Technology ❯ Cybersecurity ❯ Threat Intelligence

Attack Vectors

Remote Code Execution Social Engineering Webshells Zero-Day Vulnerabilities Slopsquatting Compromised Credentials Credential Attacks Admin Account Creation HTTP POST Requests Chinese Cyber Actors Watering Hole Attacks North Korean Hackers Voice-Based Attacks Phishing Emails Cryptomining DLL Sideloading Environmental Fingerprinting Command and Control Servers Direct Send

Adobe Reader Zero-Day Exploited for Months Through Malicious PDFs

Researchers warn booby-trapped PDFs steal local data pending an Adobe patch.

Axios npm Package Briefly Trojanized After Maintainer Account Takeover

M‑Trends 2026 Finds 22‑Second Handoffs, Exploit‑Led Breaches and a Vishing Spike

Exploit-Driven Hacks Overtake Credential Abuse in Cloud Breaches, Google Warns

Microsoft Warns of Fake Next.js Repos That Backdoor Developers’ Machines

LinkedIn DMs Used in RAT Campaign That Leverages DLL Sideloading

Huntress Uncovers Pre-Disclosure ESXi VM-Escape Toolkit Used in December Intrusion

SonicWall Patches Actively Exploited SMA1000 Zero-Day, Urges Immediate Hotfixes

React2Shell Attacks Intensify as React Issues Second Round of Emergency Patches

Fortinet Confirms Critical FortiWeb Zero-Day Is Being Exploited as CISA Sets Nov. 21 Patch Deadline

Researchers Uncover 'PhantomRaven' Campaign Flooding npm With 126 Credential-Stealing Packages

FortiGuard Uncovers MostereRAT, a Stealthy Windows RAT Using mTLS and Remote-Access Tools

CISA Orders Immediate Fix for Actively Exploited Sitecore ViewState Flaw (CVE-2025-53690)

HexStrike‑AI Attracts Criminal Use as Citrix NetScaler Zero‑Days Face Rapid Exploitation