General Information
Tools, Techniques & Techs
Incidents
Campaigns
Supply Chain Attacks
Resource Hijacking
Name | Pub. date | Actors | Initial access | Impact | Type | Status |
|---|---|---|---|---|---|---|
IIS Backdoor Exploiting Exposed ASP.NET Machine Keys | October 22, 2025 | REF3927 | Software misconfig | Data exfiltration | Campaign | Finalized |
PassiveNeuron Campaign: Espionage Campaign Targeting Windows Server Environments | October 21, 2025 | Unknown | 1-day vulnerabilitySoftware misconfigExposed secret | Data exfiltration | Campaign | Finalized |
F5 incident | October 15, 2025 | Unknown | Unknown | Data exfiltration | Incident | Finalized |
eBPF Rootkit Targeting AWS and Linux Environments | October 14, 2025 | Unknown | 1-day vulnerability | Data exfiltration | Campaign | Finalized |
Supply Chain Risk in Axis Autodesk Revit Plugin Due to Exposed Azure Storage Credentials | October 8, 2025 | Exposed secret | Resp. disclosure | Research | Finalized | |
“Crimson Collective” Claims Theft of Customer Data from Red Hat | October 2, 2025 | Crimson Collective | Unknown | Data exfiltration | Campaign | Finalized |
Cl0p Extortion Campaign Claims Theft via Oracle E-Business Suite | October 2, 2025 | Cl0p | 0-day vulnerability1-day vulnerability | RansomOp | Campaign | Finalized |
Renewed "ArcaneDoor" Campaign Targeting 0-day Vulnerabilities in Cisco ASA | September 26, 2025 | STORM-1849 | 0-day vulnerability | Data exfiltration | Campaign | Finalized |
BRICKSTORM Espionage Backdoor Targeting U.S. Tech and Legal Sectors | September 25, 2025 | UNC5221 | Unknown | Data exfiltration | Campaign | Finalized |
SonicWall MySonicWall Cloud Backup File Security Incident | September 25, 2025 | Unknown | Password attack | Data exfiltration | Incident | Finalized |
Shai-Hulud: Ongoing Package Supply Chain Compromise Delivering Data-Stealing Malware | September 15, 2025 | Unknown | Exposed secret | Supply chain attack | Campaign | Finalized |
Qix npm package supply chain compromise | September 8, 2025 | Unknown | End-user compromise | Supply chain attack | Incident | Finalized |
GhostAction campaign | September 5, 2025 | Unknown | Cloud native misconfig | Data exfiltration | Campaign | Finalized |
Compromised Salesloft Drift Tokens Enable Data Theft Across Integrations | September 2, 2025 | UNC6395 | Exposed secretPassword attack | Data exfiltration | Campaign | Finalized |
Storm-0501 Deploys Cloud-Based Ransomware | August 28, 2025 | Storm-0501 | 1-day vulnerability | RansomOp | Campaign | Finalized |
Nx Package Supply Chain Compromise Delivers Data-Stealing Malware | August 27, 2025 | Unknown | End-user compromise | Data exfiltration | Campaign | Finalized |
GENESIS PANDA's Cloud Intrusions: Persistent Control Plane Exploitation and Access Brokerage | August 24, 2025 | Genesis Panda | Software misconfig | Data exfiltration | Campaign | Finalized |
Silk Typhoon Exploiting Trusted Relationships for Cloud Environments Compromise | August 24, 2025 | Silk Typhoon | 1-day vulnerability | Data exfiltration | Campaign | Finalized |
Salesloft Drift supply chain compromise | August 21, 2025 | UNC6395 | Unknown | Supply chain attack | Incident | Stub |
Warlock Ransomware Exploiting Sharepoint Vulnerabilities | August 20, 2025 | Warlock operator | 1-day vulnerability | RansomOp | Campaign | Finalized |
DripDropper Malware Exploits Patched Apache ActiveMQ for Persistence on Cloud Linux Systems | August 19, 2025 | Unknown | 1-day vulnerability | Data exfiltration | Campaign | Finalized |
UAT-7237 Targets Taiwanese Web Infrastructure Using Customized Open-Source Tools | August 18, 2025 | UAT-7237 | Web vulnerability1-day vulnerability | Data exfiltration | Campaign | Finalized |
Akira Ransomware Targeting Critical Vulnerability in SonicWall SSLVPN | August 6, 2025 | Unknown | 1-day vulnerability | RansomOp | Campaign | Finalized |
Plague PAM-Based Backdoor for Linux | August 4, 2025 | Unknown | Password attack | Data exfiltration | Campaign | Finalized |
Auto-Color Malware Exploits SAP Vulnerability for Linux Backdoor | July 29, 2025 | Unknown | 1-day vulnerability | Data exfiltration | Campaign | Finalized |
