploits. This technological advancement could fundamentally improve the security of legacy systems and critical infrastructure by enabling a transition to a more secure programming language, reducing long-term systemic risk.
Spotlight Rationale: Today's critical alert on the active exploitation of the Triofox file-sharing platform ([CVE-2025-12480](https://nvd.nist.gov/vuln/detail/CVE-2025-12480)) underscores the danger of application-level vulnerabilities that bypass traditional network and endpoint defenses. Intelligence from Contrast Security itself notes that traditional tools often miss sophisticated application attacks, making their runtime-focused approach highly relevant.
Contrast Security's RASP platform instruments applications from within the runtime environment. This allows it to detect and block attacks targeting application logic, such as the authentication bypass in CVE-2025-12480, by observing anomalous behavior in real-time. Unlike a WAF, which inspects traffic, RASP has full context of the application's code execution, enabling it to identify and stop exploits without relying on pre-existing signatures.
Actionable Platform Guidance: Deploy the Contrast Security agent on servers running Triofox. In the Contrast UI, configure a custom policy in Protect mode to specifically monitor for and block suspicious sequences related to authentication checks and file system access. For example, create a rule that blocks any session that accesses sensitive file-sharing functions without having passed through the primary authentication module first.
# Contrast Security RASP Policy for CVE-2025-12480 Mitigation
# Navigate to: Policies -> Add New Policy
1. **Policy Name:** Block Triofox Auth Bypass (CVE-2025-12480)
2. **Select Application:** Choose the Triofox application from the list.
3. **Mode:** Set to 'Block'.
4. **Configure Rules:**
* Enable the 'Authentication' rule category.
* Add a custom rule for 'Path Traversal' and apply it to the Triofox application's known file access directories.
* Create a 'Virtual Patch' rule targeting the specific method or class responsible for the authentication check in Triofox (if known). Set the action to 'Log & Block' any attempts to call downstream functions without this check being satisfied.
5. **Save and Apply Policy.**
6. **Verification:** Monitor the 'Attacks' dashboard for any blocked events related to this policy, confirming the agent is correctly identifying and stopping exploit attempts.
2. YARA Rule for Triofox Exploitation Artifacts (CVE-2025-12480)
rule Triofox_Exploitation_IOC_CVE_2025_12480 {
meta:
description = "Detects potential artifacts related to the exploitation of Triofox CVE-2025-12480, including suspicious script files or remote access tools dropped in web directories."
author = "Threat Rundown"
date = "2025-11-11"
reference = "https://thehackernews.com/2025/11/hackers-exploiting-triofox-flaw-to.html"
severity = "high"
tlp = "white"
strings:
$s1 = "Gladinet.Triofox.Server.exe" ascii wide
$s2 = "/portal/antivirus-result.aspx" ascii wide // A potential vector mentioned in reporting
$s3 = "cmd.exe /c" ascii wide
$s4 = "powershell -enc" ascii wide
condition:
(uint16(0) == 0x5a4d) and // Is a PE file
filesize < 2MB and
(all of ($s1, $s2) or all of ($s1, $s3) or all of ($s1, $s4))
}
index=endpoint sourcetype="sysmon" EventCode=1
(ParentImage="*\\Gladinet\\Triofox\\*.exe" OR Image="*\\Gladinet\\Triofox\\*.exe")
| search (Image IN ("*\\cmd.exe", "*\\powershell.exe", "*\\wscript.exe", "*\\cscript.exe") OR CommandLine IN ("*curl*", "*wget*", "*certutil*"))
| eval risk_score=case(
ParentImage="*\\Gladinet\\Triofox\\*.exe" AND Image IN ("*\\cmd.exe", "*\\powershell.exe"), 90,
Image="*\\Gladinet\\Triofox\\*.exe" AND CommandLine IN ("*curl*", "*wget*"), 75,
1==1, 50)
| where risk_score >= 75
| table _time, host, ParentImage, Image, CommandLine, risk_score
| sort -_time
4. PowerShell Script — Triofox IOC Hunter
<#
.SYNOPSIS
Checks for indicators of compromise related to CVE-2025-12480 on a local or remote machine running Triofox.
.DESCRIPTION
This script checks for suspicious child processes of the Triofox server and looks for recently created executable files in common web-accessible directories.
#>
param (
[string[]]$ComputerName = $env:COMPUTERNAME
)
$triofoxPath = "C:\Program Files\Gladinet\Triofox\"
$suspiciousProcesses = @("cmd", "powershell", "wscript", "cscript", "certutil")
foreach ($computer in $ComputerName) {
Write-Host "[*] Checking system: $computer"
if (Test-Connection -ComputerName $computer -Count 1 -Quiet) {
try {
# Check for suspicious child processes spawned by Triofox
$triofoxProcs = Get-CimInstance -ClassName Win32_Process -ComputerName $computer -Filter "Name LIKE '%Gladinet.Triofox.Server.exe%'" -ErrorAction Stop
foreach ($proc in $triofoxProcs) {
$childProcs = Get-CimInstance -ClassName Win32_Process -ComputerName $computer -Filter "ParentProcessId = $($proc.ProcessId)"
foreach ($child in $childProcs) {
if ($suspiciousProcesses -contains $child.Name.Split('.')[0]) {
Write-Warning "[!] Suspicious child process found on $computer: $($child.Name) (PID: $($child.ProcessId)) with parent Triofox (PID: $($proc.ProcessId))"
}
}
}
# Check for suspicious files created in the last 24 hours
$webDirs = Get-ChildItem -Path $triofoxPath -Recurse -Directory -Filter "portal"
foreach ($dir in $webDirs) {
$recentFiles = Get-ChildItem -Path $dir.FullName -Include *.exe, *.dll, *.ps1, *.bat -Recurse | Where-Object { $_.CreationTime -gt (Get-Date).AddHours(-24) }
if ($recentFiles) {
Write-Warning "[!] Found recently created suspicious files in $($dir.FullName) on $computer:"
$recentFiles | ForEach-Object { Write-Host " - $($_.FullName)" }
}
}
} catch {
Write-Error "Failed to query $computer: $($_.Exception.Message)"
}
} else {
Write-Error "Cannot connect to $computer."
}
}
This rundown should provide a solid overview of the current threat landscape. Thank you to all our cyberheroes for your diligence and hard work. Stay vigilant!
Cookie Notice
We use essential cookies to provide our cybersecurity newsletter service and analytics cookies to improve your experience. We respect your privacy and comply with GDPR requirements.
About STIX 2.1: Structured Threat Information eXpression (STIX) is the machine language of cybersecurity. This bundle contains validated threat objects, indicators, and relationships that can be directly imported into your SIEM, TIP, or security orchestration platform.
Usage: Download or copy the JSON below and import it directly into your threat intelligence platform, SIEM, or security orchestration tools for automated threat detection and response.
{
"type": "bundle",
"id": "bundle--c2bff0ec-0499-40c9-91e6-3c92d8a98cb3",
"objects": [
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487",
"created": "2022-10-01T00:00:00.000Z",
"definition_type": "tlp:2.0",
"name": "TLP:CLEAR",
"definition": {
"tlp": "clear"
}
},
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--82f7f9be-cf27-4943-905d-bf5b7fd495d2",
"created": "2025-11-11T18:18:27.101Z",
"modified": "2025-11-11T18:18:27.101Z",
"name": "MikeGPT Intelligence Platform",
"description": "AI-powered threat intelligence collection and analysis platform providing automated cybersecurity intelligence feeds",
"identity_class": "organization",
"sectors": [
"technology",
"defense"
],
"contact_information": "Website: https://mikegptai.com | Email: intel@mikegptai.com",
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--c57327dc-8699-4d4d-b4e6-a6c9aedf22ff",
"created": "2025-11-11T18:18:27.101Z",
"modified": "2025-11-11T18:18:27.101Z",
"name": "Threat Intelligence Report - 2025-11-11",
"description": "Threat Intelligence Report - 2025-11-11\n\nThis report consolidates actionable cybersecurity intelligence from 91 sources, processed through automated threat analysis and relationship extraction.\n\nKEY FINDINGS:\n• BigBear.ai to buy Ask Sage, strengthening security-centric AI for federal agencies (Score: 100)\n• Google’s Latest Security Push Marks the Slow Death of Passwords (Score: 100)\n• Cisco Finds Open-Weight AI Models Easy to Exploit in Long Chats (Score: 100)\n• Quantum Route Redirect PhaaS targets Microsoft 365 users worldwide (Score: 100)\n• Battle Compliance Confusion and Security Fatigue with Qualys and ServiceNow (Score: 100)\n\nEXTRACTED ENTITIES:\n• 38 Attack Pattern(s)\n• 8 Campaign(s)\n• 1 Course Of Action(s)\n• 1 Indicator(s)\n• 1 Intrusion Set(s)\n• 15 Location(s)\n• 47 Malware(s)\n• 1 Marking Definition(s)\n• 36 Relationship(s)\n• 12 Threat Actor(s)\n• 7 Tool(s)\n• 15 Vulnerability(s)\n\nCONFIDENCE ASSESSMENT:\nVariable confidence scoring applied based on entity type and intelligence source reliability. Confidence ranges from 30-95% reflecting professional intelligence assessment practices.\n\nGENERATION METADATA:\n- Processing Time: Automated\n- Validation: Three-LLM consensus committee\n- Standards Compliance: STIX 2.1\n",
"published": "2025-11-11T18:18:27.101Z",
"object_refs": [
"identity--82f7f9be-cf27-4943-905d-bf5b7fd495d2",
"vulnerability--8f735ec2-8220-4b83-9a8c-a0835387a0a3",
"vulnerability--792ede9b-8de1-4c9a-91a0-e3f210f0d032",
"vulnerability--5aa023ed-89ff-455f-a14b-06d7a32d06cd",
"vulnerability--960fba5c-f3c4-4800-8756-f284eec96652",
"vulnerability--6010829c-9633-4789-9611-a16db23db2f2",
"vulnerability--79785aec-b79d-4b48-9193-077cbe55287a",
"vulnerability--a9612828-7f11-4309-be11-9f187e26e457",
"vulnerability--42ef99bb-338a-4d7e-907d-09e0a7806721",
"vulnerability--39cf974d-29cd-453a-92b0-aacee7aa323e",
"vulnerability--5f025007-20c8-4ccf-bfb6-a845e768c5eb",
"malware--605c817b-0ca8-4c4f-8961-7dd094ee058b",
"identity--7a97dfb8-5ca7-49d1-aa53-fe9c78a3853d",
"vulnerability--2ce0c1a5-da9a-4507-8424-5cac0a7bdc24",
"threat-actor--26eca839-6996-4355-b556-31d7e4bd0671",
"vulnerability--75209a3b-2817-47f1-b38d-3b0e59249e1d",
"identity--78652a32-1d49-42fb-a7b1-5c6f8bfb3581",
"vulnerability--ed3de346-93c1-4c44-867e-0a775a7fa8e3",
"vulnerability--1256edd4-a495-44a4-86b1-0740bb38277e",
"malware--44927346-2d9c-445c-8c5e-7dcdc2fbdec2",
"malware--6be03c76-ed62-49ad-8d6a-8d6edc139482",
"malware--3e45ebc9-bae3-4704-86a9-44abdb347667",
"malware--a1fb60fd-66bc-4b59-93c9-962366cafc2a",
"threat-actor--ff08fc2e-94c4-4b43-9534-46cf3ca829d7",
"threat-actor--d31be0f2-c18f-47fc-8c98-44257348d6ca",
"threat-actor--632cf54c-908b-4cc4-aed0-0d1937468924",
"threat-actor--4252968b-3f54-481e-bb3b-2e3b30c275e3",
"identity--2d677b32-42d6-4ae8-a662-4c9bb04de1b8",
"malware--7cc3f9a2-daea-458e-a385-314141c7ae13",
"identity--6e0f3149-d6f1-4ada-9805-3e656b4318ae",
"identity--5fb634f4-4efc-4668-9397-71cf3601ffae",
"intrusion-set--7ff82b53-a7ae-4331-be8f-9624439d3106",
"identity--1abdf29f-9fe3-478e-b225-610c02d5b71e",
"identity--15a8eecf-1ec3-47c8-a984-463663f1f6ef",
"attack-pattern--86775379-7666-49ed-b92b-48c360342708",
"malware--9fea6585-318d-4805-b8d1-1cdd2b3881ca",
"malware--743fd0cd-4279-4ce4-aed2-d58784f3031c",
"threat-actor--2607de8b-b3f2-45d2-beb8-6277dfbeb4b9",
"malware--46a0b253-36c0-4c14-bdf6-40460c8bb029",
"identity--de165938-73e8-4c1e-92f2-1b7832514832",
"identity--15d433d8-67cd-4bf6-a69d-b0c73b67f58e",
"malware--622d89f5-39ec-4c12-9e59-72477cefd1ab",
"malware--9c0dd3c2-3017-43bd-9b16-4b60a3d61120",
"threat-actor--1c24883b-5440-48be-89b4-b0c9d2b0646b",
"identity--23f126ae-d9bd-497b-9eb9-63af757eb466",
"malware--fa4c643a-e54a-4f71-aa1c-4bb424bb6db5",
"malware--d1b982de-9a91-4b3f-afe9-f09f8d466881",
"malware--c1213cab-cfa6-47a2-b43b-7af4967ec05a",
"identity--cba0f55e-7bb3-4ae6-b0f8-048dae21e7f3",
"identity--ad194b40-4a7d-4618-9298-c15574c0cf77",
"malware--ffa5aef9-e5ae-485c-b748-1db12e072806",
"identity--6c5b43ba-1151-49f5-aea4-5130de5e46ba",
"identity--ec073fc7-bb30-4c07-8aa0-9d1d51058897",
"threat-actor--aed4bc51-33b0-4736-bcb7-17aea7c56aa9",
"identity--6b8db019-ba56-4716-bbd3-bab18737fef4",
"tool--9fb8a1b4-5c61-44e4-90e1-494f8de4d8d6",
"malware--bbe568e2-469f-4f6e-894f-9004f60be5a5",
"tool--9f804692-3dad-41b3-b550-5a7ca93e97a9",
"threat-actor--59aae272-74d1-4419-b6d7-48ca8d0af280",
"malware--4267370b-1057-49a4-942f-fcb4c563aacc",
"tool--c2210051-55ab-4475-801e-0134045250d9",
"identity--37a6c73b-081d-4c71-a467-5ccabd7ab329",
"identity--a57d502c-4e82-41ec-9234-875d491343fa",
"identity--9fa139c1-5ce0-4ccf-9d02-1e0f8c2f38f6",
"malware--8a13dba8-08ba-42eb-b07b-0712d0ad6082",
"malware--9c959f03-a85c-4ccb-b73e-c55b0e32e5c2",
"threat-actor--fa23fba6-5aba-458c-b415-59ec946c866d",
"tool--8296b0e0-ae1f-45b6-8de0-1c1a4a5e05c5",
"malware--6f4456e2-6dc0-4521-ba8e-cabeff00859c",
"identity--bf415032-9753-40fd-aa77-45a09f6f767d",
"threat-actor--d61efa5c-464b-456c-a119-3d0fa06440fc",
"malware--1cddedd9-b8e1-4176-90a1-a8b5ed7613a4",
"attack-pattern--22092a47-7fd2-4602-90b1-61623bb89079",
"malware--2d7ce7de-e032-4043-8963-4c014393a48f",
"malware--5e5e274e-42ad-4cf9-86fc-12db386831e5",
"location--c92adf8f-1739-4c88-895d-06a7f2948f2e",
"attack-pattern--78a1ad04-d1a7-4bf8-8006-34af1fd1d770",
"identity--ce2e69c6-c194-4ca1-8ccd-65c1ce21af1b",
"location--554766a1-5093-4b60-9732-aa6d14becb18",
"tool--91088445-edc4-4d00-864c-785446cbb1af",
"identity--f8278a12-ae20-4c3f-9977-3dd4feafc099",
"identity--01b0e443-1611-4441-beba-d4f250c69101",
"tool--2bd39da2-1744-453b-8891-2872e72c94bb",
"location--79365b11-f080-4c12-97f5-45b7784679a6",
"threat-actor--a2bc0cc6-3e55-464a-9a42-f48e7d9b9fd5",
"location--e8a8e369-e014-4c3f-98e2-d780344dbe7a",
"tool--98496f61-df6e-4741-9fdc-b751ce5ac69d",
"location--99e79579-3626-4cbc-b307-9a0ed522e607",
"indicator--032d49c6-e2db-4ca3-ac15-f16c0d458867",
"location--ea96e271-70b7-4ed7-af72-74ba165daca2",
"location--c641f4aa-ac4d-4b50-a0eb-cb383b4a3e53",
"vulnerability--7680a803-4098-41b0-83ff-f4c1ee650dbd",
"location--2cffd105-432c-46ca-a015-faa047518780",
"identity--95c8389c-7419-490e-8d5b-8f227478ce1c",
"location--f89078f0-39f7-4a02-a7e4-dbde6a3138cd",
"identity--a8564e44-9dd4-4fa2-af91-011d076d1c14",
"location--44405860-a9a6-458f-beae-e4e62ebb780f",
"identity--7aa77399-1a75-40ae-a4c3-2fbf8783bcff",
"location--09fb5c3f-e950-4d77-9967-81596ba45e63",
"location--5dbd12b2-f0b0-4c36-847b-62aa529b4595",
"location--24ea8196-d1e3-4fe9-8c4e-06047a334d1e",
"attack-pattern--020ddb29-4b95-4601-a850-894e55402fe2",
"location--4184e662-7eed-444d-94b4-7f31e34d5299",
"attack-pattern--2a1ef775-77d8-455c-bede-0a48e2d7adc4",
"location--d28ab131-d57a-43d0-9c93-51a1e6b190f8",
"identity--76224fd2-7db9-4dfd-951a-4b084bef03ad",
"identity--cbb9b9ee-52b7-4d0e-b4a6-25b063a6fac2",
"attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c",
"attack-pattern--baad7d00-8591-4c49-8f48-fabb6a35df65",
"attack-pattern--c627c29c-1385-4d76-9046-9c2db86dab11",
"attack-pattern--d5229cf6-f11b-41bc-8aca-0df713047400",
"attack-pattern--9ba6495b-e273-4e8d-a4ce-dbcd56ec33f2",
"attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc",
"attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678",
"attack-pattern--5aa11eb6-804f-4920-a45f-1fae275ef314",
"attack-pattern--af705332-242d-4c31-9955-6dca77d560de",
"attack-pattern--75f8063e-1388-4007-8255-4523fceba24e",
"attack-pattern--c3286059-b33e-4b64-9fda-22075baf9afa",
"attack-pattern--06cf8802-38e4-4421-a699-33a0bae74d96",
"attack-pattern--2e52cc86-c2ef-43d7-9f1e-2fc59c4845ee",
"attack-pattern--943edc6f-c0f9-48f1-b8d4-4666aa0abae1",
"attack-pattern--f33f5834-6a9a-4727-88a5-9d35eeba1cff",
"attack-pattern--2d26e3d0-4bbf-44c3-aa9e-5aeab4937638",
"attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d",
"attack-pattern--13fc9cbe-9444-4eba-872b-a44565ae3ab7",
"attack-pattern--2cecb29c-a2c6-4961-bed1-a4055f51534d",
"attack-pattern--cd061a92-a819-4f73-99dc-228176018577",
"attack-pattern--f6dc45e1-1657-492f-8a70-11a40df72417",
"attack-pattern--2347c45d-3352-4be4-bbc7-02bdf3f36aa6",
"attack-pattern--f4dd51b6-8e9f-45c1-9bb6-2bc82d963f78",
"attack-pattern--e2f9dadf-6225-4d9f-a365-033908dfb193",
"attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719",
"attack-pattern--27b36b6d-ae90-4767-b07a-563ecef589ea",
"attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3",
"attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2",
"attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18",
"attack-pattern--648fba01-e867-4fc6-96df-cc8f6217bee6",
"attack-pattern--1169a811-45e2-445b-b5ec-a5ff4ae60f15",
"attack-pattern--4e2f5b9a-cf3a-4ab7-9169-8362c52dd57d",
"attack-pattern--104bfab2-6169-45c6-95cf-ffc0f8ecff74",
"malware--79499782-e996-4c2f-94ba-3e7be7771bde",
"malware--5dbad64e-c9f4-4015-b806-707b8fe8bbb1",
"malware--3d45cc78-7e6b-40f9-a00b-be498840d715",
"malware--a1c1b1d5-6945-4b3c-8d30-80b97b5b33df",
"malware--61baf74a-29b2-42eb-a266-a4c736c3482a",
"malware--9d680c5d-70c6-4b52-b4a1-0720dde5bddc",
"malware--428af258-fbe3-4ad8-87ca-d3639ca27e6f",
"malware--d12c24f1-2f3c-4ad1-8ef4-910bb8d97abf",
"malware--18dde8c1-777b-4fc9-b50f-39e3baee1894",
"malware--b76a4336-2874-442d-9792-c287f8041593",
"malware--ad1ba85f-0e4a-4cd8-a574-7b61417619da",
"malware--8c1ae5dd-f945-4bc8-9e06-b6a6d3a81516",
"malware--3b66c1e0-83b2-4dad-9296-a6443c2567f7",
"malware--29f5fdd7-a99f-43d4-bb0f-9c39039e02b6",
"malware--2bc6a7fa-3f68-4804-aa5c-f48ec2abfaf6",
"malware--0876a294-a0e1-4547-b018-9488c5962100",
"malware--c6419417-d897-4d87-951b-b5669c17d639",
"malware--cdafbc16-28be-4079-af18-37d7bf1fd79a",
"malware--dce26df0-9928-4c66-b1e9-79e091ee54b9",
"malware--829e664b-6f0b-402c-918e-daf26dbdc84e",
"malware--4c64e8f6-e0e0-4d2c-a31a-187f718bb2a0",
"malware--ecc990b6-628e-4828-8951-b87f4aaa66d9",
"malware--572c743d-72e5-43dd-bd68-aa71f45afec0",
"malware--ea1b4438-fc77-4498-b8d8-708766dca220",
"campaign--462f9727-d30f-4849-8ffa-b6234ea6a7ca",
"campaign--08e03751-d58c-4833-b3b5-b7b0383dbbe3",
"campaign--2bc3ce3f-3fe2-427b-a4c1-b24ea29981c6",
"campaign--ea907cc0-e092-4b4e-838e-4faca837f434",
"campaign--cf6c8b97-ea2c-4572-8757-777fc0405ae3",
"campaign--8cf24f40-c038-4c8f-8109-6a6e41e20f3d",
"campaign--0ff5914f-f777-406c-853f-3f55db035fc5",
"campaign--6087d6f6-89d8-4273-9953-1932610f1a39",
"course-of-action--9948bd21-35de-4c68-90f0-ac553920d7f7",
"relationship--ab850a39-6ead-44e8-b25c-c572e063b726",
"relationship--5599849c-0cb9-4265-ae4a-bd479a67073b",
"relationship--adb4b0a6-9514-4539-90b3-7edd4c5b642b",
"relationship--ce3a2511-d3ff-4b84-b85e-23f51de35b24",
"relationship--89fe9fd5-2f4c-4c5c-891e-0379e96c0df1",
"relationship--421f0b68-9129-42a1-81bd-1120a9543550",
"relationship--bd4eb690-2e6c-4b16-8e3a-9c808b2319d2",
"relationship--4cc52dba-39a8-4e9a-9c7d-d0029380708a",
"relationship--d45b1070-fa5c-4592-abeb-d4065764ea1c",
"relationship--b458ef1e-45c2-4742-9b78-3f7ba415fa58",
"relationship--a90af1c5-f990-408d-af99-814187564e96",
"relationship--2a65e2d8-9cf9-49bc-9a65-2f3874469f98",
"relationship--7e4648fb-0a45-447f-8b95-68df314a0102",
"relationship--478e87eb-29be-4cf8-ba0c-e1fae6d747ac",
"relationship--e4f712e6-e66c-4c5c-a685-4c8521dfd440",
"relationship--a7b9569f-5194-4205-ae74-68c7814ce42b",
"relationship--226f02d7-ea42-49bc-bb26-71dad99c6656",
"relationship--039f2586-20d0-438f-9a04-e09d151f0b9f",
"relationship--f47fd71f-63d6-4203-b9aa-be7ad18cf584",
"relationship--e667dac5-9ac0-432b-a288-55d91dfd40b7",
"relationship--ae383eda-fa56-4f5d-a6a5-00eb1602c657",
"relationship--001b8fdd-70de-480c-a729-18c50a482abd",
"relationship--e557d537-f28f-4eb5-b427-9c5256b0c4b9",
"relationship--a06f9ad6-9563-40d4-ac15-f6d662485a9b",
"relationship--b3065810-0273-4c68-a768-f4511e01f449",
"relationship--f0db9cf3-accc-40e0-855b-34b8abb406ee",
"relationship--ef380bb4-a1d1-45a3-9b4e-166df91db297",
"relationship--fd5300f3-62e5-49af-bdbd-64ad6adc7077",
"relationship--bffbfa5c-c8dd-47ce-86b4-1139983440e7",
"relationship--34831c39-e91d-4ec8-8364-6bdd6e6902fc",
"relationship--ab643444-8335-4076-ba7d-d127ba1d886f",
"relationship--fee4953c-91e0-47af-869b-e5a272bc8ab1",
"relationship--ee082206-7049-4be7-9ee2-9164622fbc2c",
"relationship--12453789-85a8-4f4a-9c26-8e5d8c31ab46",
"relationship--75cc2e7d-206d-459c-9831-d46b0ae0d05e",
"relationship--9184c6cc-9c7e-427e-a936-996525becc69"
],
"labels": [
"threat-report",
"threat-intelligence"
],
"created_by_ref": "identity--82f7f9be-cf27-4943-905d-bf5b7fd495d2",
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.210Z",
"modified": "2025-11-11T18:18:26.210Z",
"confidence": 95,
"type": "vulnerability",
"id": "vulnerability--8f735ec2-8220-4b83-9a8c-a0835387a0a3",
"name": "https://www.cve.org/CVERecord?id=CVE-2025-24085",
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"vulnerability"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.210Z",
"modified": "2025-11-11T18:18:26.210Z",
"confidence": 95,
"type": "vulnerability",
"id": "vulnerability--792ede9b-8de1-4c9a-91a0-e3f210f0d032",
"name": "CVE-2025-24085",
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2025-24085",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24085"
},
{
"source_name": "nvd",
"external_id": "CVE-2025-24085",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24085"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"vulnerability"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.210Z",
"modified": "2025-11-11T18:18:26.210Z",
"confidence": 95,
"type": "vulnerability",
"id": "vulnerability--5aa023ed-89ff-455f-a14b-06d7a32d06cd",
"name": "CVE-2025-21042",
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2025-21042",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21042"
},
{
"source_name": "nvd",
"external_id": "CVE-2025-21042",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21042"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"vulnerability"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.210Z",
"modified": "2025-11-11T18:18:26.210Z",
"confidence": 95,
"type": "vulnerability",
"id": "vulnerability--960fba5c-f3c4-4800-8756-f284eec96652",
"name": "CVE-2025-59305",
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2025-59305",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59305"
},
{
"source_name": "nvd",
"external_id": "CVE-2025-59305",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59305"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"vulnerability"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.210Z",
"modified": "2025-11-11T18:18:26.210Z",
"confidence": 95,
"type": "vulnerability",
"id": "vulnerability--6010829c-9633-4789-9611-a16db23db2f2",
"name": "CVE-2024-40766",
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2024-40766",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40766"
},
{
"source_name": "nvd",
"external_id": "CVE-2024-40766",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40766"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"vulnerability"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.210Z",
"modified": "2025-11-11T18:18:26.210Z",
"confidence": 95,
"type": "vulnerability",
"id": "vulnerability--79785aec-b79d-4b48-9193-077cbe55287a",
"name": "CVE-2025-20362",
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2025-20362",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20362"
},
{
"source_name": "nvd",
"external_id": "CVE-2025-20362",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20362"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"vulnerability"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.210Z",
"modified": "2025-11-11T18:18:26.210Z",
"confidence": 94,
"type": "vulnerability",
"id": "vulnerability--a9612828-7f11-4309-be11-9f187e26e457",
"name": "CVE-2025-12480",
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2025-12480",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12480"
},
{
"source_name": "nvd",
"external_id": "CVE-2025-12480",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12480"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"vulnerability"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.210Z",
"modified": "2025-11-11T18:18:26.210Z",
"confidence": 94,
"type": "vulnerability",
"id": "vulnerability--42ef99bb-338a-4d7e-907d-09e0a7806721",
"name": "CVE-2025-52881",
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2025-52881",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52881"
