mitre-ta0001
6478 articles with this tag
CRITICAL
CRITICAL
CRITICAL
CRITICAL
HIGH
MEDIUM
HIGH
MEDIUM
HIGH
HIGH
CRITICAL
HIGH
HIGH
CRITICAL
HIGH
CRITICAL
MEDIUM
CRITICAL
MEDIUM
CRITICAL
MEDIUM
HIGH
HIGH
CRITICAL
HIGH
MEDIUM
HIGH
HIGH
MEDIUM
CRITICAL
MEDIUM
CRITICAL
MEDIUM
HIGH
CRITICAL
HIGH
CRITICAL
MEDIUM
HIGH
HIGH
HIGH
MEDIUM
MEDIUM
MEDIUM
CRITICAL
MEDIUM
HIGH
HIGH
MEDIUM
MEDIUM
HIGH
MEDIUM
MEDIUM
CRITICAL
HIGH
HIGH
MEDIUM
LOW
MEDIUM
HIGH
CRITICAL
HIGH
CRITICAL
CRITICAL
HIGH
MEDIUM
MEDIUM
HIGH
CRITICAL
HIGH
MEDIUM
HIGH
CRITICAL
HIGH
HIGH
CRITICAL
CRITICAL
CRITICAL
HIGH
HIGH
CRITICAL
HIGH
LOW
HIGH
HIGH
MEDIUM
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
MEDIUM
HIGH
HIGH
HIGH
MEDIUM
HIGH
HIGH
HIGH
Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)
Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag
Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT
WhatsApp, Slack Notifications Could Hijack Google Gemini on Android
AI accelerates development of ransomware toolkit with EDR evasion capabilities
MazeBolt launches AI module to simulate novel DDoS attack vectors
CISA warns of cyberattacks targeting fuel tank monitoring systems
Dashlane issues opaque advisory warning 20 encrypted vaults were stolen
Coding Gaffe Exposes Microsoft 365 Accounts to Widespread Takeover
Typosquatted npm packages used to steal cloud and CI/CD secrets
New 'HTTP/2 Bomb' DoS attack crashes web servers in under a minute
We found this fake-invoice campaign while scammers were still building it
VU#595768: Securly Chrome Extension contains multiple weak encryption and access control vulnerabilities
CISA Adds One Known Exploited Vulnerability to Catalog
WeedHack malware campaign targets over 116,000 Minecraft players
Attackers Actively Exploiting Critical Vulnerability in Everest Forms Pro Plugin
Cisco Finesse Remote File Inclusion Vulnerability
Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability
Cisco Webex Meetings Cross-Site Scripting Vulnerability
CISA warns of active attacks exploiting Android, Linux bugs
Another bug hunter leaks Microsoft exploits in defiance of company’s handling of vulnerability disclosures
What 345 Days of Untested Exposure Looks Like at a Bank
New TrickMo Variant Expands Mobile Device Takeover Capabilities
One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens
Malware campaign targeting Minecraft users infects over 116,000 systems
Hackers Target Global Stock Exchange in Espionage Operation
Kirki, Burst Statistics WordPress Plugin Flaws in Attackers’ Crosshairs
USN-8375-1: nginx vulnerabilities
Vulnérabilité dans HPE Aruba Networking AOS-CX (03 juin 2026)
Organizations Warned of Exploited Linux Kernel Vulnerability
Malicious Notifications Could Trick Google Gemini Users
Acer working to patch max severity zero-days in Wave 7 routers
[NEU] [mittel] Octopus Deploy: Schwachstelle ermöglicht Manipulation
‘HTTP/2 Bomb’ Exploit Knocks Web Servers Offline in Seconds
Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes
[NEU] [mittel] Froxlor: Schwachstelle ermöglicht Manipulation, Offenlegung und DoS
[NEU] [hoch] Progress Software Sitefinity: Mehrere Schwachstellen
[NEU] [mittel] Mozilla Firefox: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff
[NEU] [hoch] Golang Go: Mehrere Schwachstellen
[NEU] [hoch] MISP: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
[NEU] [hoch] Gogs: Schwachstelle ermöglicht Denial of Service
[NEU] [mittel] Docker Desktop: Schwachstelle ermöglicht Denial of Service
[NEU] [mittel] Devolutions Server: Mehrere Schwachstellen
Global Stock Exchange Hit by Monthslong Email Campaign
New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare
Infostealers are becoming the go-to phishing payload
Lessons from the Canvas cyberattack
Argamal: Malware hidden in hentai games
CVE-2025-5791 Users: `root` appended to group listings
CVE-2025-60876 BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target (path/query), allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw space (0x20) in the request-target must also be rejected (clients should use %20).