AWS CodeBuild Vulnerability Allows Build Process Secrets Extraction | July 23, 2025 | Unknown | Supply chain vector | Data exfiltration | Research | Finalized |
Soco404 Cryptomining Campaign Exploits PostgreSQL and Cloud Misconfigurations | July 23, 2025 | Unknown | Software misconfig | Resource hijacking | Campaign | Finalized |
Mimo Targets Magento, Docker, and Cloud Environments | July 21, 2025 | Mimo operator | 1-day vulnerability | Resource hijacking | Campaign | Finalized |
Supply Chain Attack on npm Packages via Maintainer Phishing | July 20, 2025 | Unknown | End-user compromise | Supply chain attack | Campaign | Finalized |
0day Vulnerability in Microsoft Sharepoint Exploited in-the-Wild | July 20, 2025 | Unknown | 0-day vulnerability | Campaign | Finalized | |
Linuxsys Cryptominer Campaign | July 17, 2025 | Unknown | 1-day vulnerability | Resource hijacking | Campaign | Finalized |
AWS Network Exploitation and Ransomware Detonation | July 8, 2025 | Unknown | Software misconfig | RansomOpData exfiltration | Campaign | Finalized |
AWS Data Exfiltration and Attempted Ransomware | July 8, 2025 | Unknown | Exposed secret | RansomOpData exfiltration | Campaign | Finalized |
Azure Account Hijack via Stolen Tokens | July 8, 2025 | Unknown | Exposed secret | Data exfiltration | Campaign | Finalized |
In-Memory IIS Attacks via View State Deserialization | July 8, 2025 | TGR-CRI-0045 | Exposed secret | Data exfiltration | Campaign | Finalized |
UNC5174 Exploits Ivanti CSA Zero-Days in “Houken” Campaign | July 3, 2025 | UNC5174 | 0-day vulnerability1-day vulnerability | Resource hijackingData exfiltration | Campaign | Finalized |
JDWP Exploited in the Wild | July 2, 2025 | Unknown | Software misconfig | Resource hijacking | Campaign | Stub |
Linux SSH Servers Compromised to Deploy Proxies | June 30, 2025 | Unknown | Password attack | Resource hijacking | Campaign | Finalized |
Attacks on Korean IIS & Linux Servers | June 25, 2025 | Unknown | 1-day vulnerability | Data exfiltration | Campaign | Finalized |
Langflow Vulnerability Exploited to Deliver Flodrix Botnet | June 17, 2025 | Unknown | 1-day vulnerability | Denial of serviceResource hijackingData exfiltration | Campaign | Finalized |
JSFireTruck: Malicious JavaScript Campaign Using Obfuscation | June 12, 2025 | Unknown | End-user compromise | Resource hijacking | Campaign | Finalized |
TeamFiltration Account Takeover Campaign | June 11, 2025 | Unknown | End-user compromise | Data exfiltration | Campaign | Stub |
NPM Supply Chain Attack Compromises 16 Popular React Native and GlueStack Packages | June 7, 2025 | Unknown | Supply chain vector | Supply chain attack | Campaign | Finalized |
Open WebUI Misconfiguration Exploited for Cryptojacking | June 3, 2025 | Unknown | Software misconfig | Resource hijacking | Campaign | Finalized |
Cryptojacking Campaign Targets Misconfigured DevOps Tools | June 2, 2025 | JINX-0132 | Software misconfig | Resource hijacking | Campaign | Finalized |
Earth Lamia Custom Toolkit Targets Multiple Sectors via Web Vulnerabilities | May 29, 2025 | Earth Lamia | 1-day vulnerabilityWeb vulnerability | Data exfiltration | Campaign | Finalized |
DragonForce Exploits SimpleHelp Vulnerabilities in Ransomware Campaign | May 28, 2025 | DragonForce | 1-day vulnerabilitySupply chain vector | RansomOp | Campaign | Finalized |
Coordinated One-Day Cloud Scanning Operation Targets 75 Exposure Points | May 28, 2025 | Unknown | 1-day vulnerabilitySoftware misconfig | None | Campaign | Finalized |
Mimo Exploits Craft CMS RCE to Deploy Cryptominer and Proxyware in Coordinated Campaign | May 27, 2025 | Mimo operator | 1-day vulnerability | Resource hijacking | Campaign | Finalized |
Ivanti EPMM RCE Vulnerability Chain Exploited in the Wild | May 20, 2025 | Unknown | 1-day vulnerability | Data exfiltration | Campaign | Not started |
UTG-Q-015 Exploits 0-Days for Espionage in Asia | May 19, 2025 | UTG-Q-015 | 0-day vulnerability1-day vulnerability | Data exfiltration | Campaign | Finalized |
From stolen cloud key to persistence-as-a-service | May 13, 2025 | Unknown | Exposed secret | Unknown | Incident | Finalized |