},
{
"source_name": "nvd",
"external_id": "CVE-2025-52881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"vulnerability"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.210Z",
"modified": "2025-11-11T18:18:26.210Z",
"confidence": 94,
"type": "vulnerability",
"id": "vulnerability--39cf974d-29cd-453a-92b0-aacee7aa323e",
"name": "CVE-2025-52565",
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2025-52565",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52565"
},
{
"source_name": "nvd",
"external_id": "CVE-2025-52565",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52565"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"vulnerability"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.210Z",
"modified": "2025-11-11T18:18:26.210Z",
"confidence": 94,
"type": "vulnerability",
"id": "vulnerability--5f025007-20c8-4ccf-bfb6-a845e768c5eb",
"name": "CVE-2025-34299",
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2025-34299",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-34299"
},
{
"source_name": "nvd",
"external_id": "CVE-2025-34299",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34299"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"vulnerability"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.210Z",
"modified": "2025-11-11T18:18:26.210Z",
"confidence": 95,
"type": "malware",
"id": "malware--605c817b-0ca8-4c4f-8961-7dd094ee058b",
"name": "Yanluowang ransomware",
"is_family": true,
"malware_types": [
"trojan"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.210Z",
"modified": "2025-11-11T18:18:26.210Z",
"confidence": 95,
"type": "identity",
"id": "identity--7a97dfb8-5ca7-49d1-aa53-fe9c78a3853d",
"name": "U.S. Cybersecurity and Infrastructure Security Agency",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.210Z",
"modified": "2025-11-11T18:18:26.210Z",
"confidence": 94,
"type": "vulnerability",
"id": "vulnerability--2ce0c1a5-da9a-4507-8424-5cac0a7bdc24",
"name": "CVE-2025-41244",
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2025-41244",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-41244"
},
{
"source_name": "nvd",
"external_id": "CVE-2025-41244",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41244"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"vulnerability"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.210Z",
"modified": "2025-11-11T18:18:26.210Z",
"confidence": 95,
"type": "threat-actor",
"id": "threat-actor--26eca839-6996-4355-b556-31d7e4bd0671",
"name": "the Lazarus Group",
"threat_actor_types": [
"hacker"
],
"labels": [
"threat-actor"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.210Z",
"modified": "2025-11-11T18:18:26.210Z",
"confidence": 94,
"type": "vulnerability",
"id": "vulnerability--75209a3b-2817-47f1-b38d-3b0e59249e1d",
"name": "CVE-2025-31133",
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2025-31133",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31133"
},
{
"source_name": "nvd",
"external_id": "CVE-2025-31133",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31133"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"vulnerability"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.210Z",
"modified": "2025-11-11T18:18:26.210Z",
"confidence": 95,
"type": "identity",
"id": "identity--78652a32-1d49-42fb-a7b1-5c6f8bfb3581",
"name": "CISA",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.210Z",
"modified": "2025-11-11T18:18:26.210Z",
"confidence": 92,
"type": "vulnerability",
"id": "vulnerability--ed3de346-93c1-4c44-867e-0a775a7fa8e3",
"name": "CVE-2025-32463",
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2025-32463",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32463"
},
{
"source_name": "nvd",
"external_id": "CVE-2025-32463",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32463"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"vulnerability"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.210Z",
"modified": "2025-11-11T18:18:26.210Z",
"confidence": 92,
"type": "vulnerability",
"id": "vulnerability--1256edd4-a495-44a4-86b1-0740bb38277e",
"name": "CVE-2025-53609",
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2025-53609",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53609"
},
{
"source_name": "nvd",
"external_id": "CVE-2025-53609",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53609"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"vulnerability"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.210Z",
"modified": "2025-11-11T18:18:26.210Z",
"confidence": 95,
"type": "malware",
"id": "malware--44927346-2d9c-445c-8c5e-7dcdc2fbdec2",
"name": "GootLoader has resurfaced yet again after a brief spike in activity earlier this March",
"is_family": true,
"malware_types": [
"dropper"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.210Z",
"modified": "2025-11-11T18:18:26.210Z",
"confidence": 95,
"type": "malware",
"id": "malware--6be03c76-ed62-49ad-8d6a-8d6edc139482",
"name": "Gootloader",
"is_family": true,
"malware_types": [
"dropper"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.210Z",
"modified": "2025-11-11T18:18:26.210Z",
"confidence": 95,
"type": "malware",
"id": "malware--3e45ebc9-bae3-4704-86a9-44abdb347667",
"name": "Mirai",
"is_family": true,
"malware_types": [
"bot"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.210Z",
"modified": "2025-11-11T18:18:26.210Z",
"confidence": 95,
"type": "malware",
"id": "malware--a1fb60fd-66bc-4b59-93c9-962366cafc2a",
"name": "Akira ransomware",
"is_family": true,
"malware_types": [
"trojan"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "threat-actor",
"id": "threat-actor--ff08fc2e-94c4-4b43-9534-46cf3ca829d7",
"name": "Callisto/Star Blizzard/UNC4057",
"threat_actor_types": [
"hacker"
],
"labels": [
"threat-actor"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "threat-actor",
"id": "threat-actor--d31be0f2-c18f-47fc-8c98-44257348d6ca",
"name": "LulzSec",
"threat_actor_types": [
"hacker"
],
"labels": [
"threat-actor"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "threat-actor",
"id": "threat-actor--632cf54c-908b-4cc4-aed0-0d1937468924",
"name": "Charming Kitten",
"threat_actor_types": [
"hacker"
],
"labels": [
"threat-actor"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "threat-actor",
"id": "threat-actor--4252968b-3f54-481e-bb3b-2e3b30c275e3",
"name": "Lazarus",
"threat_actor_types": [
"hacker"
],
"labels": [
"threat-actor"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "identity",
"id": "identity--2d677b32-42d6-4ae8-a662-4c9bb04de1b8",
"name": "Trend Micro",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "malware",
"id": "malware--7cc3f9a2-daea-458e-a385-314141c7ae13",
"name": "XCSSET",
"is_family": true,
"malware_types": [
"trojan"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "identity",
"id": "identity--6e0f3149-d6f1-4ada-9805-3e656b4318ae",
"name": "U.S. Cyber Command",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "identity",
"id": "identity--5fb634f4-4efc-4668-9397-71cf3601ffae",
"name": "NSA",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "intrusion-set",
"id": "intrusion-set--7ff82b53-a7ae-4331-be8f-9624439d3106",
"name": "Scattered Spider",
"labels": [
"intrusion-set"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "identity",
"id": "identity--1abdf29f-9fe3-478e-b225-610c02d5b71e",
"name": "Australian Signals Directorate",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "identity",
"id": "identity--15a8eecf-1ec3-47c8-a984-463663f1f6ef",
"name": "NIST",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "attack-pattern",
"id": "attack-pattern--86775379-7666-49ed-b92b-48c360342708",
"name": "XSS",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "unknown"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": []
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "malware",
"id": "malware--9fea6585-318d-4805-b8d1-1cdd2b3881ca",
"name": "GlassWorm malware",
"is_family": true,
"malware_types": [
"trojan"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "malware",
"id": "malware--743fd0cd-4279-4ce4-aed2-d58784f3031c",
"name": "PureRAT",
"is_family": true,
"malware_types": [
"remote-access-trojan"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "threat-actor",
"id": "threat-actor--2607de8b-b3f2-45d2-beb8-6277dfbeb4b9",
"name": "Cl0p",
"threat_actor_types": [
"hacker"
],
"labels": [
"threat-actor"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "malware",
"id": "malware--46a0b253-36c0-4c14-bdf6-40460c8bb029",
"name": "LANDFALL",
"is_family": true,
"malware_types": [
"trojan"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "identity",
"id": "identity--de165938-73e8-4c1e-92f2-1b7832514832",
"name": "CrowdStrike",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "identity",
"id": "identity--15d433d8-67cd-4bf6-a69d-b0c73b67f58e",
"name": "Mandiant",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "malware",
"id": "malware--622d89f5-39ec-4c12-9e59-72477cefd1ab",
"name": "DCRat",
"is_family": true,
"malware_types": [
"remote-access-trojan"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "malware",
"id": "malware--9c0dd3c2-3017-43bd-9b16-4b60a3d61120",
"name": "Datzbro",
"is_family": true,
"malware_types": [
"trojan"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "threat-actor",
"id": "threat-actor--1c24883b-5440-48be-89b4-b0c9d2b0646b",
"name": "ShinyHunters",
"threat_actor_types": [
"hacker"
],
"labels": [
"threat-actor"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "identity",
"id": "identity--23f126ae-d9bd-497b-9eb9-63af757eb466",
"name": "Flashpoint",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "malware",
"id": "malware--fa4c643a-e54a-4f71-aa1c-4bb424bb6db5",
"name": "Rhadamanthys",
"is_family": true,
"malware_types": [
"trojan"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "malware",
"id": "malware--d1b982de-9a91-4b3f-afe9-f09f8d466881",
"name": "AtomicStealer",
"is_family": true,
"malware_types": [
"stealer"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "malware",
"id": "malware--c1213cab-cfa6-47a2-b43b-7af4967ec05a",
"name": "XMRig",
"is_family": true,
"malware_types": [
"crypto-miner"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "identity",
"id": "identity--cba0f55e-7bb3-4ae6-b0f8-048dae21e7f3",
"name": "Proofpoint",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "identity",
"id": "identity--ad194b40-4a7d-4618-9298-c15574c0cf77",
"name": "Nozomi Networks",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "malware",
"id": "malware--ffa5aef9-e5ae-485c-b748-1db12e072806",
"name": "Akira Ransomware’s",
"is_family": true,
"malware_types": [
"trojan"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "identity",
"id": "identity--6c5b43ba-1151-49f5-aea4-5130de5e46ba",
"name": "Rapid7",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "identity",
"id": "identity--ec073fc7-bb30-4c07-8aa0-9d1d51058897",
"name": "Microsoft Threat Intelligence",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "threat-actor",
"id": "threat-actor--aed4bc51-33b0-4736-bcb7-17aea7c56aa9",
"name": "Qilin",
"threat_actor_types": [
"hacker"
],
"labels": [
"threat-actor"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "identity",
"id": "identity--6b8db019-ba56-4716-bbd3-bab18737fef4",
"name": "OWASP",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "tool",
"id": "tool--9fb8a1b4-5c61-44e4-90e1-494f8de4d8d6",
"name": "any.run",
"tool_types": [
"unknown"
],
"labels": [
"tool"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 93,
"type": "malware",
"id": "malware--bbe568e2-469f-4f6e-894f-9004f60be5a5",
"name": "Ransomware",
"is_family": true,
"malware_types": [
"trojan"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "tool",
"id": "tool--9f804692-3dad-41b3-b550-5a7ca93e97a9",
"name": "Wazuh",
"tool_types": [
"unknown"
],
"labels": [
"tool"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "threat-actor",
"id": "threat-actor--59aae272-74d1-4419-b6d7-48ca8d0af280",
"name": "Qilin group",
"threat_actor_types": [
"hacker"
],
"labels": [
"threat-actor"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "malware",
"id": "malware--4267370b-1057-49a4-942f-fcb4c563aacc",
"name": "MatrixPDF",
"is_family": true,
"malware_types": [
"trojan"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "tool",
"id": "tool--c2210051-55ab-4475-801e-0134045250d9",
"name": "Defender for Office 365",
"tool_types": [
"unknown"
],
"labels": [
"tool"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "identity",
"id": "identity--37a6c73b-081d-4c71-a467-5ccabd7ab329",
"name": "ZDI",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "identity",
"id": "identity--a57d502c-4e82-41ec-9234-875d491343fa",
"name": "CBO",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "identity",
"id": "identity--9fa139c1-5ce0-4ccf-9d02-1e0f8c2f38f6",
"name": "SonicWall",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "malware",
"id": "malware--8a13dba8-08ba-42eb-b07b-0712d0ad6082",
"name": "Datzbro that can conduct device takeover",
"is_family": true,
"malware_types": [
"trojan"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "malware",
"id": "malware--9c959f03-a85c-4ccb-b73e-c55b0e32e5c2",
"name": "RayInitiator",
"is_family": true,
"malware_types": [
"trojan"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "threat-actor",
"id": "threat-actor--fa23fba6-5aba-458c-b415-59ec946c866d",
"name": "Aleksei Olegovich Volkov",
"threat_actor_types": [
"hacker"
],
"labels": [
"threat-actor"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "tool",
"id": "tool--8296b0e0-ae1f-45b6-8de0-1c1a4a5e05c5",
"name": "Kali",
"tool_types": [
"exploitation",
"vulnerability-scanning",
"network-capture"
],
"labels": [
"tool"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "malware",
"id": "malware--6f4456e2-6dc0-4521-ba8e-cabeff00859c",
"name": "RingReaper",
"is_family": true,
"malware_types": [
"trojan"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "identity",
"id": "identity--bf415032-9753-40fd-aa77-45a09f6f767d",
"name": "QNAP",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "threat-actor",
"id": "threat-actor--d61efa5c-464b-456c-a119-3d0fa06440fc",
"name": "chubaka.kor",
"threat_actor_types": [
"hacker"
],
"labels": [
"threat-actor"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 90,
"type": "malware",
"id": "malware--1cddedd9-b8e1-4176-90a1-a8b5ed7613a4",
"name": "GlassWorm",
"is_family": true,
"malware_types": [
"trojan"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "attack-pattern",
"id": "attack-pattern--22092a47-7fd2-4602-90b1-61623bb89079",
"name": "DoS",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "unknown"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": []
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "malware",
"id": "malware--2d7ce7de-e032-4043-8963-4c014393a48f",
"name": "Paragon’s Graphite",
"is_family": true,
"malware_types": [
"trojan"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "malware",
"id": "malware--5e5e274e-42ad-4cf9-86fc-12db386831e5",
"name": "Gootloader Returns",
"is_family": true,
"malware_types": [
"dropper"
],
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "location",
"id": "location--c92adf8f-1739-4c88-895d-06a7f2948f2e",
"name": "U.S.",
"region": "unknown",
"labels": [
"location"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "attack-pattern",
"id": "attack-pattern--78a1ad04-d1a7-4bf8-8006-34af1fd1d770",
"name": "Privilege Escalation",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "unknown"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": []
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "identity",
"id": "identity--ce2e69c6-c194-4ca1-8ccd-65c1ce21af1b",
"name": "Mend.io",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "location",
"id": "location--554766a1-5093-4b60-9732-aa6d14becb18",
"name": "South Korea",
"country": "KR",
"labels": [
"location"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "tool",
"id": "tool--91088445-edc4-4d00-864c-785446cbb1af",
"name": "Universal Forwarders",
"tool_types": [
"unknown"
],
"labels": [
"tool"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "identity",
"id": "identity--f8278a12-ae20-4c3f-9977-3dd4feafc099",
"name": "OneBlood",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "identity",
"id": "identity--01b0e443-1611-4441-beba-d4f250c69101",
"name": "Security Affairs",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "tool",
"id": "tool--2bd39da2-1744-453b-8891-2872e72c94bb",
"name": "ELK",
"tool_types": [
"unknown"
],
"labels": [
"tool"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 95,
"type": "location",
"id": "location--79365b11-f080-4c12-97f5-45b7784679a6",
"name": "Oman",
"region": "unknown",
"labels": [
"location"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.211Z",
"confidence": 93,
"type": "threat-actor",
"id": "threat-actor--a2bc0cc6-3e55-464a-9a42-f48e7d9b9fd5",
"name": "DragonForce",
"threat_actor_types": [
"hacker"
],
"labels": [
"threat-actor"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.211Z",
"modified": "2025-11-11T18:18:26.212Z",
"confidence": 95,
"type": "location",
"id": "location--e8a8e369-e014-4c3f-98e2-d780344dbe7a",
"name": "Moldova",
"region": "unknown",
"labels": [
"location"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.212Z",
"modified": "2025-11-11T18:18:26.212Z",
"confidence": 95,
"type": "tool",
"id": "tool--98496f61-df6e-4741-9fdc-b751ce5ac69d",
"name": "Cisco Secure Firewall Threat Defense",
"tool_types": [
"unknown"
],
"labels": [
"tool"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.212Z",
"modified": "2025-11-11T18:18:26.212Z",
"confidence": 95,
"type": "location",
"id": "location--99e79579-3626-4cbc-b307-9a0ed522e607",
"name": "Dublin",
"region": "unknown",
"labels": [
"location"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.212Z",
"modified": "2025-11-11T18:18:26.212Z",
"confidence": 77,
"type": "indicator",
"id": "indicator--032d49c6-e2db-4ca3-ac15-f16c0d458867",
"name": "141.98.82.26",
"pattern": "[ipv4-addr:value = '141.98.82.26']",
"pattern_type": "stix",
"indicator_types": [
"ipv4-addr"
],
"valid_from": "2025-11-11T18:18:26.212135+00:00",
"labels": [
"malicious-activity"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.212Z",
"modified": "2025-11-11T18:18:26.212Z",
"confidence": 95,
"type": "location",
"id": "location--ea96e271-70b7-4ed7-af72-74ba165daca2",
"name": "Brussels",
"region": "unknown",
"labels": [
"location"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.212Z",
"modified": "2025-11-11T18:18:26.212Z",
"confidence": 95,
"type": "location",
"id": "location--c641f4aa-ac4d-4b50-a0eb-cb383b4a3e53",
"name": "Norway",
"region": "unknown",
"labels": [
"location"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.212Z",
"modified": "2025-11-11T18:18:26.212Z",
"confidence": 80,
"type": "vulnerability",
"id": "vulnerability--7680a803-4098-41b0-83ff-f4c1ee650dbd",
"name": "the Gemini Trifecta",
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"vulnerability"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.212Z",
"modified": "2025-11-11T18:18:26.212Z",
"confidence": 95,
"type": "location",
"id": "location--2cffd105-432c-46ca-a015-faa047518780",
"name": "Afghanistan",
"region": "unknown",
"labels": [
"location"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.212Z",
"modified": "2025-11-11T18:18:26.212Z",
"confidence": 95,
"type": "identity",
"id": "identity--95c8389c-7419-490e-8d5b-8f227478ce1c",
"name": "Logitech",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.212Z",
"modified": "2025-11-11T18:18:26.212Z",
"confidence": 95,
"type": "location",
"id": "location--f89078f0-39f7-4a02-a7e4-dbde6a3138cd",
"name": "Denmark",
"region": "unknown",
"labels": [
"location"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.212Z",
"modified": "2025-11-11T18:18:26.212Z",
"confidence": 95,
"type": "identity",
"id": "identity--a8564e44-9dd4-4fa2-af91-011d076d1c14",
"name": "Suspected in Breach of Congressional Budget Office The Congressional Budget Office has been the subject of an apparent cyber incident",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.212Z",
"modified": "2025-11-11T18:18:26.212Z",
"confidence": 95,
"type": "location",
"id": "location--44405860-a9a6-458f-beae-e4e62ebb780f",
"name": "the United Arab Emirates",
"region": "unknown",
"labels": [
"location"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.212Z",
"modified": "2025-11-11T18:18:26.212Z",
"confidence": 95,
"type": "identity",
"id": "identity--7aa77399-1a75-40ae-a4c3-2fbf8783bcff",
"name": "Jaguar Land Rover",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.212Z",
"modified": "2025-11-11T18:18:26.212Z",
"confidence": 95,
"type": "location",
"id": "location--09fb5c3f-e950-4d77-9967-81596ba45e63",
"name": "Israel",
"country": "IL",
"labels": [
"location"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.212Z",
"modified": "2025-11-11T18:18:26.212Z",
"confidence": 95,
"type": "location",
"id": "location--5dbd12b2-f0b0-4c36-847b-62aa529b4595",
"name": "Berlin",
"region": "unknown",
"labels": [
"location"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.212Z",
"modified": "2025-11-11T18:18:26.212Z",
"confidence": 95,
"type": "location",
"id": "location--24ea8196-d1e3-4fe9-8c4e-06047a334d1e",
"name": "Ireland",
"region": "unknown",
"labels": [
"location"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.212Z",
"modified": "2025-11-11T18:18:26.212Z",
"confidence": 91,
"type": "attack-pattern",
"id": "attack-pattern--020ddb29-4b95-4601-a850-894e55402fe2",
"name": "using maliciously crafted input",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "unknown"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": []
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.212Z",
"modified": "2025-11-11T18:18:26.212Z",
"confidence": 91,
"type": "location",
"id": "location--4184e662-7eed-444d-94b4-7f31e34d5299",
"name": "Germany",
"country": "DE",
"labels": [
"location"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.212Z",
"modified": "2025-11-11T18:18:26.212Z",
"confidence": 91,
"type": "attack-pattern",
"id": "attack-pattern--2a1ef775-77d8-455c-bede-0a48e2d7adc4",
"name": "a position to observe your network traffic to conclude language model conversation topics",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "unknown"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": []
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.212Z",
"modified": "2025-11-11T18:18:26.212Z",
"confidence": 87,
"type": "location",
"id": "location--d28ab131-d57a-43d0-9c93-51a1e6b190f8",
"name": "Union County",
"region": "unknown",
"labels": [
"location"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.212Z",
"modified": "2025-11-11T18:18:26.212Z",
"confidence": 95,
"type": "identity",
"id": "identity--76224fd2-7db9-4dfd-951a-4b084bef03ad",
"name": "The US Congressional Budget Office",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.212Z",
"modified": "2025-11-11T18:18:26.212Z",
"confidence": 95,
"type": "identity",
"id": "identity--cbb9b9ee-52b7-4d0e-b4a6-25b063a6fac2",
"name": "KnowBe4",
"identity_class": "organization",
"labels": [
"organization"
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:26.212Z",
"modified": "2025-11-11T18:18:26.212Z",
"confidence": 90,
"type": "attack-pattern",
"id": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c",
"name": "Spearphishing Attachment",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "initial-access"
}
],
"x_mitre_id": "T1566.001",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1566/001/",
"external_id": "T1566.001"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:27.098Z",
"modified": "2025-11-11T18:18:27.098Z",
"confidence": 90,
"type": "attack-pattern",
"id": "attack-pattern--baad7d00-8591-4c49-8f48-fabb6a35df65",
"name": "Spearphishing Link",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "initial-access"
}
],
