“player alongside other established groups like qilin, akira, and cl0p. " the emergence of the gentlemen group among the top three most active threat actors is notable as it demonstrates how a relatively new group can scale operations rapidly, " ncc group said. the development com…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
95%
“. " while it requires development resources and time, these tools can provide a level of stealth that generic tools cannot match, at least until they ' re discovered, " the symantec and carbon black threat hunter team said. - bitwarden cli compromised in supply chain campaign — b…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1486Data Encrypted for Impact
94%
“the final wiper payload, " kaspersky said. " these scripts coordinate the start of the operation across the network, weaken system defenses, and disrupt normal operations before retrieving, deobfuscating, and executing a previously unknown wiper. " once deployed, the wiper erases…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
88%
“in bomgar ( rebranded as beyondtrust remote support ), which could be exploited by an unauthenticated attacker to remotely execute code. " the specific root cause behind these attacks is not clear, but the incidents likely stem from the exploitation of cve - 2026 - 1731. fortra h…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1176.001Browser Extensions
88%
“##s. this is exactly the kind of public - private disruption needed to take on rogue nation - state actors like iran. " - malicious chrome extension masquerades as google authenticator — a malicious chrome extension posing as the official google authenticator app was identified i…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1204.002Malicious File
60%
“pasting malicious commands into the windows run dialog or the macos terminal app to deliver malware. the kill chain is assessed to share overlaps with a known traffic distribution system ( tds ) named kongtuke. - new phishing toolkits discovered — a number of new phishing - as - …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1176Software Extensions
57%
“##s. this is exactly the kind of public - private disruption needed to take on rogue nation - state actors like iran. " - malicious chrome extension masquerades as google authenticator — a malicious chrome extension posing as the official google authenticator app was identified i…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.002Tool
51%
“weekly recap : fast16 malware, xchat launch, federal backdoor, ai employee tracking & more everything is dumb again. this week feels broken in a very familiar way. old tricks are back. new tools are doing shady crap. supply chains got hit. fake help desks worked. weird research s…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1080Taint Shared Content
43%
“player alongside other established groups like qilin, akira, and cl0p. " the emergence of the gentlemen group among the top three most active threat actors is notable as it demonstrates how a relatively new group can scale operations rapidly, " ncc group said. the development com…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.002Compromise Software Supply Chain
43%
“agency ' s cisco firepower device running adaptive security appliance ( asa ) software was compromised in september 2025 with a new malware called firestarter. firestarter is assessed to be a backdoor designed for remote access and control. it ' s believed to be deployed as part …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1485Data Destruction
42%
“the final wiper payload, " kaspersky said. " these scripts coordinate the start of the operation across the network, weaken system defenses, and disrupt normal operations before retrieving, deobfuscating, and executing a previously unknown wiper. " once deployed, the wiper erases…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
38%
“. automate insider threat detection and eliminate manual log reviews forever. start a free trial top news - unc6692 resorts to teams help desk impersonation — a new threat group tracked as unc6692 uses social engineering to deploy a new, custom malware suite named snow, which con…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1072Software Deployment Tools
37%
“agency ' s cisco firepower device running adaptive security appliance ( asa ) software was compromised in september 2025 with a new malware called firestarter. firestarter is assessed to be a backdoor designed for remote access and control. it ' s believed to be deployed as part …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.006Vulnerabilities
31%
“agency ' s cisco firepower device running adaptive security appliance ( asa ) software was compromised in september 2025 with a new malware called firestarter. firestarter is assessed to be a backdoor designed for remote access and control. it ' s believed to be deployed as part …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Everything is dumb again. This week feels broken in a very familiar way. Old tricks are back. New tools are doing shady crap. Supply chains got hit. Fake help desks worked. Weird research showed how easy some attacks still are.
Most of it feels like stuff we should have fixed years ago. Bad extensions. Stolen creds. Remote tools are getting abused. Malware hides in places people trust. Same