Filter by technique: All T1190 T1486 T1566.002 T1055.001 T1195.001 T1059.001 T1204.002 T1203

• New Apache MINA Vulnerabilities Open Door to Remote Code Execution Attacks

  GBHackers

  T1059.007 97% T1190 46%
  2 days ago
• The npm Threat Landscape: Attack Surface and Mitigations (Updated May 1)

  Palo Alto Unit 42

  T1195.001 99% T1027 98% T1587 95%
  4 days ago
• EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades

  The Hacker News

  T1547.001 99% T1608.006 73% T1071 71%
  5 days ago
• CVE-2026-41305 PostCSS has XSS via Unescaped </style> in its CSS Stringify Output

  MSRC Update Guide

  T1059.007 70%
  6 days ago
• CVE-2026-33916 Handlebars.js has Prototype Pollution Leading to XSS through Partial Template Injection

  MSRC Update Guide

  T1059.007 42%
  6 days ago
• [webapps] FUXA 1.2.8 - Authentication Bypass + RCE Exploit

  Exploit-DB

  T1190 95% T1059.006 90% T1059.007 48%
  6 days ago
• [webapps] Js2Py 0.74 - RCE

  Exploit-DB

  T1059.006 61% T1059.007 50%
  6 days ago
• [webapps] HAX CMS 24.x - Stored Cross-Site Scripting (XSS)

  Exploit-DB

  T1059.007 62% T1059.006 45%
  2026-04-29
• [webapps] LangChain Core 1.2.4 - SSTI/RCE

  Exploit-DB

  T1059.007 74% T1059.006 32%
  2026-04-29
• VU#890999: Radware Alteon has a reflected XSS vulnerability that can execute JavaScript in the host browser

  CERT/CC Vulnerability Notes

  T1190 89% T1189 72% T1059.007 49%
  2026-04-21
• Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories

  Trend Micro Research

  T1059.007 95% T1204.002 45%
  2026-04-21
• Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise

  Microsoft Threat Intelligence

  T1548.006 100% T1543.004 97% T1555.003 97%
  2026-04-16
• CVE-2026-33940 Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial

  MSRC Update Guide

  T1059.007 48%
  2026-04-15
• CVE-2026-33938 Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block

  MSRC Update Guide

  T1059.007 35%
  2026-04-15
• March 2026 CVE Landscape: 31 High-Impact Vulnerabilities Identified, Interlock Ransomware Group Exploits Cisco FMC Zero-Day

  Recorded Future Blog

  T1059.007 99% T1190 96% T1587.004 87%
  2026-04-13
• CVE-2026-33937 Handlebars.js has JavaScript Injection via AST Type Confusion

  MSRC Update Guide

  T1059.007 71%
  2026-04-01
• Compromised axios npm package delivers cross-platform RAT

  Datadog Security Labs

  T1195.001 98% T1059.001 97% T1195.002 94%
  2026-03-31
• In WAF we (should not) trust

  Quarkslab

  T1059.007 66% T1027.010 32%
  2026-03-25
• ClickFix Campaigns Targeting Windows and macOS

  Recorded Future Blog

  T1059.001 97% T1074.001 97% T1204.004 95%
  2026-03-25
• VU#665416: SGLang (sglang) is vulnerable to code execution attacks via unsafe pickle deserialization

  CERT/CC Vulnerability Notes

  T1059.007 84% T1190 35%
  2026-03-12
• Look What You Made Us Patch: 2025 Zero-Days in Review

  Mandiant

  T1055.001 98% T1588.006 87% T1587.004 81%
  2026-03-05
• CVE-2023-50711 `serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access

  MSRC Update Guide

  T1059.007 55%
  2026-02-18
• CVE-2023-41330 Unsafe deserialization in knplabs/knp-snappy

  MSRC Update Guide

  T1059.007 40%
  2026-02-18
• Tech impersonators: ClickFix and MacOS infostealers

  Datadog Security Labs

  T1555.003 99% T1543.001 95% T1204.004 94%
  2026-02-10
• Deep Dive into Arista NG Firewall Vulnerabilities

  Bishop Fox

  T1190 87% T1560.001 44% T1068 38%
  2026-02-09
• CVE-2025-6978: Arbitrary Code Execution in the Arista NG Firewall

  Zero Day Initiative

  T1059.004 95% T1059.007 56% T1190 30%
  2026-02-05
• MUT-4831: Trojanized npm packages deliver Vidar infostealer malware

  Datadog Security Labs

  T1195.001 97% T1105 94% T1059.001 86%
  2025-11-06
• Exploitation of Windows Server Update Services Remote Code | Huntress

  Huntress

  T1059.001 91% T1068 52% T1059.007 49%
  2025-10-24
• From a Single Click: How Lunar Spider Enabled a Near Two-Month Intrusion

  The DFIR Report

  T1218.011 100% T1055.001 100% T1555.003 99%
  2025-09-29
• Remote Code Execution in DELMIA Apriso

  Project Discovery

  T1190 95% T1059.007 41%
  2025-09-23
• EvilAI Operators Use AI-Generated Code and Fake Apps for Far-Reaching Attacks

  Trend Micro Research

  T1012 100% T1547.001 99% T1053.005 99%
  2025-09-11
• Augmenting Penetration Testing Methodology with Artificial Intelligence – Part 2: Copilot

  Black Hills InfoSec

  T1059.007 74% T1588.007 47%
  2025-05-14
• Canary Exploit Tool for CVE-2025-30065 Apache Parquet Avro Vulnerability

  F5 Labs

  T1190 93% T1059.007 53%
  2025-05-05
• The 36 Most Common Cyberattacks (2025) | Huntress

  Huntress

  T1486 99% T1190 99% T1189 99%
  2025-05-02
• Top 10 web hacking techniques of 2024: nominations open

  PortSwigger Research

  T1190 97% T1068 68% T1059 56%
  2025-01-08
• Bring Your Own Command & Control (BYOC2)

  Huntress

  T1053.005 97% T1041 97% T1059.007 48%
  2022-04-26
• Targeted APT Activity: BABYSHARK Is Out for Blood | Huntress

  Huntress

  T1053.005 99% T1566.001 93% T1059.001 89%
  2022-03-01
• DanaBot’s New Tactics and Targets Arrive in Time for Peak Phishing and Fraud Season

  F5 Labs

  T1059.007 77% T1566.002 71% T1204.004 59%
  2019-12-09
• Jackson gadgets - Anatomy of a vulnerability

  Doyensec

  T1068 89% T1059.007 86%
  2019-07-21
• Vulnerabilities, Exploits, and Malware Driving Attack Campaigns in April 2019

  F5 Labs

  T1190 98% T1059.007 32%
  2019-05-14
• Gozi Adds Evasion Techniques to its Growing Bag of Tricks

  F5 Labs

  T1027.002 96% T1657 86% T1566.002 66%
  2019-01-29
• New Jenkins Campaign Hides Malware, Kills Competing Crypto-Miners

  F5 Labs

  T1053.003 98% T1204.002 89% T1059.004 84%
  2018-07-06
• BackSwap Defrauds Online Banking Customers Using Hidden Input Fields

  F5 Labs

  T1059.007 75% T1204.002 71%
  2018-06-29