"x_mitre_id": "T1566.002",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1566/002/",
"external_id": "T1566.002"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:27.098Z",
"modified": "2025-11-11T18:18:27.098Z",
"confidence": 90,
"type": "attack-pattern",
"id": "attack-pattern--c627c29c-1385-4d76-9046-9c2db86dab11",
"name": "Spearphishing via Service",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "initial-access"
}
],
"x_mitre_id": "T1566.003",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1566/003/",
"external_id": "T1566.003"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:27.098Z",
"modified": "2025-11-11T18:18:27.098Z",
"confidence": 90,
"type": "attack-pattern",
"id": "attack-pattern--d5229cf6-f11b-41bc-8aca-0df713047400",
"name": "Boot or Logon Autostart Execution",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "persistence"
},
{
"kill_chain_name": "mitre-attack",
"phase_name": "privilege-escalation"
}
],
"x_mitre_id": "T1547",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1547/",
"external_id": "T1547"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:27.098Z",
"modified": "2025-11-11T18:18:27.098Z",
"confidence": 90,
"type": "attack-pattern",
"id": "attack-pattern--9ba6495b-e273-4e8d-a4ce-dbcd56ec33f2",
"name": "Scheduled Task/Job",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "execution"
},
{
"kill_chain_name": "mitre-attack",
"phase_name": "persistence"
},
{
"kill_chain_name": "mitre-attack",
"phase_name": "privilege-escalation"
}
],
"x_mitre_id": "T1053",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1053/",
"external_id": "T1053"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:27.098Z",
"modified": "2025-11-11T18:18:27.098Z",
"confidence": 90,
"type": "attack-pattern",
"id": "attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc",
"name": "Exploit Public-Facing Application",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "initial-access"
}
],
"x_mitre_id": "T1190",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1190/",
"external_id": "T1190"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:27.098Z",
"modified": "2025-11-11T18:18:27.098Z",
"confidence": 90,
"type": "attack-pattern",
"id": "attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678",
"name": "Exploitation for Client Execution",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "execution"
}
],
"x_mitre_id": "T1203",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1203/",
"external_id": "T1203"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:27.098Z",
"modified": "2025-11-11T18:18:27.098Z",
"confidence": 90,
"type": "attack-pattern",
"id": "attack-pattern--5aa11eb6-804f-4920-a45f-1fae275ef314",
"name": "Remote Services",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "lateral-movement"
}
],
"x_mitre_id": "T1021",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1021/",
"external_id": "T1021"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:27.098Z",
"modified": "2025-11-11T18:18:27.098Z",
"confidence": 90,
"type": "attack-pattern",
"id": "attack-pattern--af705332-242d-4c31-9955-6dca77d560de",
"name": "Modify Registry",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "defense-evasion"
},
{
"kill_chain_name": "mitre-attack",
"phase_name": "persistence"
}
],
"x_mitre_id": "T1112",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1112/",
"external_id": "T1112"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:27.098Z",
"modified": "2025-11-11T18:18:27.098Z",
"confidence": 90,
"type": "attack-pattern",
"id": "attack-pattern--75f8063e-1388-4007-8255-4523fceba24e",
"name": "Registry Run Keys / Startup Folder",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "persistence"
},
{
"kill_chain_name": "mitre-attack",
"phase_name": "privilege-escalation"
}
],
"x_mitre_id": "T1547.001",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1547/001/",
"external_id": "T1547.001"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:27.098Z",
"modified": "2025-11-11T18:18:27.098Z",
"confidence": 90,
"type": "attack-pattern",
"id": "attack-pattern--c3286059-b33e-4b64-9fda-22075baf9afa",
"name": "Ingress Tool Transfer",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "command-and-control"
}
],
"x_mitre_id": "T1105",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1105/",
"external_id": "T1105"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:27.098Z",
"modified": "2025-11-11T18:18:27.098Z",
"confidence": 90,
"type": "attack-pattern",
"id": "attack-pattern--06cf8802-38e4-4421-a699-33a0bae74d96",
"name": "System Information Discovery",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "discovery"
}
],
"x_mitre_id": "T1082",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1082/",
"external_id": "T1082"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:27.098Z",
"modified": "2025-11-11T18:18:27.098Z",
"confidence": 90,
"type": "attack-pattern",
"id": "attack-pattern--2e52cc86-c2ef-43d7-9f1e-2fc59c4845ee",
"name": "File and Directory Discovery",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "discovery"
}
],
"x_mitre_id": "T1083",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1083/",
"external_id": "T1083"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:27.098Z",
"modified": "2025-11-11T18:18:27.098Z",
"confidence": 90,
"type": "attack-pattern",
"id": "attack-pattern--943edc6f-c0f9-48f1-b8d4-4666aa0abae1",
"name": "Process Discovery",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "discovery"
}
],
"x_mitre_id": "T1057",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1057/",
"external_id": "T1057"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:27.098Z",
"modified": "2025-11-11T18:18:27.098Z",
"confidence": 90,
"type": "attack-pattern",
"id": "attack-pattern--f33f5834-6a9a-4727-88a5-9d35eeba1cff",
"name": "Abuse Elevation Control Mechanism",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "privilege-escalation"
},
{
"kill_chain_name": "mitre-attack",
"phase_name": "defense-evasion"
}
],
"x_mitre_id": "T1548",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1548/",
"external_id": "T1548"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:27.098Z",
"modified": "2025-11-11T18:18:27.098Z",
"confidence": 90,
"type": "attack-pattern",
"id": "attack-pattern--2d26e3d0-4bbf-44c3-aa9e-5aeab4937638",
"name": "Access Token Manipulation",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "defense-evasion"
},
{
"kill_chain_name": "mitre-attack",
"phase_name": "privilege-escalation"
}
],
"x_mitre_id": "T1134",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1134/",
"external_id": "T1134"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:27.098Z",
"modified": "2025-11-11T18:18:27.098Z",
"confidence": 90,
"type": "attack-pattern",
"id": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d",
"name": "Command and Scripting Interpreter",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "execution"
}
],
"x_mitre_id": "T1059",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1059/",
"external_id": "T1059"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:27.098Z",
"modified": "2025-11-11T18:18:27.098Z",
"confidence": 90,
"type": "attack-pattern",
"id": "attack-pattern--13fc9cbe-9444-4eba-872b-a44565ae3ab7",
"name": "Supply Chain Compromise",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "initial-access"
}
],
"x_mitre_id": "T1195",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1195/",
"external_id": "T1195"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:27.099Z",
"modified": "2025-11-11T18:18:27.099Z",
"confidence": 90,
"type": "attack-pattern",
"id": "attack-pattern--2cecb29c-a2c6-4961-bed1-a4055f51534d",
"name": "Exfiltration Over C2 Channel",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "exfiltration"
}
],
"x_mitre_id": "T1041",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1041/",
"external_id": "T1041"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:27.099Z",
"modified": "2025-11-11T18:18:27.099Z",
"confidence": 90,
"type": "attack-pattern",
"id": "attack-pattern--cd061a92-a819-4f73-99dc-228176018577",
"name": "Exfiltration Over Alternative Protocol",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "exfiltration"
}
],
"x_mitre_id": "T1048",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1048/",
"external_id": "T1048"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:27.099Z",
"modified": "2025-11-11T18:18:27.099Z",
"confidence": 85,
"type": "attack-pattern",
"id": "attack-pattern--f6dc45e1-1657-492f-8a70-11a40df72417",
"name": "Standard Encoding",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "command-and-control"
}
],
"x_mitre_id": "T1132.001",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1132/001/",
"external_id": "T1132.001"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:27.099Z",
"modified": "2025-11-11T18:18:27.099Z",
"confidence": 85,
"type": "attack-pattern",
"id": "attack-pattern--2347c45d-3352-4be4-bbc7-02bdf3f36aa6",
"name": "Data Encoding",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "command-and-control"
}
],
"x_mitre_id": "T1132",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1132/",
"external_id": "T1132"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:27.099Z",
"modified": "2025-11-11T18:18:27.099Z",
"confidence": 85,
"type": "attack-pattern",
"id": "attack-pattern--f4dd51b6-8e9f-45c1-9bb6-2bc82d963f78",
"name": "Non-Standard Encoding",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "command-and-control"
}
],
"x_mitre_id": "T1132.002",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1132/002/",
"external_id": "T1132.002"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:27.099Z",
"modified": "2025-11-11T18:18:27.099Z",
"confidence": 85,
"type": "attack-pattern",
"id": "attack-pattern--e2f9dadf-6225-4d9f-a365-033908dfb193",
"name": "Malicious Copy and Paste",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "execution"
}
],
"x_mitre_id": "T1204.004",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1204/004/",
"external_id": "T1204.004"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:27.099Z",
"modified": "2025-11-11T18:18:27.099Z",
"confidence": 75,
"type": "attack-pattern",
"id": "attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719",
"name": "Vulnerabilities",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "resource-development"
}
],
"x_mitre_id": "T1588.006",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1588/006/",
"external_id": "T1588.006"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:27.099Z",
"modified": "2025-11-11T18:18:27.099Z",
"confidence": 70,
"type": "attack-pattern",
"id": "attack-pattern--27b36b6d-ae90-4767-b07a-563ecef589ea",
"name": "Scheduled Task",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "execution"
},
{
"kill_chain_name": "mitre-attack",
"phase_name": "persistence"
},
{
"kill_chain_name": "mitre-attack",
"phase_name": "privilege-escalation"
}
],
"x_mitre_id": "T1053.005",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1053/005/",
"external_id": "T1053.005"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:27.099Z",
"modified": "2025-11-11T18:18:27.099Z",
"confidence": 70,
"type": "attack-pattern",
"id": "attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3",
"name": "Archive via Utility",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "collection"
}
],
"x_mitre_id": "T1560.001",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1560/001/",
"external_id": "T1560.001"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:27.099Z",
"modified": "2025-11-11T18:18:27.099Z",
"confidence": 70,
"type": "attack-pattern",
"id": "attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2",
"name": "Screen Capture",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "collection"
}
],
"x_mitre_id": "T1113",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1113/",
"external_id": "T1113"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:27.099Z",
"modified": "2025-11-11T18:18:27.099Z",
"confidence": 70,
"type": "attack-pattern",
"id": "attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18",
"name": "Adversary-in-the-Middle",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "credential-access"
},
{
"kill_chain_name": "mitre-attack",
"phase_name": "collection"
}
],
"x_mitre_id": "T1557",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1557/",
"external_id": "T1557"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:27.099Z",
"modified": "2025-11-11T18:18:27.099Z",
"confidence": 69,
"type": "attack-pattern",
"id": "attack-pattern--648fba01-e867-4fc6-96df-cc8f6217bee6",
"name": "Artificial Intelligence",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "resource-development"
}
],
"x_mitre_id": "T1588.007",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1588/007/",
"external_id": "T1588.007"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:27.099Z",
"modified": "2025-11-11T18:18:27.099Z",
"confidence": 68,
"type": "attack-pattern",
"id": "attack-pattern--1169a811-45e2-445b-b5ec-a5ff4ae60f15",
"name": "Remote Access Tools",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "command-and-control"
}
],
"x_mitre_id": "T1219",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1219/",
"external_id": "T1219"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:27.099Z",
"modified": "2025-11-11T18:18:27.099Z",
"confidence": 68,
"type": "attack-pattern",
"id": "attack-pattern--4e2f5b9a-cf3a-4ab7-9169-8362c52dd57d",
"name": "Search Threat Vendor Data",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "reconnaissance"
}
],
"x_mitre_id": "T1681",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1681/",
"external_id": "T1681"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"spec_version": "2.1",
"created": "2025-11-11T18:18:27.099Z",
"modified": "2025-11-11T18:18:27.099Z",
"confidence": 67,
"type": "attack-pattern",
"id": "attack-pattern--104bfab2-6169-45c6-95cf-ffc0f8ecff74",
"name": "SQL Stored Procedures",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "persistence"
}
],
"x_mitre_id": "T1505.001",
"external_references": [
{
"source_name": "MITRE ATT&CK",
"url": "https://attack.mitre.org/techniques/T1505/001/",
"external_id": "T1505.001"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"mitre-attack"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--79499782-e996-4c2f-94ba-3e7be7771bde",
"created": "2025-11-11T18:17:49.383Z",
"modified": "2025-11-11T18:17:49.383Z",
"name": "BigBear.ai",
"description": "Malware BigBear.ai identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://cyberscoop.com/?p=86731",
"description": "BigBear.ai to buy Ask Sage, strengthening security-centric AI for federal agencies"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--5dbad64e-c9f4-4015-b806-707b8fe8bbb1",
"created": "2025-11-11T18:17:53.478Z",
"modified": "2025-11-11T18:17:53.478Z",
"name": "MCP",
"description": "Malware MCP identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://www.reddit.com/r/cybersecurity/comments/1otvdqw/mcp_server_security_series/",
"description": "MCP Server Security Series"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--3d45cc78-7e6b-40f9-a00b-be498840d715",
"created": "2025-11-11T18:17:54.290Z",
"modified": "2025-11-11T18:17:54.290Z",
"name": "Fantasy",
"description": "Malware Fantasy identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://thehackernews.com/2025/11/android-trojan-fantasy-hub-malware.html",
"description": "Android Trojan 'Fantasy Hub' Malware Service Turns Telegram Into a Hub for Hackers"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--a1c1b1d5-6945-4b3c-8d30-80b97b5b33df",
"created": "2025-11-11T18:17:54.290Z",
"modified": "2025-11-11T18:17:54.290Z",
"name": "Telegram",
"description": "Malware Telegram identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://thehackernews.com/2025/11/android-trojan-fantasy-hub-malware.html",
"description": "Android Trojan 'Fantasy Hub' Malware Service Turns Telegram Into a Hub for Hackers"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--61baf74a-29b2-42eb-a266-a4c736c3482a",
"created": "2025-11-11T18:17:54.290Z",
"modified": "2025-11-11T18:17:54.290Z",
"name": "Android",
"description": "Malware Android identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://thehackernews.com/2025/11/android-trojan-fantasy-hub-malware.html",
"description": "Android Trojan 'Fantasy Hub' Malware Service Turns Telegram Into a Hub for Hackers"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--9d680c5d-70c6-4b52-b4a1-0720dde5bddc",
"created": "2025-11-11T18:17:54.290Z",
"modified": "2025-11-11T18:17:54.290Z",
"name": "RAT",
"description": "Malware RAT identified in threat intelligence",
"malware_types": [
"trojan"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://thehackernews.com/2025/11/android-trojan-fantasy-hub-malware.html",
"description": "Android Trojan 'Fantasy Hub' Malware Service Turns Telegram Into a Hub for Hackers"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--428af258-fbe3-4ad8-87ca-d3639ca27e6f",
"created": "2025-11-11T18:17:54.290Z",
"modified": "2025-11-11T18:17:54.290Z",
"name": "Malware",
"description": "Malware Malware identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://thehackernews.com/2025/11/android-trojan-fantasy-hub-malware.html",
"description": "Android Trojan 'Fantasy Hub' Malware Service Turns Telegram Into a Hub for Hackers"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--d12c24f1-2f3c-4ad1-8ef4-910bb8d97abf",
"created": "2025-11-11T18:17:56.478Z",
"modified": "2025-11-11T18:17:56.478Z",
"name": "KAIST’s",
"description": "Malware KAIST’s identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://lifeboat.com/blog/2025/11/automatic-c-to-rust-translation-technology-provides-accuracy-beyond-ai",
"description": "Automatic C to Rust translation technology provides accuracy beyond AI"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--18dde8c1-777b-4fc9-b50f-39e3baee1894",
"created": "2025-11-11T18:17:57.444Z",
"modified": "2025-11-11T18:17:57.444Z",
"name": "GitHub",
"description": "Malware GitHub identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://securityaffairs.com/?p=184427",
"description": "GlassWorm malware has resurfaced on the Open VSX registry"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--b76a4336-2874-442d-9792-c287f8041593",
"created": "2025-11-11T18:17:57.445Z",
"modified": "2025-11-11T18:17:57.445Z",
"name": "VS Code",
"description": "Malware VS Code identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://securityaffairs.com/?p=184427",
"description": "GlassWorm malware has resurfaced on the Open VSX registry"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--ad1ba85f-0e4a-4cd8-a574-7b61417619da",
"created": "2025-11-11T18:17:59.437Z",
"modified": "2025-11-11T18:17:59.437Z",
"name": "Microsoft Teams",
"description": "Malware Microsoft Teams identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://www.reddit.com/r/cybersecurity/comments/1otsl0v/security_solutions_for_microsoft_teams_and/",
"description": "Security solutions for Microsoft teams and sharepoint"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--8c1ae5dd-f945-4bc8-9e06-b6a6d3a81516",
"created": "2025-11-11T18:17:59.437Z",
"modified": "2025-11-11T18:17:59.437Z",
"name": "SharePoint",
"description": "Malware SharePoint identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://www.reddit.com/r/cybersecurity/comments/1otsl0v/security_solutions_for_microsoft_teams_and/",
"description": "Security solutions for Microsoft teams and sharepoint"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--3b66c1e0-83b2-4dad-9296-a6443c2567f7",
"created": "2025-11-11T18:18:01.809Z",
"modified": "2025-11-11T18:18:01.809Z",
"name": "the Generative Pre-trained",
"description": "Malware the Generative Pre-trained identified in threat intelligence",
"malware_types": [
"trojan"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://certera.com/blog/?p=4098",
"description": "Data Privacy in the World of ChatGPT: Risks, Importance, Best Practices"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--29f5fdd7-a99f-43d4-bb0f-9c39039e02b6",
"created": "2025-11-11T18:18:01.809Z",
"modified": "2025-11-11T18:18:01.809Z",
"name": "OpenAI",
"description": "Malware OpenAI identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://certera.com/blog/?p=4098",
"description": "Data Privacy in the World of ChatGPT: Risks, Importance, Best Practices"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--2bc6a7fa-3f68-4804-aa5c-f48ec2abfaf6",
"created": "2025-11-11T18:18:01.809Z",
"modified": "2025-11-11T18:18:01.809Z",
"name": "Transformer",
"description": "Malware Transformer identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://certera.com/blog/?p=4098",
"description": "Data Privacy in the World of ChatGPT: Risks, Importance, Best Practices"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--0876a294-a0e1-4547-b018-9488c5962100",
"created": "2025-11-11T18:18:03.685Z",
"modified": "2025-11-11T18:18:03.685Z",
"name": "Huntress",
"description": "Malware Huntress identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://thehackernews.com/2025/11/gootloader-is-back-using-new-font-trick.html",
"description": "GootLoader Is Back, Using a New Font Trick to Hide Malware on WordPress Sites"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--c6419417-d897-4d87-951b-b5669c17d639",
"created": "2025-11-11T18:18:08.371Z",
"modified": "2025-11-11T18:18:08.371Z",
"name": "ZDI",
"description": "Malware ZDI identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--cdafbc16-28be-4079-af18-37d7bf1fd79a",
"created": "2025-11-11T18:18:08.371Z",
"modified": "2025-11-11T18:18:08.371Z",
"name": "CVSS",
"description": "Malware CVSS identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--dce26df0-9928-4c66-b1e9-79e091ee54b9",
"created": "2025-11-11T18:18:09.986Z",
"modified": "2025-11-11T18:18:09.986Z",
"name": "Committee",
"description": "Malware Committee identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "http://securityboulevard.com/?guid=ade6947b24f53c234e1b7c11dc7992cd",
"description": "United States of America Veterans Day November 11, 2025: Honoring All Who Served"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--829e664b-6f0b-402c-918e-daf26dbdc84e",
"created": "2025-11-11T18:18:09.986Z",
"modified": "2025-11-11T18:18:09.986Z",
"name": "the Veterans Day National Committee",
"description": "Malware the Veterans Day National Committee identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "http://securityboulevard.com/?guid=ade6947b24f53c234e1b7c11dc7992cd",
"description": "United States of America Veterans Day November 11, 2025: Honoring All Who Served"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--4c64e8f6-e0e0-4d2c-a31a-187f718bb2a0",
"created": "2025-11-11T18:18:16.649Z",
"modified": "2025-11-11T18:18:16.649Z",
"name": "Cross-Device Challenges, User Adoption Strategies",
"description": "Malware Cross-Device Challenges, User Adoption Strategies identified in threat intelligence",
"malware_types": [
"trojan"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://www.healthcareinfosecurity.com/passwordless-future-smart-verification-for-fraud-prevention-a-29970",
"description": "Passwordless Future: Smart Verification for Fraud Prevention"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--ecc990b6-628e-4828-8951-b87f4aaa66d9",
"created": "2025-11-11T18:18:22.217Z",
"modified": "2025-11-11T18:18:22.217Z",
"name": "AI (genAI",
"description": "Malware AI (genAI identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://www.reddit.com/r/cybersecurity/comments/1ouc0dn/copypaste_now_exceeds_file_transfer_as_top/",
"description": "Copy-paste now exceeds file transfer as top corporate data exfiltration vector"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--572c743d-72e5-43dd-bd68-aa71f45afec0",
