Technology ❯ Cybersecurity ❯ Threat Actors

Exploitation Techniques

Remote Code Execution Command Injection Privilege Escalation Spyware Attacks Denial of Service Authentication Bypass OS Command Injection Credential Abuse PowerShell Attacks Post-Compromise Activity

CISA Orders Federal Fix for Microsoft Defender 'BlueHammer' Flaw Exploited in the Wild

The agency set a May 6 deadline to curb attacks using public proof of concept code.

Mirai Botnet Actively Exploits Year-Old Flaw in Retired D-Link DIR-823X Routers

New Nexcorium Mirai Variant Exploits TBK DVR Flaw to Build IoT DDoS Botnet

Marimo RCE Exploited Within Hours of Disclosure

F5 Reclassifies BIG-IP APM Bug as Critical RCE as In‑the‑Wild Attacks Unfold

Attackers Exploit Critical Langflow RCE Within 20 Hours of Disclosure

CISA Adds Three Actively Exploited Flaws to KEV, Sets Fast Federal Patching Deadlines

Cisco Patches Two CVSS 10 Flaws in Secure Firewall Management Center

FreeScout Zero-Click Flaw (CVE-2026-28289) Enables Full Server Takeover

BeyondTrust Pre-Auth RCE Is Now Being Exploited in the Wild

Active Attacks Hit SolarWinds Web Help Desk, Abusing Zoho ManageEngine and Velociraptor

BeyondTrust Patches Critical Pre-Auth RCE in Remote Access Tools

Hackers Actively Exploit 'Metro4Shell' CVE-2025-11953 in React Native Metro Servers

SmarterMail Admin-Reset Flaw Under Active Exploitation Days After Patch

CISA Orders Federal Agencies to Patch Actively Exploited MongoDB ‘MongoBleed’ Flaw

Fortinet SSO Bypass Actively Exploited as CISA Sets Dec. 23 Fix Deadline

‘HashJack’ Exposes AI Browser Weakness as Microsoft and Perplexity Patch, Google Declines

Fortinet Confirms Second FortiWeb Flaw Under Active Attack as CISA Demands Rapid Fixes

Check Point Reveals Microsoft Teams Flaws That Enabled Fake Chats, Alerts, and Calls

Microsoft Uncovers ‘SesameOp’ Backdoor Using OpenAI Assistants API for Stealthy C2