“##as ) for applying critical patches. - enforce the use of phishing - resistant multi - factor authentication ( mfa ), such as fido2 / webauthn security keys, for all gitlab user accounts to strengthen protection against authentication bypass attacks. monetastealer : new macos ma…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1005Data from Local System
72%
“##ware scans user directories like ~ / documents, ~ / downloads, and ~ / desktop for. pdf,. txt,. doc,. xls, and. xlsx files containing financial keywords such as " invoice " or " bank, " and uses a regex pattern to identify credit and debit card numbers. collected data is compre…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
61%
“weekly threat bulletin – january 28th, 2026 active exploitation of cve - 2025 - 55182 critical rce in react server components and next. js cve - 2025 - 55182 represents a critical pre - authentication remote code execution ( rce ) vulnerability, rated with a cvss score of 10. 0, …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
59%
“patterns of ssrf and request smuggling. - harden the operating system configuration for oracle e - business suite servers by ensuring the application runs under a service account with the minimum necessary permissions, preventing it from executing arbitrary system commands or acc…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
36%
“##882 with a cvss score of 9. 8, affects oracle e - business suite versions 12. 2. 3 through 12. 2. 14. this zero - day vulnerability is actively exploited in the wild by threat actors, including the clop ransomware group, for data exfiltration and extortion, leading to its inclu…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1055.001Dynamic-link Library Injection
31%
“##fik reverse proxy misconfiguration and granting access to administrative endpoints. a malicious code injection ( cve - 2025 - 54313 ) affects specific versions of eslint - config - prettier ( 8. 10. 1, 9. 1. 1, 10. 1. 6, 10. 1. 7 ), executing ` node - gyp. dll ` malware on wind…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
30%
“##l. com or via hackerone bug bounty programs, and allowing adequate time for patches before public disclosure. threat details and iocs mitigation advice - scan all web applications and code repositories to create an inventory of all instances using next. js and react server comp…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
These are the top threats you should know about this week.