"created": "2025-11-11T18:18:22.217Z",
"modified": "2025-11-11T18:18:22.217Z",
"name": "Browser Security Report",
"description": "Malware Browser Security Report identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://www.reddit.com/r/cybersecurity/comments/1ouc0dn/copypaste_now_exceeds_file_transfer_as_top/",
"description": "Copy-paste now exceeds file transfer as top corporate data exfiltration vector"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--ea1b4438-fc77-4498-b8d8-708766dca220",
"created": "2025-11-11T18:18:25.752Z",
"modified": "2025-11-11T18:18:25.752Z",
"name": "Qilin",
"description": "Malware Qilin identified in threat intelligence",
"malware_types": [
"unknown"
],
"is_family": true,
"external_references": [
{
"source_name": "article",
"url": "https://www.infosecurity-magazine.com/news/qilin-ransomware-activity-surges/",
"description": "Qilin Ransomware Activity Surges as Attacks Target Small Businesses"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
],
"labels": [
"malicious-activity"
]
},
{
"type": "campaign",
"spec_version": "2.1",
"id": "campaign--462f9727-d30f-4849-8ffa-b6234ea6a7ca",
"created": "2025-11-11T18:18:26.153Z",
"modified": "2025-11-11T18:18:26.154Z",
"name": " BigBear.ai Campaign",
"description": "Campaign involving using BigBear.ai",
"first_seen": "2025-11-11T15:02:52.000Z",
"last_seen": "2025-11-11T15:02:52.000Z",
"objective": "Malicious cyber operations",
"confidence": 70,
"external_references": [
{
"source_name": "article",
"url": "https://cyberscoop.com/?p=86731",
"description": "BigBear.ai to buy Ask Sage, strengthening security-centric AI for federal agencies"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"type": "campaign",
"spec_version": "2.1",
"id": "campaign--08e03751-d58c-4833-b3b5-b7b0383dbbe3",
"created": "2025-11-11T18:18:26.158Z",
"modified": "2025-11-11T18:18:26.158Z",
"name": " CVSS Campaign",
"description": "Campaign involving using CVSS",
"first_seen": "2025-11-10T20:49:00.000Z",
"last_seen": "2025-11-10T20:49:00.000Z",
"objective": "Malicious cyber operations",
"confidence": 70,
"external_references": [
{
"source_name": "article",
"url": "https://thehackernews.com/2025/11/hackers-exploiting-triofox-flaw-to.html",
"description": "Hackers Exploiting Triofox Flaw to Install Remote Access Tools via Antivirus Feature"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"type": "campaign",
"spec_version": "2.1",
"id": "campaign--2bc3ce3f-3fe2-427b-a4c1-b24ea29981c6",
"created": "2025-11-11T18:18:26.160Z",
"modified": "2025-11-11T18:18:26.160Z",
"name": " MCP Campaign",
"description": "Campaign involving using MCP",
"first_seen": "2025-11-11T00:43:28.000Z",
"last_seen": "2025-11-11T00:43:28.000Z",
"objective": "Malicious cyber operations",
"confidence": 70,
"external_references": [
{
"source_name": "article",
"url": "https://www.reddit.com/r/cybersecurity/comments/1otvdqw/mcp_server_security_series/",
"description": "MCP Server Security Series"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"type": "campaign",
"spec_version": "2.1",
"id": "campaign--ea907cc0-e092-4b4e-838e-4faca837f434",
"created": "2025-11-11T18:18:26.161Z",
"modified": "2025-11-11T18:18:26.161Z",
"name": " Fantasy Campaign",
"description": "Campaign involving using Fantasy",
"first_seen": "2025-11-11T11:44:00.000Z",
"last_seen": "2025-11-11T11:44:00.000Z",
"objective": "Malicious cyber operations",
"confidence": 70,
"external_references": [
{
"source_name": "article",
"url": "https://thehackernews.com/2025/11/android-trojan-fantasy-hub-malware.html",
"description": "Android Trojan 'Fantasy Hub' Malware Service Turns Telegram Into a Hub for Hackers"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"type": "campaign",
"spec_version": "2.1",
"id": "campaign--cf6c8b97-ea2c-4572-8757-777fc0405ae3",
"created": "2025-11-11T18:18:26.163Z",
"modified": "2025-11-11T18:18:26.163Z",
"name": " RAT Campaign",
"description": "Campaign involving using RAT",
"first_seen": "2025-11-11T15:08:12.000Z",
"last_seen": "2025-11-11T15:08:12.000Z",
"objective": "Malicious cyber operations",
"confidence": 70,
"external_references": [
{
"source_name": "article",
"url": "https://lifeboat.com/blog/2025/11/automatic-c-to-rust-translation-technology-provides-accuracy-beyond-ai",
"description": "Automatic C to Rust translation technology provides accuracy beyond AI"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"type": "campaign",
"spec_version": "2.1",
"id": "campaign--8cf24f40-c038-4c8f-8109-6a6e41e20f3d",
"created": "2025-11-11T18:18:26.164Z",
"modified": "2025-11-11T18:18:26.164Z",
"name": " Malware Campaign",
"description": "Campaign involving using Malware",
"first_seen": "2025-11-10T20:05:59.000Z",
"last_seen": "2025-11-10T20:05:59.000Z",
"objective": "Malicious cyber operations",
"confidence": 70,
"external_references": [
{
"source_name": "article",
"url": "https://securityaffairs.com/?p=184427",
"description": "GlassWorm malware has resurfaced on the Open VSX registry"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"type": "campaign",
"spec_version": "2.1",
"id": "campaign--0ff5914f-f777-406c-853f-3f55db035fc5",
"created": "2025-11-11T18:18:26.167Z",
"modified": "2025-11-11T18:18:26.167Z",
"name": " GitHub Campaign",
"description": "Campaign involving using GitHub",
"first_seen": "2025-11-11T11:55:00.000Z",
"last_seen": "2025-11-11T11:55:00.000Z",
"objective": "Malicious cyber operations",
"confidence": 70,
"external_references": [
{
"source_name": "article",
"url": "https://thehackernews.com/2025/11/researchers-detect-malicious-npm.html",
"description": "Researchers Detect Malicious npm Package Targeting GitHub-Owned Repositories"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"type": "campaign",
"spec_version": "2.1",
"id": "campaign--6087d6f6-89d8-4273-9953-1932610f1a39",
"created": "2025-11-11T18:18:26.185Z",
"modified": "2025-11-11T18:18:26.185Z",
"name": " Android Campaign",
"description": "Campaign involving using Android",
"first_seen": "2025-11-11T11:40:59.000Z",
"last_seen": "2025-11-11T11:40:59.000Z",
"objective": "Malicious cyber operations",
"confidence": 70,
"external_references": [
{
"source_name": "article",
"url": "https://www.darkreading.com/remote-workforce/kimsuky-apt-south-korean-androids-abuses-kakaotalk",
"description": "Kimsuky APT Takes Over South Korean Androids, Abuses KakaoTalk"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"type": "course-of-action",
"spec_version": "2.1",
"id": "course-of-action--9948bd21-35de-4c68-90f0-ac553920d7f7",
"created": "2025-11-11T18:18:26.206Z",
"modified": "2025-11-11T18:18:26.206Z",
"name": "Mitigate CVE-2025-12480",
"description": "Apply security updates and patches to address CVE-2025-12480",
"action_type": "remediate",
"external_references": [
{
"source_name": "nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12480",
"description": "NVD entry with patch information"
},
{
"source_name": "article",
"url": "https://thehackernews.com/2025/11/hackers-exploiting-triofox-flaw-to.html",
"description": "Hackers Exploiting Triofox Flaw to Install Remote Access Tools via Antivirus Feature"
}
],
"object_marking_refs": [
"marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"
]
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--ab850a39-6ead-44e8-b25c-c572e063b726",
"created": "2025-11-11T18:18:27.099Z",
"modified": "2025-11-11T18:18:27.099Z",
"relationship_type": "part-of",
"source_ref": "identity--78652a32-1d49-42fb-a7b1-5c6f8bfb3581",
"target_ref": "location--c92adf8f-1739-4c88-895d-06a7f2948f2e",
"confidence": 87,
"description": "maturity models offer valuable guidance for organizations seeking to enhance their security posture. While the Cybersecurity Maturity Model Certification (CMMC) version 1.0, originally created by the U.S. ... Attackers are increasingly phishing over LinkedIn to reach executives and bypass email security tools. Push Security explains how real-time browser protection detects and blocks phishing across apps and channels as users load malicious pages. Many organizations still struggle to patch fast enough to prevent breaches. Join us December 2 at 2PM ET to learn how modern patch management strategies can reduce risk and close the remediation gap. [...] What is ChatGPT? ChatGPT is a conversational AI that has been created by OpenAI and is based on the ability to understand and generate text that is in many ways similar to how a human being would write it, given an input. It belongs to a line of models called the Generative Pre-trained Transformer o... Our customers are proving what exposure management can do. Thank you for trusting us to be part of your mission. Key takeaways Tenable believes our evolution of exposure management and our strong, mature partner ecosystem contributed to our position as a Leader in the 2025 Gartner ® Magic Quadrant T... Nov 11, 2025 - Alan Fagan - CYFIRMA is an external threat landscape management platform that combines cyber intelligence with attack surface discovery and digital risk protection to deliver early warning, personalized, contextual, outside-in, and multi-layered insights. The company’s cloud-based AI ... This is why AIs are not ready to be personal assistants: A new attack called ‘CometJacking’ exploits URL parameters to pass to Perplexity’s Comet AI browser hidden instructions that allow access to sensitive data from connected services, like email and calendar. In a realistic scenario, no credentia... The malware known as GootLoader has resurfaced yet again after a brief spike in activity earlier this March, according to new findings from Huntress. The cybersecurity company said it observed three GootLoader infections since October 27, 2025, out of which two resulted in hands-on keyboard intrusio... “Security systems fail. When it fails, what do you do?” This critical question from Spire Connect’s Pankaj Sharma set the stage at Gitex 2025 for a conversation with Francois Driessen, the “Human Ambassador” of ADAMnetworks. His core message is blunt: in cybersecurity, even real-time is not fast eno... Nov 11, 2025 - Jeremy Snyder - API Security: Why the Gap Developers and security professionals have different concerns and motivations. It’s easy to see why gaps emerge. The ability to quickly ship new products, features or functionality is a real source of competitive advantage in the digital econo... Researchers aren’t very concerned about the dozens of undisclosed F5 vulnerabilities a nation-state attacker stole during a prolonged attack on F5’s internal systems. Yet, the heist of sensitive intelligence from a widely used vendor’s internal network resembles previous espionage-driven attacks tha... Attackers intercepting network traffic can determine the conversation topic with a chatbot despite end-to-end encrypted communication. The post ‘Whisper Leak’ LLM Side-Channel Attack Infers User Prompt Topics appeared first on SecurityWeek . Nov 11, 2025 - Jeremy Snyder - On April 5, 2023, during UK Cyber Week, our CEO Jeremy Snyder will present, “API security - what is it, why you should care, and how to protect your org”. The session, part of the OT & IT Cyber Security track, will explore the rise of APIs and API-centric cloud archite... Nov 11, 2025 - James Fulton - McLean, Va. – Dec. 14, 2022 — FireTail Inc, a disruptor in API security, announced today it has closed $5 million in early stage financing led by Paladin Capital Group, with participation from Zscaler, General Advance, Secure Octane, and a cadre of high-profile cyber se... SecureIQLab joins forces with Mplify The post SecureIQLab brings independent outcome-based validation to Mplify at Global NaaS Event (GNE) appeared first on SecureIQ Lab . The post SecureIQLab brings independent outcome-based validation to Mplify at Global NaaS Event (GNE) appeared first on Security... This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 11, 2025 – Listen to the podcast Online romance fraud is a problem across the globe. It causes financial and emotional devastation, yet many people refuse to take it seriously. “ Keanu Reeves is Not in Love W... Nov 11, 2025 - Jeremy Snyder - Over the last few years, web application attacks have become one of the leading causes of data breaches, making web application security increasingly important for overall security posture. In fact, web application attacks were involved in 26% of all breaches in 2022 a... What is Encoding? Encoding is a process of transforming the data into different parameters to enhance its compatibility, usefulness, and to transmit it through various systems and applications. Therefore, the main purpose of encoding is not security for data but rather compatibility that makes data ... This vulnerability allows local attackers to escalate privileges on affected installations of Autodesk On-Demand Install Services. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The follo... Nov 11, 2025 - Jeremy Snyder - McLean, Va. - Jan. 24, 2023 - FireTail Inc., a disruptor in API security, today announced the appointment of Timo Rüppell to the executive leadership team as Vice President of Product. In conjunction with bringing Rüppell on board, FireTail also opened a new company of... A threat actor has exploited the issue to create a new administrator account and then used the account to execute remote access tools. The post Critical Triofox Vulnerability Exploited in the Wild appeared first on SecurityWeek . Nov 11, 2025 - - FireTail is on a mission to secure the world’s APIs by making API security as simple as import, setup, done. We officially launched the company back in February 2022 with a passion for helping organizations secure their APIs as they grow their cloud presence. As of the beginning of ... Veterans Day Poster Competition - via The United States Department of Veteran's Affairs: Veterans Day Poster Competition - Each year the Veterans Day National Committee publishes a commemorative Veterans Day poster. The Committee selects a poster from artwork submitted by artists nationwide. Over th... AI-driven automation is transforming cloud security by detecting anomalies in real time, and enabling intelligent threat response. The post Cloud Security Automation: Using AI to Strengthen Defenses and Response appeared first on Security Boulevard . SAP has released its November security updates that address multiple security vulnerabilities, including a maximum severity flaw in the non-GUI variant of the SQL Anywhere Monitor and a critical code injection issue in the Solution Manager platform. [...] Konni, a subset of the state-sponsored DPRK cyberespionage group, first exploits Google Find Hub, which ironically aims to protect lost Android devices, to remotely wipe devices. Nov 11, 2025 - Jeremy Snyder - IDOR Attacks: Common And Deadly IDOR attacks, or Insecure Direct Object Reference (IDOR) attacks, are one of the most common and costly forms of API breach. In an IDOR attack, hackers directly reference internal objects in a web application that uses APIs1. IDOR attack... Are Your NHIs in Hybrid Cloud Environments Truly Secure? Is your organization leveraging the benefits of a hybrid cloud environment while ensuring the security of its Non-Human Identities? NHIs, or machine identities, are increasingly pivotal where organizations shift more operations to the cloud. Y... Mozilla has implemented fresh fingerprinting protections to prevent hidden trackers from identifying Firefox users. The post New Firefox Protections Halve the Number of Trackable Users appeared first on SecurityWeek . A new cyber-attack has been observed exploiting Google Find Hub to remotely wipe Android devices, linked to North Korean APTs Hardcoded credentials in SQL Anywhere Monitor could allow attackers to execute arbitrary code on vulnerable deployments. The post SAP Patches Critical Flaws in SQL Anywhere Monitor, Solution Manager appeared first on SecurityWeek . Discover DataDome’s Q3 2025 product & platform updates, including AI-driven fraud defense, adaptive protection, and new tools to control, monetize, and secure evolving AI traffic. The post AI, Adaptability, & Ease: What’s New in DataDome’s Q3 2025 Platform Updates appeared first on Security Boulevar... Enforcement of the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) requirements started on November 10, 2025. The post CMMC Live: Pentagon Demands Verified Cybersecurity From Contractors appeared first on SecurityWeek . Threat actors were exploiting vulnerable versions of Triofox after a patched version was released, said Google Cloud researchers I am working on my final project for a Cybersecurity certificate. The topic of the project is remote code execution. The incident i'm reporting on involves a team of ethical hackers gaining access to a file management server using a block of JSON. This block of JSON contains an action parameter that... Built a Burp extension for WordPress pentesting that I've been using internally. Decided to open-source it since it adds real value beyond existing tools: Key features: Auto-detection from HTTP traffic - passively finds WP sites + plugins/themes as you browse (no manual enumeration) Comprehensive se... I once worked with a team that had everything automated; scanning, patching, reporting, you name it. On paper, it looked perfect. But when an actual issue slipped through, no one noticed for weeks because everyone assumed “ the tool ” would catch it. And when no one was able to explain \" why \" the b... I am small business owner in construction. I got interested in cloud security recently, started to build my lab, complete tryhackme rooms, watch Professor Messer, I feel like it would make sense to open my own company in this field one day. But for that I will need way more experience besides what I... Hi everyone, I'm following a cybersecurity training at a university (a masterclass module) to get acquainted with the field, out of interest. The course focuses on concepts like SOC's, CTI etc, so it's not a technical course. However we of course talk about available technologies like SIEM, XDR, etc... Steve Lenderman of isolved on Cross-Device Challenges, User Adoption Strategies Steve Lenderman, head of fraud prevention at isolved, discusses the shift to passwordless authentication, addressing adoption challenges across multiple devices, the link between cybersecurity and fraud prevention, and h... AGs Cite Security Failures Leading to Illuminate Education's Late 2021 Data Theft A California-based vendor of software used to collect and analyze student data, including records of children with disabilities and special educational needs, has been fined a total of $5.1 million by the attorneys gen... Background on Sipeed For those unfamiliar, Sipeed is a Shenzhen-based hardware company that manufactures embedded AI systems, RISC-V development boards, and edge computing modules. They're fairly well-known in the maker/embedded systems community for products like: K210 AI accelerator modules MaixSe... Host Rich Stroffolino will be chatting with our guest experts Jacob Coombs and Ross Young about some of the biggest stories that will have an impact on you and your business this week. This is a perfect opportunity to get ready for your next company standup or strategy meeting. Join us and participa... I worked two internships doing various things in security from security awareness and training, vulnerability, some incident response, little bit of enforcing compliance, proactive security, identity and access management, etc. Not a ton of stuff but I did have some great hands on experience. For th... Features: - SQL Injection Detection - XSS Vulnerability Scanning - Security Headers Audit - Professional Reporting Perfect for developers and security researchers. Looking for feedback and contributors! submitted by /u/Necessary-Eagle-7051 [link] [comments] Many of the main big tech companies plop AI onto everything and invest heavily. My cybersecurity companies offer AI security solutions but don’t necessarily build data centers or their own AI models. Do you see cybersecurity companies being more stable than other tech companies when the AI bubble po... Started as a cyber security analyst one year ago (previous job was in the data governance domain). Just got my gcih cert. (I know it's just the pure basics, but it was a fun course to take IMHO) At this moment I manage most alerts and rules in our Siem. Create phishing tests, do some internal assess... Orbital Frontier Is the Next Ungoverned Internet, and We Have Left It Open to Attack The orbital frontier is the next ungoverned internet - a vast, vulnerable network of over 11,000 satellites without a cybersecurity framework. As nations race to commercialize space, we've left the orbit open to att... Hello! I am currently a sophomore at University. I need some advice on what to do for my career. I’m currently studying Cybersecurity for my bachelor’s. This just became a new major and has some small issues. I’m overall not doing great right now academically and don’t know if I need a change. I was... We’ve started noticing how fast cloud risks evolve, especially with AI-driven workloads being deployed everywhere. Traditional security posture management setups are struggling to keep pace, and manual correlation between identity, posture, and runtime feels outdated. Has anyone tested or implemente... Pentagon Formally Rolls Out Long-Awaited Cybersecurity Requirements for Vendors The Department of Defense's final Cybersecurity Maturity Model Certification rule went into effect Monday after years of industry debate, requiring all defense contractors and subcontractors to obtain cybersecurity certi... Emerging threats and security considerations in the era of advanced browser technologies Takeaways AI browsers introduce unique cybersecurity risks, including susceptibility to prompt injection attacks that can extend beyond the browser itself. Malicious prompts could lead to data exfiltration and c... I became a SOC analyst just shy of 2 months ago and have decided to take another offer in another department making the same amount of money/benefits. I feel like a failure. I didn’t get proper training and was constantly stressed about making mistakes. My boss even threatened to fire me once I did ... Hi guys as of the beginning of September, I started my new job and became the sole Vulnerability Manager at my company. Transitioning from a helpdesk role into this position has been quite exciting, especially since I have a background in cybersecurity from my bachelor’s degree. Having the chance to... It is now more common for data to leave companies through copying and paste than through file transfers and uploads, LayerX revealed in its Browser Security Report 2025 . This shift is largely due to generative AI (genAI), with 77% of employees pasting data into AI prompts, and 32% of all copy-paste... I am currently a freshman in college majoring in psychology but (for various reasons) want to change my major. My college offers a BS in cybersecurity & network management and its one of the few other majors that interest me but I have been hearing about how saturated the market is right now as well... Hey HN, I’ve been building CyBox Security a platform that acts like a virtual security team for developers. It combines multiple security scanners into one unified dashboard, covering SAST, SCA, IaC, and Secrets in a single workflow. The idea came after seeing how many small dev teams and startups d... Hi all, looking for some advice from the community. I have an advanced diploma in cybersecurity and digital investigations and several industry certifications (including CHFI, Security+, GFACT, GSEC, GCIH, GPEN, and eCPPTv3). I’ve been working in security operations and engineering roles for a few y... Good day you wonderful people. I'm finding myself in a pickle - or at least very confused. I am not new to Cybersecurity, but still certainly learning. I'm currently in a weird situation. I'm part of a team that gets to upgrade security tooling, and there will be changes in how things are handled to... Before the comments I have sec+, CySA+ and 3 IT & Cyber internships Im sorry to all you cyber students. The industry is beyond cooked I’ve applied to NY,DMV,NC,SC,VA I’ve had 4 interviews and got a reject email from about 30-40 1 for a digital forensics role - 2 interviews, 1 in person and got ghost... Article URL: https://blog.adacore.com/proving-safety-at-scale-spark-risc-v-and-nvidias-security-strategy Comments URL: https://news.ycombinator.com/item?id=45888348 Points: 3 # Comments: 0 CISA ordered U.S. federal agencies today to patch a critical Samsung vulnerability that has been exploited in zero-day attacks to deploy LandFall spyware on devices running WhatsApp. [...] Qilin group ran",
