“and restricts network access to only trusted internal clients. - evaluate and deploy a cloud security posture management ( cspm ) tool to continuously monitor aws and azure environments for misconfigurations like publicly exposed apis, dashboards, and servers. - deploy a containe…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
97%
“( e. g., promises of free items ) to trick users into clicking malicious links and divulging sensitive information. indicators of compromise include sender addresses with random alphanumeric strings preceding ` firebaseapp. com ` ( e. g., ` noreply @ pr01 - 1f199. firebaseapp [. …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
97%
“past active exploitation of similar flaws, immediate updates are crucial for protection. severity : critical threat details and iocs mitigation advice - immediately identify all beyondtrust remote support and privileged remote access instances on the network to determine if they …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
95%
“, legitimate business service. - add the domains ` rebrand. ly `, ` clouud. thebatata. org `, and ` www. servercrowdmanage. com ` to your web proxy, dns filter, and firewall blocklists. - create a detection rule in your siem to alert security personnel on all new or unapproved ne…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1557.001Name Resolution Poisoning and SMB Relay
85%
“operated the dknife gateway - monitoring and adversary - in - the - middle ( aitm ) framework since at least 2019, utilizing seven linux - based implants to perform deep packet inspection, traffic manipulation, and malware delivery via routers and edge devices. this framework, di…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
84%
“operating system command injection flaw allows an unauthenticated remote attacker to execute arbitrary commands in the context of the site user by sending specially crafted requests, potentially leading to unauthorized access, data exfiltration, and service disruption. the vulner…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
82%
“- pre - auth - rce. html https : / / www. cyberkendra. com / 2026 / 02 / ai - discovers - critical - zero - click - flaw. html https : / / www. helpnetsecurity. com / 2026 / 02 / 09 / beyondtrust - remote - access - vulnerability - cve - 2026 - 1731 / https : / / www. hendryadria…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1574.001DLL
68%
“modern, secure alternatives that enforce transport encryption and multi - factor authentication. - implement application control policies on endpoints to prevent the execution of unauthorized applications and block common dll side - loading techniques. https : / / blog. talosinte…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
67%
“security patching. - implement and enforce a quarterly user access review process for gitlab to ensure all accounts have the minimum necessary privileges. - implement network segmentation to isolate the gitlab ai gateway server, restricting its network access to only essential sy…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
65%
“identify misconfigured docker apis and ray dashboards and deploy cryptocurrency miners, ` kube. py ` for kubernetes credential harvesting and persistent backdoor deployment, ` react. py ` for remote code execution via the react flaw, and ` pcpcat. py ` for automated deployment of…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
49%
“applied. compliance best practices - review and re - architect network access to all management appliances, including beyondtrust, to ensure they are not exposed to the public internet. if external access is required, enforce it through a vpn or zero trust network access ( ztna )…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1496Resource Hijacking
42%
“weekly threat bulletin – february 11th, 2026 teampcp worm exploits cloud infrastructure to build criminal infrastructure a massive, worm - driven campaign, attributed to the teampcp threat cluster ( also known as deadcatx3, pcpcat, persypcp, and shellforce ), has been systematica…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1071.001Web Protocols
32%
“##fe. bin, postapi. bin, sslmm. bin, mmdown. bin, yitiji. bin, remote. bin, and dkupdate. bin. - using your endpoint detection and response ( edr ) tool, run threat hunting queries for indicators of compromise ( iocs ) associated with the shadowpad and darknimbus backdoors on all…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
These are the top threats you should know about this week.