RedisRaider Linux Cryptojacking Campaign Targets Redis Servers | May 8, 2025 | Unknown | Software misconfig | Resource hijacking | Campaign | Finalized |
ComfyUI exploitation campaign | May 6, 2025 | Unknown | Software misconfig | Unknown | Campaign | Finalized |
Supply Chain Compromise of rand-user-agent: Obfuscated RAT with C2 Communication and File Exfiltration | May 5, 2025 | Unknown | Supply chain vector | Supply chain attack | Campaign | Finalized |
xAI leaked API key | May 1, 2025 | Exposed secret | Resp. disclosure | Research | Finalized | |
Larva-25003: IIS Native Module Malware Used in Targeted Web Server Attacks | April 30, 2025 | Unknown | Software misconfig | Data exfiltrationResource hijacking | Campaign | Finalized |
Node.js repository CI/CD vulnerable to RCE | April 30, 2025 | Cloud native misconfig | Resp. disclosure | Research | Finalized | |
Grafana GitHub Action attempted supply chain attack | April 27, 2025 | Unknown | Cloud native misconfig | None | Incident | Finalized |
Sysrv Apache Druid cryptojacking | April 23, 2025 | Sysrv botnet operator | 1-day vulnerability | Resource hijacking | Campaign | Finalized |
Compromised cloud keys exfiltrated to bucket | April 23, 2025 | Unknown | Exposed secret | Data exfiltration | Incident | Finalized |
Lucifer Apache Druid cryptojacking | April 23, 2025 | Lucifer operator | 1-day vulnerability | Resource hijacking | Campaign | Finalized |
Password spray attack leads to containers being used for cryptomining | April 23, 2025 | Storm-1977 | Password attack | Resource hijacking | Campaign | Finalized |
SAP NetWeaver Visual Composer exploitation campaign | April 22, 2025 | Unknown | 0-day vulnerability | Unknown | Campaign | Finalized |
Multi-Layered Cryptojacking via Docker | April 22, 2025 | Unknown | Supply chain vector | Resource hijacking | Campaign | Finalized |
Rspack supply chain attack | April 17, 2025 | MUT-1692 | End-user compromise | Resource hijackingSupply chain attack | Incident | Finalized |
UNC5174 Linux Espionage Campaign | April 16, 2025 | UNC5174 | Unknown | Data exfiltration | Campaign | Finalized |
CrazyHunter Ransomware Group Targets Critical Sectors in Taiwan | April 16, 2025 | CrazyHunter operator | Unknown | RansomOp | Campaign | Finalized |
AWS Breach at a SaaS Company | April 15, 2025 | Unknown | Exposed secret | Data exfiltrationDenial of serviceData destruction | Incident | Finalized |
BPFDoor’s Hidden Controller Targets AMEA Sectors | April 14, 2025 | Red Menshen | Unknown | Data exfiltration | Campaign | Finalized |
Atlas Lion Campaign Exploits Device Enrollment and MFA for Persistence | April 10, 2025 | Atlas Lion | End-user compromise | Data exfiltration | Campaign | Finalized |
Long-Term Email Breach at OCC Exposes Sensitive Bank Oversight Data | April 8, 2025 | Unknown | Unknown | Data exfiltration | Incident | Finalized |
Europecar Gitlab Breach | April 4, 2025 | Unknown | Unknown | Data exfiltration | Incident | Finalized |
Critical Ivanti Connect Secure Vulnerability Exploited by China-linked Actor | April 3, 2025 | Unknown | 0-day vulnerability | Data exfiltration | Campaign | Finalized |
Weaver Ant data exfiltration campaign | March 24, 2025 | Weaver Ant | Web vulnerability | Data exfiltration | Campaign | Finalized |
Albabat Ransomware Targets Windows, Linux, and macOS Using GitHub Infrastructure | March 21, 2025 | Albabat operator | Unknown | RansomOp | Campaign | Finalized |
Oracle Cloud Potential Supply Chain Breach | March 21, 2025 | Unknown | 1-day vulnerability | Data exfiltrationSupply chain attack | Incident | Finalized |
Exposed Jupyter Notebooks Targeted for Cryptomining | March 16, 2025 | Unknown | Software misconfig | Resource hijacking | Campaign | Finalized |
tj-actions/changed-files supply chain attack | March 15, 2025 | Unknown | UnknownSupply chain vector | Supply chain attack | Incident | Finalized |
CDC dangling domain hijack | March 10, 2025 | Hazy Hawk | Dangling resource | Resource hijacking | Incident | Finalized |
PHP-CGI Vulnerability Exploited in Attacks Targeting Japan | March 6, 2025 | Unknown | 1-day vulnerability | Data exfiltration | Campaign | Finalized |