"x_validation_method": "three-llm-consensus"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--5599849c-0cb9-4265-ae4a-bd479a67073b",
"created": "2025-11-11T18:18:27.099Z",
"modified": "2025-11-11T18:18:27.099Z",
"relationship_type": "delivers",
"source_ref": "malware--44927346-2d9c-445c-8c5e-7dcdc2fbdec2",
"target_ref": "malware--bbe568e2-469f-4f6e-894f-9004f60be5a5",
"confidence": 70,
"description": "o Perplexity’s Comet AI browser hidden instructions that allow access to sensitive data from connected services, like email and calendar. In a realistic scenario, no credentia... The malware known as GootLoader has resurfaced yet again after a brief spike in activity earlier this March, according to new findings from Huntress. The cybersecurity company said it observed three GootLoader infections since October 27, 2025, out of which two resulted in hands-on keyboard intrusio... “Security systems fail. When it fails, what do you do?” This critical question from Spire Connect’s Pankaj Sharma set the stage at Gitex 2025 for a conversation with Francois Driessen, the “Human Ambassador” of ADAMnetworks. His core message is blunt: in cybersecurity, even real-time is not fast eno... Nov 11, 2025 - Jeremy Snyder - API Security: Why the Gap Developers and security professionals have different concerns and motivations. It’s easy to see why gaps emerge. The ability to quickly ship new products, features or functionality is a real source of competitive advantage in the digital econo... Researchers aren’t very concerned about the dozens of undisclosed F5 vulnerabilities a nation-state attacker stole during a prolonged attack on F5’s internal systems. Yet, the heist of sensitive intelligence from a widely used vendor’s internal network resembles previous espionage-driven attacks tha... Attackers intercepting network traffic can determine the conversation topic with a chatbot despite end-to-end encrypted communication. The post ‘Whisper Leak’ LLM Side-Channel Attack Infers User Prompt Topics appeared first on SecurityWeek . Nov 11, 2025 - Jeremy Snyder - On April 5, 2023, during UK Cyber Week, our CEO Jeremy Snyder will present, “API security - what is it, why you should care, and how to protect your org”. The session, part of the OT & IT Cyber Security track, will explore the rise of APIs and API-centric cloud archite... Nov 11, 2025 - James Fulton - McLean, Va. – Dec. 14, 2022 — FireTail Inc, a disruptor in API security, announced today it has closed $5 million in early stage financing led by Paladin Capital Group, with participation from Zscaler, General Advance, Secure Octane, and a cadre of high-profile cyber se... SecureIQLab joins forces with Mplify The post SecureIQLab brings independent outcome-based validation to Mplify at Global NaaS Event (GNE) appeared first on SecureIQ Lab . The post SecureIQLab brings independent outcome-based validation to Mplify at Global NaaS Event (GNE) appeared first on Security... This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 11, 2025 – Listen to the podcast Online romance fraud is a problem across the globe. It causes financial and emotional devastation, yet many people refuse to take it seriously. “ Keanu Reeves is Not in Love W... Nov 11, 2025 - Jeremy Snyder - Over the last few years, web application attacks have become one of the leading causes of data breaches, making web application security increasingly important for overall security posture. In fact, web application attacks were involved in 26% of all breaches in 2022 a... What is Encoding? Encoding is a process of transforming the data into different parameters to enhance its compatibility, usefulness, and to transmit it through various systems and applications. Therefore, the main purpose of encoding is not security for data but rather compatibility that makes data ... This vulnerability allows local attackers to escalate privileges on affected installations of Autodesk On-Demand Install Services. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The follo... Nov 11, 2025 - Jeremy Snyder - McLean, Va. - Jan. 24, 2023 - FireTail Inc., a disruptor in API security, today announced the appointment of Timo Rüppell to the executive leadership team as Vice President of Product. In conjunction with bringing Rüppell on board, FireTail also opened a new company of... A threat actor has exploited the issue to create a new administrator account and then used the account to execute remote access tools. The post Critical Triofox Vulnerability Exploited in the Wild appeared first on SecurityWeek . Nov 11, 2025 - - FireTail is on a mission to secure the world’s APIs by making API security as simple as import, setup, done. We officially launched the company back in February 2022 with a passion for helping organizations secure their APIs as they grow their cloud presence. As of the beginning of ... Veterans Day Poster Competition - via The United States Department of Veteran's Affairs: Veterans Day Poster Competition - Each year the Veterans Day National Committee publishes a commemorative Veterans Day poster. The Committee selects a poster from artwork submitted by artists nationwide. Over th... AI-driven automation is transforming cloud security by detecting anomalies in real time, and enabling intelligent threat response. The post Cloud Security Automation: Using AI to Strengthen Defenses and Response appeared first on Security Boulevard . SAP has released its November security updates that address multiple security vulnerabilities, including a maximum severity flaw in the non-GUI variant of the SQL Anywhere Monitor and a critical code injection issue in the Solution Manager platform. [...] Konni, a subset of the state-sponsored DPRK cyberespionage group, first exploits Google Find Hub, which ironically aims to protect lost Android devices, to remotely wipe devices. Nov 11, 2025 - Jeremy Snyder - IDOR Attacks: Common And Deadly IDOR attacks, or Insecure Direct Object Reference (IDOR) attacks, are one of the most common and costly forms of API breach. In an IDOR attack, hackers directly reference internal objects in a web application that uses APIs1. IDOR attack... Are Your NHIs in Hybrid Cloud Environments Truly Secure? Is your organization leveraging the benefits of a hybrid cloud environment while ensuring the security of its Non-Human Identities? NHIs, or machine identities, are increasingly pivotal where organizations shift more operations to the cloud. Y... Mozilla has implemented fresh fingerprinting protections to prevent hidden trackers from identifying Firefox users. The post New Firefox Protections Halve the Number of Trackable Users appeared first on SecurityWeek . A new cyber-attack has been observed exploiting Google Find Hub to remotely wipe Android devices, linked to North Korean APTs Hardcoded credentials in SQL Anywhere Monitor could allow attackers to execute arbitrary code on vulnerable deployments. The post SAP Patches Critical Flaws in SQL Anywhere Monitor, Solution Manager appeared first on SecurityWeek . Discover DataDome’s Q3 2025 product & platform updates, including AI-driven fraud defense, adaptive protection, and new tools to control, monetize, and secure evolving AI traffic. The post AI, Adaptability, & Ease: What’s New in DataDome’s Q3 2025 Platform Updates appeared first on Security Boulevar... Enforcement of the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) requirements started on November 10, 2025. The post CMMC Live: Pentagon Demands Verified Cybersecurity From Contractors appeared first on SecurityWeek . Threat actors were exploiting vulnerable versions of Triofox after a patched version was released, said Google Cloud researchers I am working on my final project for a Cybersecurity certificate. The topic of the project is remote code execution. The incident i'm reporting on involves a team of ethical hackers gaining access to a file management server using a block of JSON. This block of JSON contains an action parameter that... Built a Burp extension for WordPress pentesting that I've been using internally. Decided to open-source it since it adds real value beyond existing tools: Key features: Auto-detection from HTTP traffic - passively finds WP sites + plugins/themes as you browse (no manual enumeration) Comprehensive se... I once worked with a team that had everything automated; scanning, patching, reporting, you name it. On paper, it looked perfect. But when an actual issue slipped through, no one noticed for weeks because everyone assumed “ the tool ” would catch it. And when no one was able to explain \" why \" the b... I am small business owner in construction. I got interested in cloud security recently, started to build my lab, complete tryhackme rooms, watch Professor Messer, I feel like it would make sense to open my own company in this field one day. But for that I will need way more experience besides what I... Hi everyone, I'm following a cybersecurity training at a university (a masterclass module) to get acquainted with the field, out of interest. The course focuses on concepts like SOC's, CTI etc, so it's not a technical course. However we of course talk about available technologies like SIEM, XDR, etc... Steve Lenderman of isolved on Cross-Device Challenges, User Adoption Strategies Steve Lenderman, head of fraud prevention at isolved, discusses the shift to passwordless authentication, addressing adoption challenges across multiple devices, the link between cybersecurity and fraud prevention, and h... AGs Cite Security Failures Leading to Illuminate Education's Late 2021 Data Theft A California-based vendor of software used to collect and analyze student data, including records of children with disabilities and special educational needs, has been fined a total of $5.1 million by the attorneys gen... Background on Sipeed For those unfamiliar, Sipeed is a Shenzhen-based hardware company that manufactures embedded AI systems, RISC-V development boards, and edge computing modules. They're fairly well-known in the maker/embedded systems community for products like: K210 AI accelerator modules MaixSe... Host Rich Stroffolino will be chatting with our guest experts Jacob Coombs and Ross Young about some of the biggest stories that will have an impact on you and your business this week. This is a perfect opportunity to get ready for your next company standup or strategy meeting. Join us and participa... I worked two internships doing various things in security from security awareness and training, vulnerability, some incident response, little bit of enforcing compliance, proactive security, identity and access management, etc. Not a ton of stuff but I did have some great hands on experience. For th... Features: - SQL Injection Detection - XSS Vulnerability Scanning - Security Headers Audit - Professional Reporting Perfect for developers and security researchers. Looking for feedback and contributors! submitted by /u/Necessary-Eagle-7051 [link] [comments] Many of the main big tech companies plop AI onto everything and invest heavily. My cybersecurity companies offer AI security solutions but don’t necessarily build data centers or their own AI models. Do you see cybersecurity companies being more stable than other tech companies when the AI bubble po... Started as a cyber security analyst one year ago (previous job was in the data governance domain). Just got my gcih cert. (I know it's just the pure basics, but it was a fun course to take IMHO) At this moment I manage most alerts and rules in our Siem. Create phishing tests, do some internal assess... Orbital Frontier Is the Next Ungoverned Internet, and We Have Left It Open to Attack The orbital frontier is the next ungoverned internet - a vast, vulnerable network of over 11,000 satellites without a cybersecurity framework. As nations race to commercialize space, we've left the orbit open to att... Hello! I am currently a sophomore at University. I need some advice on what to do for my career. I’m currently studying Cybersecurity for my bachelor’s. This just became a new major and has some small issues. I’m overall not doing great right now academically and don’t know if I need a change. I was... We’ve started noticing how fast cloud risks evolve, especially with AI-driven workloads being deployed everywhere. Traditional security posture management setups are struggling to keep pace, and manual correlation between identity, posture, and runtime feels outdated. Has anyone tested or implemente... Pentagon Formally Rolls Out Long-Awaited Cybersecurity Requirements for Vendors The Department of Defense's final Cybersecurity Maturity Model Certification rule went into effect Monday after years of industry debate, requiring all defense contractors and subcontractors to obtain cybersecurity certi... Emerging threats and security considerations in the era of advanced browser technologies Takeaways AI browsers introduce unique cybersecurity risks, including susceptibility to prompt injection attacks that can extend beyond the browser itself. Malicious prompts could lead to data exfiltration and c... I became a SOC analyst just shy of 2 months ago and have decided to take another offer in another department making the same amount of money/benefits. I feel like a failure. I didn’t get proper training and was constantly stressed about making mistakes. My boss even threatened to fire me once I did ... Hi guys as of the beginning of September, I started my new job and became the sole Vulnerability Manager at my company. Transitioning from a helpdesk role into this position has been quite exciting, especially since I have a background in cybersecurity from my bachelor’s degree. Having the chance to... It is now more common for data to leave companies through copying and paste than through file transfers and uploads, LayerX revealed in its Browser Security Report 2025 . This shift is largely due to generative AI (genAI), with 77% of employees pasting data into AI prompts, and 32% of all copy-paste... I am currently a freshman in college majoring in psychology but (for various reasons) want to change my major. My college offers a BS in cybersecurity & network management and its one of the few other majors that interest me but I have been hearing about how saturated the market is right now as well... Hey HN, I’ve been building CyBox Security a platform that acts like a virtual security team for developers. It combines multiple security scanners into one unified dashboard, covering SAST, SCA, IaC, and Secrets in a single workflow. The idea came after seeing how many small dev teams and startups d... Hi all, looking for some advice from the community. I have an advanced diploma in cybersecurity and digital investigations and several industry certifications (including CHFI, Security+, GFACT, GSEC, GCIH, GPEN, and eCPPTv3). I’ve been working in security operations and engineering roles for a few y... Good day you wonderful people. I'm finding myself in a pickle - or at least very confused. I am not new to Cybersecurity, but still certainly learning. I'm currently in a weird situation. I'm part of a team that gets to upgrade security tooling, and there will be changes in how things are handled to... Before the comments I have sec+, CySA+ and 3 IT & Cyber internships Im sorry to all you cyber students. The industry is beyond cooked I’ve applied to NY,DMV,NC,SC,VA I’ve had 4 interviews and got a reject email from about 30-40 1 for a digital forensics role - 2 interviews, 1 in person and got ghost... Article URL: https://blog.adacore.com/proving-safety-at-scale-spark-risc-v-and-nvidias-security-strategy Comments URL: https://news.ycombinator.com/item?id=45888348 Points: 3 # Comments: 0 CISA ordered U.S. federal agencies today to patch a critical Samsung vulnerability that has been exploited in zero-day attacks to deploy LandFall spyware on devices running WhatsApp. [...] Qilin group ransomware incidents have surged in SMBs, exploiting security gaps and collaborating with Scattered Spider threat group CISA has demanded federal agencies patch a zero-day vulnerability affecting Samsung devices used in LandFall spyware attacks",
"x_validation_method": "three-llm-consensus"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--adb4b0a6-9514-4539-90b3-7edd4c5b642b",
"created": "2025-11-11T18:18:27.099Z",
"modified": "2025-11-11T18:18:27.099Z",
"relationship_type": "uses",
"source_ref": "malware--6be03c76-ed62-49ad-8d6a-8d6edc139482",
"target_ref": "malware--bbe568e2-469f-4f6e-894f-9004f60be5a5",
"confidence": 75,
"description": "o Perplexity’s Comet AI browser hidden instructions that allow access to sensitive data from connected services, like email and calendar. In a realistic scenario, no credentia... The malware known as GootLoader has resurfaced yet again after a brief spike in activity earlier this March, according to new findings from Huntress. The cybersecurity company said it observed three GootLoader infections since October 27, 2025, out of which two resulted in hands-on keyboard intrusio... “Security systems fail. When it fails, what do you do?” This critical question from Spire Connect’s Pankaj Sharma set the stage at Gitex 2025 for a conversation with Francois Driessen, the “Human Ambassador” of ADAMnetworks. His core message is blunt: in cybersecurity, even real-time is not fast eno... Nov 11, 2025 - Jeremy Snyder - API Security: Why the Gap Developers and security professionals have different concerns and motivations. It’s easy to see why gaps emerge. The ability to quickly ship new products, features or functionality is a real source of competitive advantage in the digital econo... Researchers aren’t very concerned about the dozens of undisclosed F5 vulnerabilities a nation-state attacker stole during a prolonged attack on F5’s internal systems. Yet, the heist of sensitive intelligence from a widely used vendor’s internal network resembles previous espionage-driven attacks tha... Attackers intercepting network traffic can determine the conversation topic with a chatbot despite end-to-end encrypted communication. The post ‘Whisper Leak’ LLM Side-Channel Attack Infers User Prompt Topics appeared first on SecurityWeek . Nov 11, 2025 - Jeremy Snyder - On April 5, 2023, during UK Cyber Week, our CEO Jeremy Snyder will present, “API security - what is it, why you should care, and how to protect your org”. The session, part of the OT & IT Cyber Security track, will explore the rise of APIs and API-centric cloud archite... Nov 11, 2025 - James Fulton - McLean, Va. – Dec. 14, 2022 — FireTail Inc, a disruptor in API security, announced today it has closed $5 million in early stage financing led by Paladin Capital Group, with participation from Zscaler, General Advance, Secure Octane, and a cadre of high-profile cyber se... SecureIQLab joins forces with Mplify The post SecureIQLab brings independent outcome-based validation to Mplify at Global NaaS Event (GNE) appeared first on SecureIQ Lab . The post SecureIQLab brings independent outcome-based validation to Mplify at Global NaaS Event (GNE) appeared first on Security... This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 11, 2025 – Listen to the podcast Online romance fraud is a problem across the globe. It causes financial and emotional devastation, yet many people refuse to take it seriously. “ Keanu Reeves is Not in Love W... Nov 11, 2025 - Jeremy Snyder - Over the last few years, web application attacks have become one of the leading causes of data breaches, making web application security increasingly important for overall security posture. In fact, web application attacks were involved in 26% of all breaches in 2022 a... What is Encoding? Encoding is a process of transforming the data into different parameters to enhance its compatibility, usefulness, and to transmit it through various systems and applications. Therefore, the main purpose of encoding is not security for data but rather compatibility that makes data ... This vulnerability allows local attackers to escalate privileges on affected installations of Autodesk On-Demand Install Services. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The follo... Nov 11, 2025 - Jeremy Snyder - McLean, Va. - Jan. 24, 2023 - FireTail Inc., a disruptor in API security, today announced the appointment of Timo Rüppell to the executive leadership team as Vice President of Product. In conjunction with bringing Rüppell on board, FireTail also opened a new company of... A threat actor has exploited the issue to create a new administrator account and then used the account to execute remote access tools. The post Critical Triofox Vulnerability Exploited in the Wild appeared first on SecurityWeek . Nov 11, 2025 - - FireTail is on a mission to secure the world’s APIs by making API security as simple as import, setup, done. We officially launched the company back in February 2022 with a passion for helping organizations secure their APIs as they grow their cloud presence. As of the beginning of ... Veterans Day Poster Competition - via The United States Department of Veteran's Affairs: Veterans Day Poster Competition - Each year the Veterans Day National Committee publishes a commemorative Veterans Day poster. The Committee selects a poster from artwork submitted by artists nationwide. Over th... AI-driven automation is transforming cloud security by detecting anomalies in real time, and enabling intelligent threat response. The post Cloud Security Automation: Using AI to Strengthen Defenses and Response appeared first on Security Boulevard . SAP has released its November security updates that address multiple security vulnerabilities, including a maximum severity flaw in the non-GUI variant of the SQL Anywhere Monitor and a critical code injection issue in the Solution Manager platform. [...] Konni, a subset of the state-sponsored DPRK cyberespionage group, first exploits Google Find Hub, which ironically aims to protect lost Android devices, to remotely wipe devices. Nov 11, 2025 - Jeremy Snyder - IDOR Attacks: Common And Deadly IDOR attacks, or Insecure Direct Object Reference (IDOR) attacks, are one of the most common and costly forms of API breach. In an IDOR attack, hackers directly reference internal objects in a web application that uses APIs1. IDOR attack... Are Your NHIs in Hybrid Cloud Environments Truly Secure? Is your organization leveraging the benefits of a hybrid cloud environment while ensuring the security of its Non-Human Identities? NHIs, or machine identities, are increasingly pivotal where organizations shift more operations to the cloud. Y... Mozilla has implemented fresh fingerprinting protections to prevent hidden trackers from identifying Firefox users. The post New Firefox Protections Halve the Number of Trackable Users appeared first on SecurityWeek . A new cyber-attack has been observed exploiting Google Find Hub to remotely wipe Android devices, linked to North Korean APTs Hardcoded credentials in SQL Anywhere Monitor could allow attackers to execute arbitrary code on vulnerable deployments. The post SAP Patches Critical Flaws in SQL Anywhere Monitor, Solution Manager appeared first on SecurityWeek . Discover DataDome’s Q3 2025 product & platform updates, including AI-driven fraud defense, adaptive protection, and new tools to control, monetize, and secure evolving AI traffic. The post AI, Adaptability, & Ease: What’s New in DataDome’s Q3 2025 Platform Updates appeared first on Security Boulevar... Enforcement of the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) requirements started on November 10, 2025. The post CMMC Live: Pentagon Demands Verified Cybersecurity From Contractors appeared first on SecurityWeek . Threat actors were exploiting vulnerable versions of Triofox after a patched version was released, said Google Cloud researchers I am working on my final project for a Cybersecurity certificate. The topic of the project is remote code execution. The incident i'm reporting on involves a team of ethical hackers gaining access to a file management server using a block of JSON. This block of JSON contains an action parameter that... Built a Burp extension for WordPress pentesting that I've been using internally. Decided to open-source it since it adds real value beyond existing tools: Key features: Auto-detection from HTTP traffic - passively finds WP sites + plugins/themes as you browse (no manual enumeration) Comprehensive se... I once worked with a team that had everything automated; scanning, patching, reporting, you name it. On paper, it looked perfect. But when an actual issue slipped through, no one noticed for weeks because everyone assumed “ the tool ” would catch it. And when no one was able to explain \" why \" the b... I am small business owner in construction. I got interested in cloud security recently, started to build my lab, complete tryhackme rooms, watch Professor Messer, I feel like it would make sense to open my own company in this field one day. But for that I will need way more experience besides what I... Hi everyone, I'm following a cybersecurity training at a university (a masterclass module) to get acquainted with the field, out of interest. The course focuses on concepts like SOC's, CTI etc, so it's not a technical course. However we of course talk about available technologies like SIEM, XDR, etc... Steve Lenderman of isolved on Cross-Device Challenges, User Adoption Strategies Steve Lenderman, head of fraud prevention at isolved, discusses the shift to passwordless authentication, addressing adoption challenges across multiple devices, the link between cybersecurity and fraud prevention, and h... AGs Cite Security Failures Leading to Illuminate Education's Late 2021 Data Theft A California-based vendor of software used to collect and analyze student data, including records of children with disabilities and special educational needs, has been fined a total of $5.1 million by the attorneys gen... Background on Sipeed For those unfamiliar, Sipeed is a Shenzhen-based hardware company that manufactures embedded AI systems, RISC-V development boards, and edge computing modules. They're fairly well-known in the maker/embedded systems community for products like: K210 AI accelerator modules MaixSe... Host Rich Stroffolino will be chatting with our guest experts Jacob Coombs and Ross Young about some of the biggest stories that will have an impact on you and your business this week. This is a perfect opportunity to get ready for your next company standup or strategy meeting. Join us and participa... I worked two internships doing various things in security from security awareness and training, vulnerability, some incident response, little bit of enforcing compliance, proactive security, identity and access management, etc. Not a ton of stuff but I did have some great hands on experience. For th... Features: - SQL Injection Detection - XSS Vulnerability Scanning - Security Headers Audit - Professional Reporting Perfect for developers and security researchers. Looking for feedback and contributors! submitted by /u/Necessary-Eagle-7051 [link] [comments] Many of the main big tech companies plop AI onto everything and invest heavily. My cybersecurity companies offer AI security solutions but don’t necessarily build data centers or their own AI models. Do you see cybersecurity companies being more stable than other tech companies when the AI bubble po... Started as a cyber security analyst one year ago (previous job was in the data governance domain). Just got my gcih cert. (I know it's just the pure basics, but it was a fun course to take IMHO) At this moment I manage most alerts and rules in our Siem. Create phishing tests, do some internal assess... Orbital Frontier Is the Next Ungoverned Internet, and We Have Left It Open to Attack The orbital frontier is the next ungoverned internet - a vast, vulnerable network of over 11,000 satellites without a cybersecurity framework. As nations race to commercialize space, we've left the orbit open to att... Hello! I am currently a sophomore at University. I need some advice on what to do for my career. I’m currently studying Cybersecurity for my bachelor’s. This just became a new major and has some small issues. I’m overall not doing great right now academically and don’t know if I need a change. I was... We’ve started noticing how fast cloud risks evolve, especially with AI-driven workloads being deployed everywhere. Traditional security posture management setups are struggling to keep pace, and manual correlation between identity, posture, and runtime feels outdated. Has anyone tested or implemente... Pentagon Formally Rolls Out Long-Awaited Cybersecurity Requirements for Vendors The Department of Defense's final Cybersecurity Maturity Model Certification rule went into effect Monday after years of industry debate, requiring all defense contractors and subcontractors to obtain cybersecurity certi... Emerging threats and security considerations in the era of advanced browser technologies Takeaways AI browsers introduce unique cybersecurity risks, including susceptibility to prompt injection attacks that can extend beyond the browser itself. Malicious prompts could lead to data exfiltration and c... I became a SOC analyst just shy of 2 months ago and have decided to take another offer in another department making the same amount of money/benefits. I feel like a failure. I didn’t get proper training and was constantly stressed about making mistakes. My boss even threatened to fire me once I did ... Hi guys as of the beginning of September, I started my new job and became the sole Vulnerability Manager at my company. Transitioning from a helpdesk role into this position has been quite exciting, especially since I have a background in cybersecurity from my bachelor’s degree. Having the chance to... It is now more common for data to leave companies through copying and paste than through file transfers and uploads, LayerX revealed in its Browser Security Report 2025 . This shift is largely due to generative AI (genAI), with 77% of employees pasting data into AI prompts, and 32% of all copy-paste... I am currently a freshman in college majoring in psychology but (for various reasons) want to change my major. My college offers a BS in cybersecurity & network management and its one of the few other majors that interest me but I have been hearing about how saturated the market is right now as well... Hey HN, I’ve been building CyBox Security a platform that acts like a virtual security team for developers. It combines multiple security scanners into one unified dashboard, covering SAST, SCA, IaC, and Secrets in a single workflow. The idea came after seeing how many small dev teams and startups d... Hi all, looking for some advice from the community. I have an advanced diploma in cybersecurity and digital investigations and several industry certifications (including CHFI, Security+, GFACT, GSEC, GCIH, GPEN, and eCPPTv3). I’ve been working in security operations and engineering roles for a few y... Good day you wonderful people. I'm finding myself in a pickle - or at least very confused. I am not new to Cybersecurity, but still certainly learning. I'm currently in a weird situation. I'm part of a team that gets to upgrade security tooling, and there will be changes in how things are handled to... Before the comments I have sec+, CySA+ and 3 IT & Cyber internships Im sorry to all you cyber students. The industry is beyond cooked I’ve applied to NY,DMV,NC,SC,VA I’ve had 4 interviews and got a reject email from about 30-40 1 for a digital forensics role - 2 interviews, 1 in person and got ghost... Article URL: https://blog.adacore.com/proving-safety-at-scale-spark-risc-v-and-nvidias-security-strategy Comments URL: https://news.ycombinator.com/item?id=45888348 Points: 3 # Comments: 0 CISA ordered U.S. federal agencies today to patch a critical Samsung vulnerability that has been exploited in zero-day attacks to deploy LandFall spyware on devices running WhatsApp. [...] Qilin group ransomware incidents have surged in SMBs, exploiting security gaps and collaborating with Scattered Spider threat group CISA has demanded federal agencies patch a zero-day vulnerability affecting Samsung device",
"x_validation_method": "three-llm-consensus"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--ce3a2511-d3ff-4b84-b85e-23f51de35b24",
"created": "2025-11-11T18:18:27.099Z",
"modified": "2025-11-11T18:18:27.099Z",
"relationship_type": "delivers",
"source_ref": "malware--6be03c76-ed62-49ad-8d6a-8d6edc139482",
"target_ref": "malware--bbe568e2-469f-4f6e-894f-9004f60be5a5",
"confidence": 85,
"description": "o Perplexity’s Comet AI browser hidden instructions that allow access to sensitive data from connected services, like email and calendar. In a realistic scenario, no credentia... The malware known as GootLoader has resurfaced yet again after a brief spike in activity earlier this March, according to new findings from Huntress. The cybersecurity company said it observed three GootLoader infections since October 27, 2025, out of which two resulted in hands-on keyboard intrusio... “Security systems fail. When it fails, what do you do?” This critical question from Spire Connect’s Pankaj Sharma set the stage at Gitex 2025 for a conversation with Francois Driessen, the “Human Ambassador” of ADAMnetworks. His core message is blunt: in cybersecurity, even real-time is not fast eno... Nov 11, 2025 - Jeremy Snyder - API Security: Why the Gap Developers and security professionals have different concerns and motivations. It’s easy to see why gaps emerge. The ability to quickly ship new products, features or functionality is a real source of competitive advantage in the digital econo... Researchers aren’t very concerned about the dozens of undisclosed F5 vulnerabilities a nation-state attacker stole during a prolonged attack on F5’s internal systems. Yet, the heist of sensitive intelligence from a widely used vendor’s internal network resembles previous espionage-driven attacks tha... Attackers intercepting network traffic can determine the conversation topic with a chatbot despite end-to-end encrypted communication. The post ‘Whisper Leak’ LLM Side-Channel Attack Infers User Prompt Topics appeared first on SecurityWeek . Nov 11, 2025 - Jeremy Snyder - On April 5, 2023, during UK Cyber Week, our CEO Jeremy Snyder will present, “API security - what is it, why you should care, and how to protect your org”. The session, part of the OT & IT Cyber Security track, will explore the rise of APIs and API-centric cloud archite... Nov 11, 2025 - James Fulton - McLean, Va. – Dec. 14, 2022 — FireTail Inc, a disruptor in API security, announced today it has closed $5 million in early stage financing led by Paladin Capital Group, with participation from Zscaler, General Advance, Secure Octane, and a cadre of high-profile cyber se... SecureIQLab joins forces with Mplify The post SecureIQLab brings independent outcome-based validation to Mplify at Global NaaS Event (GNE) appeared first on SecureIQ Lab . The post SecureIQLab brings independent outcome-based validation to Mplify at Global NaaS Event (GNE) appeared first on Security... This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 11, 2025 – Listen to the podcast Online romance fraud is a problem across the globe. It causes financial and emotional devastation, yet many people refuse to take it seriously. “ Keanu Reeves is Not in Love W... Nov 11, 2025 - Jeremy Snyder - Over the last few years, web application attacks have become one of the leading causes of data breaches, making web application security increasingly important for overall security posture. In fact, web application attacks were involved in 26% of all breaches in 2022 a... What is Encoding? Encoding is a process of transforming the data into different parameters to enhance its compatibility, usefulness, and to transmit it through various systems and applications. Therefore, the main purpose of encoding is not security for data but rather compatibility that makes data ... This vulnerability allows local attackers to escalate privileges on affected installations of Autodesk On-Demand Install Services. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The follo... Nov 11, 2025 - Jeremy Snyder - McLean, Va. - Jan. 24, 2023 - FireTail Inc., a disruptor in API security, today announced the appointment of Timo Rüppell to the executive leadership team as Vice President of Product. In conjunction with bringing Rüppell on board, FireTail also opened a new company of... A threat actor has exploited the issue to create a new administrator account and then used the account to execute remote access tools. The post Critical Triofox Vulnerability Exploited in the Wild appeared first on SecurityWeek . Nov 11, 2025 - - FireTail is on a mission to secure the world’s APIs by making API security as simple as import, setup, done. We officially launched the company back in February 2022 with a passion for helping organizations secure their APIs as they grow their cloud presence. As of the beginning of ... Veterans Day Poster Competition - via The United States Department of Veteran's Affairs: Veterans Day Poster Competition - Each year the Veterans Day National Committee publishes a commemorative Veterans Day poster. The Committee selects a poster from artwork submitted by artists nationwide. Over th... AI-driven automation is transforming cloud security by detecting anomalies in real time, and enabling intelligent threat response. The post Cloud Security Automation: Using AI to Strengthen Defenses and Response appeared first on Security Boulevard . SAP has released its November security updates that address multiple security vulnerabilities, including a maximum severity flaw in the non-GUI variant of the SQL Anywhere Monitor and a critical code injection issue in the Solution Manager platform. [...] Konni, a subset of the state-sponsored DPRK cyberespionage group, first exploits Google Find Hub, which ironically aims to protect lost Android devices, to remotely wipe devices. Nov 11, 2025 - Jeremy Snyder - IDOR Attacks: Common And Deadly IDOR attacks, or Insecure Direct Object Reference (IDOR) attacks, are one of the most common and costly forms of API breach. In an IDOR attack, hackers directly reference internal objects in a web application that uses APIs1. IDOR attack... Are Your NHIs in Hybrid Cloud Environments Truly Secure? Is your organization leveraging the benefits of a hybrid cloud environment while ensuring the security of its Non-Human Identities? NHIs, or machine identities, are increasingly pivotal where organizations shift more operations to the cloud. Y... Mozilla has implemented fresh fingerprinting protections to prevent hidden trackers from identifying Firefox users. The post New Firefox Protections Halve the Number of Trackable Users appeared first on SecurityWeek . A new cyber-attack has been observed exploiting Google Find Hub to remotely wipe Android devices, linked to North Korean APTs Hardcoded credentials in SQL Anywhere Monitor could allow attackers to execute arbitrary code on vulnerable deployments. The post SAP Patches Critical Flaws in SQL Anywhere Monitor, Solution Manager appeared first on SecurityWeek . Discover DataDome’s Q3 2025 product & platform updates, including AI-driven fraud defense, adaptive protection, and new tools to control, monetize, and secure evolving AI traffic. The post AI, Adaptability, & Ease: What’s New in DataDome’s Q3 2025 Platform Updates appeared first on Security Boulevar... Enforcement of the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) requirements started on November 10, 2025. The post CMMC Live: Pentagon Demands Verified Cybersecurity From Contractors appeared first on SecurityWeek . Threat actors were exploiting vulnerable versions of Triofox after a patched version was released, said Google Cloud researchers I am working on my final project for a Cybersecurity certificate. The topic of the project is remote code execution. The incident i'm reporting on involves a team of ethical hackers gaining access to a file management server using a block of JSON. This block of JSON contains an action parameter that... Built a Burp extension for WordPress pentesting that I've been using internally. Decided to open-source it since it adds real value beyond existing tools: Key features: Auto-detection from HTTP traffic - passively finds WP sites + plugins/themes as you browse (no manual enumeration) Comprehensive se... I once worked with a team that had everything automated; scanning, patching, reporting, you name it. On paper, it looked perfect. But when an actual issue slipped through, no one noticed for weeks because everyone assumed “ the tool ” would catch it. And when no one was able to explain \" why \" the b... I am small business owner in construction. I got interested in cloud security recently, started to build my lab, complete tryhackme rooms, watch Professor Messer, I feel like it would make sense to open my own company in this field one day. But for that I will need way more experience besides what I... Hi everyone, I'm following a cybersecurity training at a university (a masterclass module) to get acquainted with the field, out of interest. The course focuses on concepts like SOC's, CTI etc, so it's not a technical course. However we of course talk about available technologies like SIEM, XDR, etc... Steve Lenderman of isolved on Cross-Device Challenges, User Adoption Strategies Steve Lenderman, head of fraud prevention at isolved, discusses the shift to passwordless authentication, addressing adoption challenges across multiple devices, the link between cybersecurity and fraud prevention, and h... AGs Cite Security Failures Leading to Illuminate Education's Late 2021 Data Theft A California-based vendor of software used to collect and analyze student data, including records of children with disabilities and special educational needs, has been fined a total of $5.1 million by the attorneys gen... Background on Sipeed For those unfamiliar, Sipeed is a Shenzhen-based hardware company that manufactures embedded AI systems, RISC-V development boards, and edge computing modules. They're fairly well-known in the maker/embedded systems community for products like: K210 AI accelerator modules MaixSe... Host Rich Stroffolino will be chatting with our guest experts Jacob Coombs and Ross Young about some of the biggest stories that will have an impact on you and your business this week. This is a perfect opportunity to get ready for your next company standup or strategy meeting. Join us and participa... I worked two internships doing various things in security from security awareness and training, vulnerability, some incident response, little bit of enforcing compliance, proactive security, identity and access management, etc. Not a ton of stuff but I did have some great hands on experience. For th... Features: - SQL Injection Detection - XSS Vulnerability Scanning - Security Headers Audit - Professional Reporting Perfect for developers and security researchers. Looking for feedback and contributors! submitted by /u/Necessary-Eagle-7051 [link] [comments] Many of the main big tech companies plop AI onto everything and invest heavily. My cybersecurity companies offer AI security solutions but don’t necessarily build data centers or their own AI models. Do you see cybersecurity companies being more stable than other tech companies when the AI bubble po... Started as a cyber security analyst one year ago (previous job was in the data governance domain). Just got my gcih cert. (I know it's just the pure basics, but it was a fun course to take IMHO) At this moment I manage most alerts and rules in our Siem. Create phishing tests, do some internal assess... Orbital Frontier Is the Next Ungoverned Internet, and We Have Left It Open to Attack The orbital frontier is the next ungoverned internet - a vast, vulnerable network of over 11,000 satellites without a cybersecurity framework. As nations race to commercialize space, we've left the orbit open to att... Hello! I am currently a sophomore at University. I need some advice on what to do for my career. I’m currently studying Cybersecurity for my bachelor’s. This just became a new major and has some small issues. I’m overall not doing great right now academically and don’t know if I need a change. I was... We’ve started noticing how fast cloud risks evolve, especially with AI-driven workloads being deployed everywhere. Traditional security posture management setups are struggling to keep pace, and manual correlation between identity, posture, and runtime feels outdated. Has anyone tested or implemente... Pentagon Formally Rolls Out Long-Awaited Cybersecurity Requirements for Vendors The Department of Defense's final Cybersecurity Maturity Model Certification rule went into effect Monday after years of industry debate, requiring all defense contractors and subcontractors to obtain cybersecurity certi... Emerging threats and security considerations in the era of advanced browser technologies Takeaways AI browsers introduce unique cybersecurity risks, including susceptibility to prompt injection attacks that can extend beyond the browser itself. Malicious prompts could lead to data exfiltration and c... I became a SOC analyst just shy of 2 months ago and have decided to take another offer in another department making the same amount of money/benefits. I feel like a failure. I didn’t get proper training and was constantly stressed about making mistakes. My boss even threatened to fire me once I did ... Hi guys as of the beginning of September, I started my new job and became the sole Vulnerability Manager at my company. Transitioning from a helpdesk role into this position has been quite exciting, especially since I have a background in cybersecurity from my bachelor’s degree. Having the chance to... It is now more common for data to leave companies through copying and paste than through file transfers and uploads, LayerX revealed in its Browser Security Report 2025 . This shift is largely due to generative AI (genAI), with 77% of employees pasting data into AI prompts, and 32% of all copy-paste... I am currently a freshman in college majoring in psychology but (for various reasons) want to change my major. My college offers a BS in cybersecurity & network management and its one of the few other majors that interest me but I have been hearing about how saturated the market is right now as well... Hey HN, I’ve been building CyBox Security a platform that acts like a virtual security team for developers. It combines multiple security scanners into one unified dashboard, covering SAST, SCA, IaC, and Secrets in a single workflow. The idea came after seeing how many small dev teams and startups d... Hi all, looking for some advice from the community. I have an advanced diploma in cybersecurity and digital investigations and several industry certifications (including CHFI, Security+, GFACT, GSEC, GCIH, GPEN, and eCPPTv3). I’ve been working in security operations and engineering roles for a few y... Good day you wonderful people. I'm finding myself in a pickle - or at least very confused. I am not new to Cybersecurity, but still certainly learning. I'm currently in a weird situation. I'm part of a team that gets to upgrade security tooling, and there will be changes in how things are handled to... Before the comments I have sec+, CySA+ and 3 IT & Cyber internships Im sorry to all you cyber students. The industry is beyond cooked I’ve applied to NY,DMV,NC,SC,VA I’ve had 4 interviews and got a reject email from about 30-40 1 for a digital forensics role - 2 interviews, 1 in person and got ghost... Article URL: https://blog.adacore.com/proving-safety-at-scale-spark-risc-v-and-nvidias-security-strategy Comments URL: https://news.ycombinator.com/item?id=45888348 Points: 3 # Comments: 0 CISA ordered U.S. federal agencies today to patch a critical Samsung vulnerability that has been exploited in zero-day attacks to deploy LandFall spyware on devices running WhatsApp. [...] Qilin group ransomware incidents have surged in SMBs, exploiting security gaps and collaborating with Scattered Spider threat group CISA has demanded federal agencies patch a zero-day vulnerability affecting Samsung device",