Abusing iDEAL (Wero): how criminals weaponise legitimate payment links in phishing
CVE-2024-58266 The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the { and \xa0 characters, which may facilitate command injection.
USN-8348-1: GoBGP vulnerabilities
Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content
VS Code zero-day lets hackers steal GitHub tokens in one click
Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign
[UPDATE] [mittel] Red Hat Enterprise Linux (libeconf): Schwachstelle ermöglicht Denial of Service
[UPDATE] [niedrig] OpenSSH: Schwachstelle ermöglicht Offenlegung von Informationen
[UPDATE] [mittel] Apache Tomcat Connectors: Schwachstelle ermöglicht Denial of Service
Over 116,000 Minecraft systems infected in WeedHack malware campaign
Two-year old Oracle WebLogic Server vulnerability is being exploited
SideCopy group targets Afghanistan's Ministry of Finance with Xeno RAT
Russian hackers exploit WinRAR vulnerability for data theft
Critical Kirki flaw exploited to hijack WordPress admin accounts
DriveSurge actor uses ClickFix and FakeUpdates to distribute malware via compromised websites
FBI-Flagged Phishing Kit Kali365 Expands Its Reach
'Dumbass' criminal breaks the 'first rule of ransomware club'
Over 116,000 Mincraft systems infected in WeedHack malware campaign
HP Poly VoIP vulnerability sets the stage for executive voice deepfakes
DriveSurge Hijacks Thousands of Sites for ClickFix, FakeUpdate Attacks
China Uses Dual-Method Cyberattack on Czech Orgs
AI-built ransomware toolkit automates EDR evasion, AD discovery
Why supply chain attacks work and what detection can actually do about it
Four coordinated npm supply chain campaigns active in May–June 2026 — TTPs, IOCs, and detection notes
These convincing copyright notices are designed to steal Google logins
Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation
Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine
USN-8374-1: Linux kernel vulnerabilities
CISA and Partners Urge Hardening Automatic Tank Gauge Systems
USN-8373-1: Linux kernel vulnerabilities
Attackers Actively Exploiting Critical Vulnerability in Burst Statistics Plugin
Unpatched NTLM Coercion in Windows search: URI Handler, Same Bug, No CVE, No Fix
USN-8238-2: EditorConfig vulnerability
USN-8372-1: age vulnerability
USN-8366-1: Luanti vulnerabilities
USN-8369-1: Apache Tomcat Connectors vulnerability
Instagram users locked out after Meta AI abused to steal accounts
The HazyBeacon Protocol – How Malware Weaponizes Amazon Web Services (AWS) Lambda Function URLs
1-Click GitHub Token Stealing via a VSCode Bug
Device Code Phishing Forensics: What We Learned Investigating BEC in the Wild
Android Update Patches Exploited Zero-Day, 123 Other Vulnerabilities
Exclusive: How One Line of Code Put Billions of Microsoft Android App Downloads at Risk
Russian spy agency says foreign spies turned officials' smartphones into surveillance devices
USN-8370-1: Linux kernel vulnerabilities
USN-8371-1: Linux kernel vulnerabilities
VU#615987: Missing IPsec Integrity Protection for IMS SIP Signaling in Verizon VoLTE Deployments
The newest Instagram “exploit” is the goofiest I’ve seen
VU#265691: Appsmiths SQL Query autocomplete renderer contains a cross site scripting vulnerability
Vulnérabilité dans les produits Ivanti (02 juin 2026)
Multiples vulnérabilités dans les produits Microsoft (02 juin 2026)