"x_validation_method": "three-llm-consensus"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--89fe9fd5-2f4c-4c5c-891e-0379e96c0df1",
"created": "2025-11-11T18:18:27.099Z",
"modified": "2025-11-11T18:18:27.099Z",
"relationship_type": "downloads",
"source_ref": "malware--6be03c76-ed62-49ad-8d6a-8d6edc139482",
"target_ref": "malware--bbe568e2-469f-4f6e-894f-9004f60be5a5",
"confidence": 81,
"description": "o Perplexity’s Comet AI browser hidden instructions that allow access to sensitive data from connected services, like email and calendar. In a realistic scenario, no credentia... The malware known as GootLoader has resurfaced yet again after a brief spike in activity earlier this March, according to new findings from Huntress. The cybersecurity company said it observed three GootLoader infections since October 27, 2025, out of which two resulted in hands-on keyboard intrusio... “Security systems fail. When it fails, what do you do?” This critical question from Spire Connect’s Pankaj Sharma set the stage at Gitex 2025 for a conversation with Francois Driessen, the “Human Ambassador” of ADAMnetworks. His core message is blunt: in cybersecurity, even real-time is not fast eno... Nov 11, 2025 - Jeremy Snyder - API Security: Why the Gap Developers and security professionals have different concerns and motivations. It’s easy to see why gaps emerge. The ability to quickly ship new products, features or functionality is a real source of competitive advantage in the digital econo... Researchers aren’t very concerned about the dozens of undisclosed F5 vulnerabilities a nation-state attacker stole during a prolonged attack on F5’s internal systems. Yet, the heist of sensitive intelligence from a widely used vendor’s internal network resembles previous espionage-driven attacks tha... Attackers intercepting network traffic can determine the conversation topic with a chatbot despite end-to-end encrypted communication. The post ‘Whisper Leak’ LLM Side-Channel Attack Infers User Prompt Topics appeared first on SecurityWeek . Nov 11, 2025 - Jeremy Snyder - On April 5, 2023, during UK Cyber Week, our CEO Jeremy Snyder will present, “API security - what is it, why you should care, and how to protect your org”. The session, part of the OT & IT Cyber Security track, will explore the rise of APIs and API-centric cloud archite... Nov 11, 2025 - James Fulton - McLean, Va. – Dec. 14, 2022 — FireTail Inc, a disruptor in API security, announced today it has closed $5 million in early stage financing led by Paladin Capital Group, with participation from Zscaler, General Advance, Secure Octane, and a cadre of high-profile cyber se... SecureIQLab joins forces with Mplify The post SecureIQLab brings independent outcome-based validation to Mplify at Global NaaS Event (GNE) appeared first on SecureIQ Lab . The post SecureIQLab brings independent outcome-based validation to Mplify at Global NaaS Event (GNE) appeared first on Security... This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 11, 2025 – Listen to the podcast Online romance fraud is a problem across the globe. It causes financial and emotional devastation, yet many people refuse to take it seriously. “ Keanu Reeves is Not in Love W... Nov 11, 2025 - Jeremy Snyder - Over the last few years, web application attacks have become one of the leading causes of data breaches, making web application security increasingly important for overall security posture. In fact, web application attacks were involved in 26% of all breaches in 2022 a... What is Encoding? Encoding is a process of transforming the data into different parameters to enhance its compatibility, usefulness, and to transmit it through various systems and applications. Therefore, the main purpose of encoding is not security for data but rather compatibility that makes data ... This vulnerability allows local attackers to escalate privileges on affected installations of Autodesk On-Demand Install Services. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The follo... Nov 11, 2025 - Jeremy Snyder - McLean, Va. - Jan. 24, 2023 - FireTail Inc., a disruptor in API security, today announced the appointment of Timo Rüppell to the executive leadership team as Vice President of Product. In conjunction with bringing Rüppell on board, FireTail also opened a new company of... A threat actor has exploited the issue to create a new administrator account and then used the account to execute remote access tools. The post Critical Triofox Vulnerability Exploited in the Wild appeared first on SecurityWeek . Nov 11, 2025 - - FireTail is on a mission to secure the world’s APIs by making API security as simple as import, setup, done. We officially launched the company back in February 2022 with a passion for helping organizations secure their APIs as they grow their cloud presence. As of the beginning of ... Veterans Day Poster Competition - via The United States Department of Veteran's Affairs: Veterans Day Poster Competition - Each year the Veterans Day National Committee publishes a commemorative Veterans Day poster. The Committee selects a poster from artwork submitted by artists nationwide. Over th... AI-driven automation is transforming cloud security by detecting anomalies in real time, and enabling intelligent threat response. The post Cloud Security Automation: Using AI to Strengthen Defenses and Response appeared first on Security Boulevard . SAP has released its November security updates that address multiple security vulnerabilities, including a maximum severity flaw in the non-GUI variant of the SQL Anywhere Monitor and a critical code injection issue in the Solution Manager platform. [...] Konni, a subset of the state-sponsored DPRK cyberespionage group, first exploits Google Find Hub, which ironically aims to protect lost Android devices, to remotely wipe devices. Nov 11, 2025 - Jeremy Snyder - IDOR Attacks: Common And Deadly IDOR attacks, or Insecure Direct Object Reference (IDOR) attacks, are one of the most common and costly forms of API breach. In an IDOR attack, hackers directly reference internal objects in a web application that uses APIs1. IDOR attack... Are Your NHIs in Hybrid Cloud Environments Truly Secure? Is your organization leveraging the benefits of a hybrid cloud environment while ensuring the security of its Non-Human Identities? NHIs, or machine identities, are increasingly pivotal where organizations shift more operations to the cloud. Y... Mozilla has implemented fresh fingerprinting protections to prevent hidden trackers from identifying Firefox users. The post New Firefox Protections Halve the Number of Trackable Users appeared first on SecurityWeek . A new cyber-attack has been observed exploiting Google Find Hub to remotely wipe Android devices, linked to North Korean APTs Hardcoded credentials in SQL Anywhere Monitor could allow attackers to execute arbitrary code on vulnerable deployments. The post SAP Patches Critical Flaws in SQL Anywhere Monitor, Solution Manager appeared first on SecurityWeek . Discover DataDome’s Q3 2025 product & platform updates, including AI-driven fraud defense, adaptive protection, and new tools to control, monetize, and secure evolving AI traffic. The post AI, Adaptability, & Ease: What’s New in DataDome’s Q3 2025 Platform Updates appeared first on Security Boulevar... Enforcement of the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) requirements started on November 10, 2025. The post CMMC Live: Pentagon Demands Verified Cybersecurity From Contractors appeared first on SecurityWeek . Threat actors were exploiting vulnerable versions of Triofox after a patched version was released, said Google Cloud researchers I am working on my final project for a Cybersecurity certificate. The topic of the project is remote code execution. The incident i'm reporting on involves a team of ethical hackers gaining access to a file management server using a block of JSON. This block of JSON contains an action parameter that... Built a Burp extension for WordPress pentesting that I've been using internally. Decided to open-source it since it adds real value beyond existing tools: Key features: Auto-detection from HTTP traffic - passively finds WP sites + plugins/themes as you browse (no manual enumeration) Comprehensive se... I once worked with a team that had everything automated; scanning, patching, reporting, you name it. On paper, it looked perfect. But when an actual issue slipped through, no one noticed for weeks because everyone assumed “ the tool ” would catch it. And when no one was able to explain \" why \" the b... I am small business owner in construction. I got interested in cloud security recently, started to build my lab, complete tryhackme rooms, watch Professor Messer, I feel like it would make sense to open my own company in this field one day. But for that I will need way more experience besides what I... Hi everyone, I'm following a cybersecurity training at a university (a masterclass module) to get acquainted with the field, out of interest. The course focuses on concepts like SOC's, CTI etc, so it's not a technical course. However we of course talk about available technologies like SIEM, XDR, etc... Steve Lenderman of isolved on Cross-Device Challenges, User Adoption Strategies Steve Lenderman, head of fraud prevention at isolved, discusses the shift to passwordless authentication, addressing adoption challenges across multiple devices, the link between cybersecurity and fraud prevention, and h... AGs Cite Security Failures Leading to Illuminate Education's Late 2021 Data Theft A California-based vendor of software used to collect and analyze student data, including records of children with disabilities and special educational needs, has been fined a total of $5.1 million by the attorneys gen... Background on Sipeed For those unfamiliar, Sipeed is a Shenzhen-based hardware company that manufactures embedded AI systems, RISC-V development boards, and edge computing modules. They're fairly well-known in the maker/embedded systems community for products like: K210 AI accelerator modules MaixSe... Host Rich Stroffolino will be chatting with our guest experts Jacob Coombs and Ross Young about some of the biggest stories that will have an impact on you and your business this week. This is a perfect opportunity to get ready for your next company standup or strategy meeting. Join us and participa... I worked two internships doing various things in security from security awareness and training, vulnerability, some incident response, little bit of enforcing compliance, proactive security, identity and access management, etc. Not a ton of stuff but I did have some great hands on experience. For th... Features: - SQL Injection Detection - XSS Vulnerability Scanning - Security Headers Audit - Professional Reporting Perfect for developers and security researchers. Looking for feedback and contributors! submitted by /u/Necessary-Eagle-7051 [link] [comments] Many of the main big tech companies plop AI onto everything and invest heavily. My cybersecurity companies offer AI security solutions but don’t necessarily build data centers or their own AI models. Do you see cybersecurity companies being more stable than other tech companies when the AI bubble po... Started as a cyber security analyst one year ago (previous job was in the data governance domain). Just got my gcih cert. (I know it's just the pure basics, but it was a fun course to take IMHO) At this moment I manage most alerts and rules in our Siem. Create phishing tests, do some internal assess... Orbital Frontier Is the Next Ungoverned Internet, and We Have Left It Open to Attack The orbital frontier is the next ungoverned internet - a vast, vulnerable network of over 11,000 satellites without a cybersecurity framework. As nations race to commercialize space, we've left the orbit open to att... Hello! I am currently a sophomore at University. I need some advice on what to do for my career. I’m currently studying Cybersecurity for my bachelor’s. This just became a new major and has some small issues. I’m overall not doing great right now academically and don’t know if I need a change. I was... We’ve started noticing how fast cloud risks evolve, especially with AI-driven workloads being deployed everywhere. Traditional security posture management setups are struggling to keep pace, and manual correlation between identity, posture, and runtime feels outdated. Has anyone tested or implemente... Pentagon Formally Rolls Out Long-Awaited Cybersecurity Requirements for Vendors The Department of Defense's final Cybersecurity Maturity Model Certification rule went into effect Monday after years of industry debate, requiring all defense contractors and subcontractors to obtain cybersecurity certi... Emerging threats and security considerations in the era of advanced browser technologies Takeaways AI browsers introduce unique cybersecurity risks, including susceptibility to prompt injection attacks that can extend beyond the browser itself. Malicious prompts could lead to data exfiltration and c... I became a SOC analyst just shy of 2 months ago and have decided to take another offer in another department making the same amount of money/benefits. I feel like a failure. I didn’t get proper training and was constantly stressed about making mistakes. My boss even threatened to fire me once I did ... Hi guys as of the beginning of September, I started my new job and became the sole Vulnerability Manager at my company. Transitioning from a helpdesk role into this position has been quite exciting, especially since I have a background in cybersecurity from my bachelor’s degree. Having the chance to... It is now more common for data to leave companies through copying and paste than through file transfers and uploads, LayerX revealed in its Browser Security Report 2025 . This shift is largely due to generative AI (genAI), with 77% of employees pasting data into AI prompts, and 32% of all copy-paste... I am currently a freshman in college majoring in psychology but (for various reasons) want to change my major. My college offers a BS in cybersecurity & network management and its one of the few other majors that interest me but I have been hearing about how saturated the market is right now as well... Hey HN, I’ve been building CyBox Security a platform that acts like a virtual security team for developers. It combines multiple security scanners into one unified dashboard, covering SAST, SCA, IaC, and Secrets in a single workflow. The idea came after seeing how many small dev teams and startups d... Hi all, looking for some advice from the community. I have an advanced diploma in cybersecurity and digital investigations and several industry certifications (including CHFI, Security+, GFACT, GSEC, GCIH, GPEN, and eCPPTv3). I’ve been working in security operations and engineering roles for a few y... Good day you wonderful people. I'm finding myself in a pickle - or at least very confused. I am not new to Cybersecurity, but still certainly learning. I'm currently in a weird situation. I'm part of a team that gets to upgrade security tooling, and there will be changes in how things are handled to... Before the comments I have sec+, CySA+ and 3 IT & Cyber internships Im sorry to all you cyber students. The industry is beyond cooked I’ve applied to NY,DMV,NC,SC,VA I’ve had 4 interviews and got a reject email from about 30-40 1 for a digital forensics role - 2 interviews, 1 in person and got ghost... Article URL: https://blog.adacore.com/proving-safety-at-scale-spark-risc-v-and-nvidias-security-strategy Comments URL: https://news.ycombinator.com/item?id=45888348 Points: 3 # Comments: 0 CISA ordered U.S. federal agencies today to patch a critical Samsung vulnerability that has been exploited in zero-day attacks to deploy LandFall spyware on devices running WhatsApp. [...] Qilin group ransomware incidents have surged in SMBs, exploiting security gaps and collaborating with Scattered Spider threat group CISA has demanded federal agencies patch a zero-day vulnerability affecting Samsung device",
"x_validation_method": "three-llm-consensus"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--421f0b68-9129-42a1-81bd-1120a9543550",
"created": "2025-11-11T18:18:27.099Z",
"modified": "2025-11-11T18:18:27.099Z",
"relationship_type": "drops",
"source_ref": "malware--6be03c76-ed62-49ad-8d6a-8d6edc139482",
"target_ref": "malware--bbe568e2-469f-4f6e-894f-9004f60be5a5",
"confidence": 80,
"description": "o Perplexity’s Comet AI browser hidden instructions that allow access to sensitive data from connected services, like email and calendar. In a realistic scenario, no credentia... The malware known as GootLoader has resurfaced yet again after a brief spike in activity earlier this March, according to new findings from Huntress. The cybersecurity company said it observed three GootLoader infections since October 27, 2025, out of which two resulted in hands-on keyboard intrusio... “Security systems fail. When it fails, what do you do?” This critical question from Spire Connect’s Pankaj Sharma set the stage at Gitex 2025 for a conversation with Francois Driessen, the “Human Ambassador” of ADAMnetworks. His core message is blunt: in cybersecurity, even real-time is not fast eno... Nov 11, 2025 - Jeremy Snyder - API Security: Why the Gap Developers and security professionals have different concerns and motivations. It’s easy to see why gaps emerge. The ability to quickly ship new products, features or functionality is a real source of competitive advantage in the digital econo... Researchers aren’t very concerned about the dozens of undisclosed F5 vulnerabilities a nation-state attacker stole during a prolonged attack on F5’s internal systems. Yet, the heist of sensitive intelligence from a widely used vendor’s internal network resembles previous espionage-driven attacks tha... Attackers intercepting network traffic can determine the conversation topic with a chatbot despite end-to-end encrypted communication. The post ‘Whisper Leak’ LLM Side-Channel Attack Infers User Prompt Topics appeared first on SecurityWeek . Nov 11, 2025 - Jeremy Snyder - On April 5, 2023, during UK Cyber Week, our CEO Jeremy Snyder will present, “API security - what is it, why you should care, and how to protect your org”. The session, part of the OT & IT Cyber Security track, will explore the rise of APIs and API-centric cloud archite... Nov 11, 2025 - James Fulton - McLean, Va. – Dec. 14, 2022 — FireTail Inc, a disruptor in API security, announced today it has closed $5 million in early stage financing led by Paladin Capital Group, with participation from Zscaler, General Advance, Secure Octane, and a cadre of high-profile cyber se... SecureIQLab joins forces with Mplify The post SecureIQLab brings independent outcome-based validation to Mplify at Global NaaS Event (GNE) appeared first on SecureIQ Lab . The post SecureIQLab brings independent outcome-based validation to Mplify at Global NaaS Event (GNE) appeared first on Security... This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 11, 2025 – Listen to the podcast Online romance fraud is a problem across the globe. It causes financial and emotional devastation, yet many people refuse to take it seriously. “ Keanu Reeves is Not in Love W... Nov 11, 2025 - Jeremy Snyder - Over the last few years, web application attacks have become one of the leading causes of data breaches, making web application security increasingly important for overall security posture. In fact, web application attacks were involved in 26% of all breaches in 2022 a... What is Encoding? Encoding is a process of transforming the data into different parameters to enhance its compatibility, usefulness, and to transmit it through various systems and applications. Therefore, the main purpose of encoding is not security for data but rather compatibility that makes data ... This vulnerability allows local attackers to escalate privileges on affected installations of Autodesk On-Demand Install Services. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The follo... Nov 11, 2025 - Jeremy Snyder - McLean, Va. - Jan. 24, 2023 - FireTail Inc., a disruptor in API security, today announced the appointment of Timo Rüppell to the executive leadership team as Vice President of Product. In conjunction with bringing Rüppell on board, FireTail also opened a new company of... A threat actor has exploited the issue to create a new administrator account and then used the account to execute remote access tools. The post Critical Triofox Vulnerability Exploited in the Wild appeared first on SecurityWeek . Nov 11, 2025 - - FireTail is on a mission to secure the world’s APIs by making API security as simple as import, setup, done. We officially launched the company back in February 2022 with a passion for helping organizations secure their APIs as they grow their cloud presence. As of the beginning of ... Veterans Day Poster Competition - via The United States Department of Veteran's Affairs: Veterans Day Poster Competition - Each year the Veterans Day National Committee publishes a commemorative Veterans Day poster. The Committee selects a poster from artwork submitted by artists nationwide. Over th... AI-driven automation is transforming cloud security by detecting anomalies in real time, and enabling intelligent threat response. The post Cloud Security Automation: Using AI to Strengthen Defenses and Response appeared first on Security Boulevard . SAP has released its November security updates that address multiple security vulnerabilities, including a maximum severity flaw in the non-GUI variant of the SQL Anywhere Monitor and a critical code injection issue in the Solution Manager platform. [...] Konni, a subset of the state-sponsored DPRK cyberespionage group, first exploits Google Find Hub, which ironically aims to protect lost Android devices, to remotely wipe devices. Nov 11, 2025 - Jeremy Snyder - IDOR Attacks: Common And Deadly IDOR attacks, or Insecure Direct Object Reference (IDOR) attacks, are one of the most common and costly forms of API breach. In an IDOR attack, hackers directly reference internal objects in a web application that uses APIs1. IDOR attack... Are Your NHIs in Hybrid Cloud Environments Truly Secure? Is your organization leveraging the benefits of a hybrid cloud environment while ensuring the security of its Non-Human Identities? NHIs, or machine identities, are increasingly pivotal where organizations shift more operations to the cloud. Y... Mozilla has implemented fresh fingerprinting protections to prevent hidden trackers from identifying Firefox users. The post New Firefox Protections Halve the Number of Trackable Users appeared first on SecurityWeek . A new cyber-attack has been observed exploiting Google Find Hub to remotely wipe Android devices, linked to North Korean APTs Hardcoded credentials in SQL Anywhere Monitor could allow attackers to execute arbitrary code on vulnerable deployments. The post SAP Patches Critical Flaws in SQL Anywhere Monitor, Solution Manager appeared first on SecurityWeek . Discover DataDome’s Q3 2025 product & platform updates, including AI-driven fraud defense, adaptive protection, and new tools to control, monetize, and secure evolving AI traffic. The post AI, Adaptability, & Ease: What’s New in DataDome’s Q3 2025 Platform Updates appeared first on Security Boulevar... Enforcement of the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) requirements started on November 10, 2025. The post CMMC Live: Pentagon Demands Verified Cybersecurity From Contractors appeared first on SecurityWeek . Threat actors were exploiting vulnerable versions of Triofox after a patched version was released, said Google Cloud researchers I am working on my final project for a Cybersecurity certificate. The topic of the project is remote code execution. The incident i'm reporting on involves a team of ethical hackers gaining access to a file management server using a block of JSON. This block of JSON contains an action parameter that... Built a Burp extension for WordPress pentesting that I've been using internally. Decided to open-source it since it adds real value beyond existing tools: Key features: Auto-detection from HTTP traffic - passively finds WP sites + plugins/themes as you browse (no manual enumeration) Comprehensive se... I once worked with a team that had everything automated; scanning, patching, reporting, you name it. On paper, it looked perfect. But when an actual issue slipped through, no one noticed for weeks because everyone assumed “ the tool ” would catch it. And when no one was able to explain \" why \" the b... I am small business owner in construction. I got interested in cloud security recently, started to build my lab, complete tryhackme rooms, watch Professor Messer, I feel like it would make sense to open my own company in this field one day. But for that I will need way more experience besides what I... Hi everyone, I'm following a cybersecurity training at a university (a masterclass module) to get acquainted with the field, out of interest. The course focuses on concepts like SOC's, CTI etc, so it's not a technical course. However we of course talk about available technologies like SIEM, XDR, etc... Steve Lenderman of isolved on Cross-Device Challenges, User Adoption Strategies Steve Lenderman, head of fraud prevention at isolved, discusses the shift to passwordless authentication, addressing adoption challenges across multiple devices, the link between cybersecurity and fraud prevention, and h... AGs Cite Security Failures Leading to Illuminate Education's Late 2021 Data Theft A California-based vendor of software used to collect and analyze student data, including records of children with disabilities and special educational needs, has been fined a total of $5.1 million by the attorneys gen... Background on Sipeed For those unfamiliar, Sipeed is a Shenzhen-based hardware company that manufactures embedded AI systems, RISC-V development boards, and edge computing modules. They're fairly well-known in the maker/embedded systems community for products like: K210 AI accelerator modules MaixSe... Host Rich Stroffolino will be chatting with our guest experts Jacob Coombs and Ross Young about some of the biggest stories that will have an impact on you and your business this week. This is a perfect opportunity to get ready for your next company standup or strategy meeting. Join us and participa... I worked two internships doing various things in security from security awareness and training, vulnerability, some incident response, little bit of enforcing compliance, proactive security, identity and access management, etc. Not a ton of stuff but I did have some great hands on experience. For th... Features: - SQL Injection Detection - XSS Vulnerability Scanning - Security Headers Audit - Professional Reporting Perfect for developers and security researchers. Looking for feedback and contributors! submitted by /u/Necessary-Eagle-7051 [link] [comments] Many of the main big tech companies plop AI onto everything and invest heavily. My cybersecurity companies offer AI security solutions but don’t necessarily build data centers or their own AI models. Do you see cybersecurity companies being more stable than other tech companies when the AI bubble po... Started as a cyber security analyst one year ago (previous job was in the data governance domain). Just got my gcih cert. (I know it's just the pure basics, but it was a fun course to take IMHO) At this moment I manage most alerts and rules in our Siem. Create phishing tests, do some internal assess... Orbital Frontier Is the Next Ungoverned Internet, and We Have Left It Open to Attack The orbital frontier is the next ungoverned internet - a vast, vulnerable network of over 11,000 satellites without a cybersecurity framework. As nations race to commercialize space, we've left the orbit open to att... Hello! I am currently a sophomore at University. I need some advice on what to do for my career. I’m currently studying Cybersecurity for my bachelor’s. This just became a new major and has some small issues. I’m overall not doing great right now academically and don’t know if I need a change. I was... We’ve started noticing how fast cloud risks evolve, especially with AI-driven workloads being deployed everywhere. Traditional security posture management setups are struggling to keep pace, and manual correlation between identity, posture, and runtime feels outdated. Has anyone tested or implemente... Pentagon Formally Rolls Out Long-Awaited Cybersecurity Requirements for Vendors The Department of Defense's final Cybersecurity Maturity Model Certification rule went into effect Monday after years of industry debate, requiring all defense contractors and subcontractors to obtain cybersecurity certi... Emerging threats and security considerations in the era of advanced browser technologies Takeaways AI browsers introduce unique cybersecurity risks, including susceptibility to prompt injection attacks that can extend beyond the browser itself. Malicious prompts could lead to data exfiltration and c... I became a SOC analyst just shy of 2 months ago and have decided to take another offer in another department making the same amount of money/benefits. I feel like a failure. I didn’t get proper training and was constantly stressed about making mistakes. My boss even threatened to fire me once I did ... Hi guys as of the beginning of September, I started my new job and became the sole Vulnerability Manager at my company. Transitioning from a helpdesk role into this position has been quite exciting, especially since I have a background in cybersecurity from my bachelor’s degree. Having the chance to... It is now more common for data to leave companies through copying and paste than through file transfers and uploads, LayerX revealed in its Browser Security Report 2025 . This shift is largely due to generative AI (genAI), with 77% of employees pasting data into AI prompts, and 32% of all copy-paste... I am currently a freshman in college majoring in psychology but (for various reasons) want to change my major. My college offers a BS in cybersecurity & network management and its one of the few other majors that interest me but I have been hearing about how saturated the market is right now as well... Hey HN, I’ve been building CyBox Security a platform that acts like a virtual security team for developers. It combines multiple security scanners into one unified dashboard, covering SAST, SCA, IaC, and Secrets in a single workflow. The idea came after seeing how many small dev teams and startups d... Hi all, looking for some advice from the community. I have an advanced diploma in cybersecurity and digital investigations and several industry certifications (including CHFI, Security+, GFACT, GSEC, GCIH, GPEN, and eCPPTv3). I’ve been working in security operations and engineering roles for a few y... Good day you wonderful people. I'm finding myself in a pickle - or at least very confused. I am not new to Cybersecurity, but still certainly learning. I'm currently in a weird situation. I'm part of a team that gets to upgrade security tooling, and there will be changes in how things are handled to... Before the comments I have sec+, CySA+ and 3 IT & Cyber internships Im sorry to all you cyber students. The industry is beyond cooked I’ve applied to NY,DMV,NC,SC,VA I’ve had 4 interviews and got a reject email from about 30-40 1 for a digital forensics role - 2 interviews, 1 in person and got ghost... Article URL: https://blog.adacore.com/proving-safety-at-scale-spark-risc-v-and-nvidias-security-strategy Comments URL: https://news.ycombinator.com/item?id=45888348 Points: 3 # Comments: 0 CISA ordered U.S. federal agencies today to patch a critical Samsung vulnerability that has been exploited in zero-day attacks to deploy LandFall spyware on devices running WhatsApp. [...] Qilin group ransomware incidents have surged in SMBs, exploiting security gaps and collaborating with Scattered Spider threat group CISA has demanded federal agencies patch a zero-day vulnerability affecting Samsung device",
"x_validation_method": "three-llm-consensus"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--bd4eb690-2e6c-4b16-8e3a-9c808b2319d2",
"created": "2025-11-11T18:18:27.099Z",
"modified": "2025-11-11T18:18:27.099Z",
"relationship_type": "uses",
"source_ref": "intrusion-set--7ff82b53-a7ae-4331-be8f-9624439d3106",
"target_ref": "malware--bbe568e2-469f-4f6e-894f-9004f60be5a5",
"confidence": 87,
"description": "ISA ordered U.S. federal agencies today to patch a critical Samsung vulnerability that has been exploited in zero-day attacks to deploy LandFall spyware on devices running WhatsApp. [...] Qilin group ransomware incidents have surged in SMBs, exploiting security gaps and collaborating with Scattered Spider threat group CISA has demanded federal agencies patch a zero-day vulnerability affecting Samsung devices used in LandFall spyware attacks",
"x_validation_method": "three-llm-consensus"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--4cc52dba-39a8-4e9a-9c7d-d0029380708a",
"created": "2025-11-11T18:18:27.099Z",
"modified": "2025-11-11T18:18:27.099Z",
"relationship_type": "uses",
"source_ref": "threat-actor--26eca839-6996-4355-b556-31d7e4bd0671",
"target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c",
"confidence": 75,
"description": "MITRE ATT&CK mapping: the lazarus group uses spearphishing attachment (T1566.001)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--d45b1070-fa5c-4592-abeb-d4065764ea1c",
"created": "2025-11-11T18:18:27.099Z",
"modified": "2025-11-11T18:18:27.099Z",
"relationship_type": "uses",
"source_ref": "threat-actor--26eca839-6996-4355-b556-31d7e4bd0671",
"target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d",
"confidence": 75,
"description": "MITRE ATT&CK mapping: the lazarus group uses command and scripting interpreter (T1059)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--b458ef1e-45c2-4742-9b78-3f7ba415fa58",
"created": "2025-11-11T18:18:27.099Z",
"modified": "2025-11-11T18:18:27.099Z",
"relationship_type": "uses",
"source_ref": "threat-actor--26eca839-6996-4355-b556-31d7e4bd0671",
"target_ref": "attack-pattern--13fc9cbe-9444-4eba-872b-a44565ae3ab7",
"confidence": 85,
"description": "MITRE ATT&CK mapping: the lazarus group uses supply chain compromise (T1195)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a90af1c5-f990-408d-af99-814187564e96",
"created": "2025-11-11T18:18:27.099Z",
"modified": "2025-11-11T18:18:27.099Z",
"relationship_type": "uses",
"source_ref": "threat-actor--ff08fc2e-94c4-4b43-9534-46cf3ca829d7",
"target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c",
"confidence": 75,
"description": "MITRE ATT&CK mapping: callisto/star blizzard/unc4057 uses spearphishing attachment (T1566.001)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--2a65e2d8-9cf9-49bc-9a65-2f3874469f98",
"created": "2025-11-11T18:18:27.099Z",
"modified": "2025-11-11T18:18:27.099Z",
"relationship_type": "uses",
"source_ref": "threat-actor--ff08fc2e-94c4-4b43-9534-46cf3ca829d7",
"target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d",
"confidence": 75,
"description": "MITRE ATT&CK mapping: callisto/star blizzard/unc4057 uses command and scripting interpreter (T1059)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--7e4648fb-0a45-447f-8b95-68df314a0102",
"created": "2025-11-11T18:18:27.099Z",
"modified": "2025-11-11T18:18:27.099Z",
"relationship_type": "uses",
"source_ref": "threat-actor--d31be0f2-c18f-47fc-8c98-44257348d6ca",
"target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c",
"confidence": 75,
"description": "MITRE ATT&CK mapping: lulzsec uses spearphishing attachment (T1566.001)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--478e87eb-29be-4cf8-ba0c-e1fae6d747ac",
"created": "2025-11-11T18:18:27.099Z",
"modified": "2025-11-11T18:18:27.099Z",
"relationship_type": "uses",
"source_ref": "threat-actor--d31be0f2-c18f-47fc-8c98-44257348d6ca",
"target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d",
"confidence": 75,
"description": "MITRE ATT&CK mapping: lulzsec uses command and scripting interpreter (T1059)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--e4f712e6-e66c-4c5c-a685-4c8521dfd440",
"created": "2025-11-11T18:18:27.099Z",
"modified": "2025-11-11T18:18:27.099Z",
"relationship_type": "uses",
"source_ref": "threat-actor--632cf54c-908b-4cc4-aed0-0d1937468924",
"target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c",
"confidence": 75,
"description": "MITRE ATT&CK mapping: charming kitten uses spearphishing attachment (T1566.001)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a7b9569f-5194-4205-ae74-68c7814ce42b",
"created": "2025-11-11T18:18:27.100Z",
"modified": "2025-11-11T18:18:27.100Z",
"relationship_type": "uses",
"source_ref": "threat-actor--632cf54c-908b-4cc4-aed0-0d1937468924",
"target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d",
"confidence": 75,
"description": "MITRE ATT&CK mapping: charming kitten uses command and scripting interpreter (T1059)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--226f02d7-ea42-49bc-bb26-71dad99c6656",
"created": "2025-11-11T18:18:27.100Z",
"modified": "2025-11-11T18:18:27.100Z",
"relationship_type": "uses",
"source_ref": "threat-actor--4252968b-3f54-481e-bb3b-2e3b30c275e3",
"target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c",
"confidence": 75,
"description": "MITRE ATT&CK mapping: lazarus uses spearphishing attachment (T1566.001)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--039f2586-20d0-438f-9a04-e09d151f0b9f",
"created": "2025-11-11T18:18:27.100Z",
"modified": "2025-11-11T18:18:27.100Z",
"relationship_type": "uses",
"source_ref": "threat-actor--4252968b-3f54-481e-bb3b-2e3b30c275e3",
"target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d",
"confidence": 75,
"description": "MITRE ATT&CK mapping: lazarus uses command and scripting interpreter (T1059)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--f47fd71f-63d6-4203-b9aa-be7ad18cf584",
"created": "2025-11-11T18:18:27.100Z",
"modified": "2025-11-11T18:18:27.100Z",
"relationship_type": "uses",
"source_ref": "threat-actor--4252968b-3f54-481e-bb3b-2e3b30c275e3",
"target_ref": "attack-pattern--13fc9cbe-9444-4eba-872b-a44565ae3ab7",
"confidence": 85,
"description": "MITRE ATT&CK mapping: lazarus uses supply chain compromise (T1195)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--e667dac5-9ac0-432b-a288-55d91dfd40b7",
"created": "2025-11-11T18:18:27.100Z",
"modified": "2025-11-11T18:18:27.100Z",
"relationship_type": "uses",
"source_ref": "intrusion-set--7ff82b53-a7ae-4331-be8f-9624439d3106",
"target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c",
"confidence": 75,
"description": "MITRE ATT&CK mapping: scattered spider uses spearphishing attachment (T1566.001)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--ae383eda-fa56-4f5d-a6a5-00eb1602c657",
"created": "2025-11-11T18:18:27.100Z",
"modified": "2025-11-11T18:18:27.100Z",
"relationship_type": "uses",
"source_ref": "intrusion-set--7ff82b53-a7ae-4331-be8f-9624439d3106",
"target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d",
"confidence": 75,
"description": "MITRE ATT&CK mapping: scattered spider uses command and scripting interpreter (T1059)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--001b8fdd-70de-480c-a729-18c50a482abd",
"created": "2025-11-11T18:18:27.100Z",
"modified": "2025-11-11T18:18:27.100Z",
"relationship_type": "uses",
"source_ref": "threat-actor--2607de8b-b3f2-45d2-beb8-6277dfbeb4b9",
"target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c",
"confidence": 75,
"description": "MITRE ATT&CK mapping: cl0p uses spearphishing attachment (T1566.001)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--e557d537-f28f-4eb5-b427-9c5256b0c4b9",
"created": "2025-11-11T18:18:27.100Z",
"modified": "2025-11-11T18:18:27.100Z",
"relationship_type": "uses",
"source_ref": "threat-actor--2607de8b-b3f2-45d2-beb8-6277dfbeb4b9",
"target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d",
"confidence": 75,
"description": "MITRE ATT&CK mapping: cl0p uses command and scripting interpreter (T1059)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a06f9ad6-9563-40d4-ac15-f6d662485a9b",
"created": "2025-11-11T18:18:27.100Z",
"modified": "2025-11-11T18:18:27.100Z",
"relationship_type": "uses",
"source_ref": "threat-actor--1c24883b-5440-48be-89b4-b0c9d2b0646b",
"target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c",
"confidence": 75,
"description": "MITRE ATT&CK mapping: shinyhunters uses spearphishing attachment (T1566.001)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--b3065810-0273-4c68-a768-f4511e01f449",
"created": "2025-11-11T18:18:27.100Z",
"modified": "2025-11-11T18:18:27.100Z",
"relationship_type": "uses",
"source_ref": "threat-actor--1c24883b-5440-48be-89b4-b0c9d2b0646b",
"target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d",
"confidence": 75,
"description": "MITRE ATT&CK mapping: shinyhunters uses command and scripting interpreter (T1059)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--f0db9cf3-accc-40e0-855b-34b8abb406ee",
"created": "2025-11-11T18:18:27.100Z",
"modified": "2025-11-11T18:18:27.100Z",
"relationship_type": "uses",
"source_ref": "threat-actor--aed4bc51-33b0-4736-bcb7-17aea7c56aa9",
"target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c",
"confidence": 75,
"description": "MITRE ATT&CK mapping: qilin uses spearphishing attachment (T1566.001)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--ef380bb4-a1d1-45a3-9b4e-166df91db297",
"created": "2025-11-11T18:18:27.100Z",
"modified": "2025-11-11T18:18:27.100Z",
"relationship_type": "uses",
"source_ref": "threat-actor--aed4bc51-33b0-4736-bcb7-17aea7c56aa9",
"target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d",
"confidence": 75,
"description": "MITRE ATT&CK mapping: qilin uses command and scripting interpreter (T1059)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--fd5300f3-62e5-49af-bdbd-64ad6adc7077",
"created": "2025-11-11T18:18:27.100Z",
"modified": "2025-11-11T18:18:27.100Z",
"relationship_type": "uses",
"source_ref": "threat-actor--59aae272-74d1-4419-b6d7-48ca8d0af280",
"target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c",
"confidence": 75,
"description": "MITRE ATT&CK mapping: qilin group uses spearphishing attachment (T1566.001)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--bffbfa5c-c8dd-47ce-86b4-1139983440e7",
"created": "2025-11-11T18:18:27.100Z",
"modified": "2025-11-11T18:18:27.100Z",
"relationship_type": "uses",
"source_ref": "threat-actor--59aae272-74d1-4419-b6d7-48ca8d0af280",
"target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d",
"confidence": 75,
"description": "MITRE ATT&CK mapping: qilin group uses command and scripting interpreter (T1059)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--34831c39-e91d-4ec8-8364-6bdd6e6902fc",
"created": "2025-11-11T18:18:27.100Z",
"modified": "2025-11-11T18:18:27.100Z",
"relationship_type": "uses",
"source_ref": "threat-actor--fa23fba6-5aba-458c-b415-59ec946c866d",
"target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c",
"confidence": 75,
"description": "MITRE ATT&CK mapping: aleksei olegovich volkov uses spearphishing attachment (T1566.001)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--ab643444-8335-4076-ba7d-d127ba1d886f",
"created": "2025-11-11T18:18:27.100Z",
"modified": "2025-11-11T18:18:27.100Z",
"relationship_type": "uses",
"source_ref": "threat-actor--fa23fba6-5aba-458c-b415-59ec946c866d",
"target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d",
"confidence": 75,
"description": "MITRE ATT&CK mapping: aleksei olegovich volkov uses command and scripting interpreter (T1059)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--fee4953c-91e0-47af-869b-e5a272bc8ab1",
"created": "2025-11-11T18:18:27.100Z",
"modified": "2025-11-11T18:18:27.100Z",
"relationship_type": "uses",
"source_ref": "threat-actor--d61efa5c-464b-456c-a119-3d0fa06440fc",
"target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c",
"confidence": 75,
"description": "MITRE ATT&CK mapping: chubaka.kor uses spearphishing attachment (T1566.001)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--ee082206-7049-4be7-9ee2-9164622fbc2c",
"created": "2025-11-11T18:18:27.100Z",
"modified": "2025-11-11T18:18:27.100Z",
"relationship_type": "uses",
"source_ref": "threat-actor--d61efa5c-464b-456c-a119-3d0fa06440fc",
"target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d",
"confidence": 75,
"description": "MITRE ATT&CK mapping: chubaka.kor uses command and scripting interpreter (T1059)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--12453789-85a8-4f4a-9c26-8e5d8c31ab46",
"created": "2025-11-11T18:18:27.100Z",
"modified": "2025-11-11T18:18:27.100Z",
"relationship_type": "uses",
"source_ref": "threat-actor--a2bc0cc6-3e55-464a-9a42-f48e7d9b9fd5",
"target_ref": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c",
"confidence": 75,
"description": "MITRE ATT&CK mapping: dragonforce uses spearphishing attachment (T1566.001)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--75cc2e7d-206d-459c-9831-d46b0ae0d05e",
"created": "2025-11-11T18:18:27.100Z",
"modified": "2025-11-11T18:18:27.100Z",
"relationship_type": "uses",
"source_ref": "threat-actor--a2bc0cc6-3e55-464a-9a42-f48e7d9b9fd5",
"target_ref": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d",
"confidence": 75,
"description": "MITRE ATT&CK mapping: dragonforce uses command and scripting interpreter (T1059)",
"x_validation_method": "mitre-mapper"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--9184c6cc-9c7e-427e-a936-996525becc69",
"created": "2025-11-11T18:18:27.101Z",
"modified": "2025-11-11T18:18:27.101Z",
"relationship_type": "mitigated-by",
"source_ref": "vulnerability--a9612828-7f11-4309-be11-9f187e26e457",
"target_ref": "course-of-action--9948bd21-35de-4c68-90f0-ac553920d7f7",
"description": "CVE-2025-12480 is mitigated by Mitigate CVE-2025-12480"
}
]
}
California-based Organizations (CCPA)
QUIET
CRITICAL ITEMS
HIGH SEVERITY ITEMS
EXECUTIVE INSIGHTS
VENDOR SPOTLIGHT
DETECTION & RESPONSE KIT