Silk Typhoon Targeting IT and Cloud Applications | March 5, 2025 | Silk Typhoon | 0-day vulnerability1-day vulnerability | Data exfiltration | Campaign | Finalized |
Zapier data breach | March 1, 2025 | Unknown | End-user compromise | Data exfiltration | Incident | Finalized |
JavaGhost SES abuse | February 28, 2025 | JavaGhost | Exposed secret | Resource hijacking | Campaign | Finalized |
CPU_HU: Malicious Campaign Targeting Misconfigured PostgreSQL Servers for Cryptomining | February 27, 2025 | JINX-0126 | Software misconfigPassword attack | Resource hijacking | Incident | Finalized |
ByBit hack | February 26, 2025 | Lazarus GroupTraderTraitor | End-user compromise | Supply chain attackDenial of wallet | Incident | Finalized |
Krpano XSS exploitation campaign | February 26, 2025 | Unknown | 1-day vulnerability | DefacementResource hijacking | Campaign | Finalized |
Teammate App exposed MongoDB | February 24, 2025 | Software misconfig | Resp. disclosure | Research | Finalized | |
RevivalStone Campaign by Winnti | February 18, 2025 | Winnti | 1-day vulnerability | Data exfiltration | Campaign | Finalized |
Earth Preta’s Campaign Abusing MAVInject to Bypass Detection | February 18, 2025 | Mustang Panda | End-user compromise | Data exfiltration | Campaign | Finalized |
Seashell Blizzard Subgroup's Campaign Exploiting Vulnerabilities for Data Exfiltration | February 13, 2025 | Seashell Blizzard | 1-day vulnerability | Data exfiltration | Campaign | Finalized |
Code Injection Attacks Exploiting Publicly Disclosed ASP.NET Keys | February 12, 2025 | Unknown | Exposed secret | Data exfiltration | Campaign | Finalized |
Black Basta Exploiting Vulnerabilities in Multiple Products | February 11, 2025 | Black Basta operator | 1-day vulnerability | RansomOp | Campaign | Finalized |
Malicious AI Models Bypass Picklescan Detection | February 9, 2025 | Unknown | Supply chain vector | Supply chain attack | Campaign | Finalized |
From social engineering to Lambda modification | February 3, 2025 | Unknown | End-user compromise | Data exfiltration | Incident | Finalized |
USAID cryptojacking incident | January 31, 2025 | Unknown | Password attack | Resource hijacking | Incident | Finalized |
DogWifTool supply chain attack | January 29, 2025 | Unknown | Exposed secret | Supply chain attack | Incident | Finalized |
Operation LongFang | January 24, 2025 | Unknown | 1-day vulnerability | Data exfiltration | Campaign | Finalized |
MasterCard Fixes Five-Year-Old DNS Typo Misconfiguration | January 22, 2025 | Unknown | Dangling resource | Data exfiltrationResource hijacking | Incident | Finalized |
TRIPLESTRENGTH: Cloud Account Hijacking and Cryptocurrency Mining via Stolen Credentials | January 21, 2025 | TRIPLESTRENGTH | End-user compromise | Resource hijackingRansomOp | Campaign | Finalized |
UNC2165 Targets Hybrid Environments with Ransomware | January 21, 2025 | UNC2165 | Unknown | RansomOpData exfiltration | Campaign | Finalized |
Otelier data breach | January 17, 2025 | Unknown | End-user compromise | Data exfiltration | Incident | Finalized |
Bapak Exploiting Stolen Cloud Access Keys | January 15, 2025 | Bapak | End-user compromise | Resource hijacking | Campaign | Finalized |
Codefinger Ransomware Campaign Targeting S3 Buckets | January 13, 2025 | Codefinger | Exposed secret | RansomOp | Campaign | Finalized |
Exploitation in the wild of Aviatrix Controller RCE | January 11, 2025 | Unknown | 1-day vulnerability | Resource hijacking | Campaign | Finalized |
Campaign targeting exposed FortiGate firewall management interfaces | January 10, 2025 | Unknown | 0-day vulnerability | Data exfiltration | Campaign | Finalized |
Gravy Analytics data breach | January 10, 2025 | Unknown | Exposed secret | Data exfiltration | Incident | Stub |
Kong image compromise | January 2, 2025 | Unknown | Cloud native misconfig | Supply chain attackResource hijacking | Incident | Finalized |
US Treasury breach via BeyondTrust supply chain attack | December 31, 2024 | Unknown | 0-day vulnerability | Data exfiltration | Incident | Finalized |
Volkswagen data leak through Spring Boot Actuator misconfiguration | December 30, 2024 | Unknown | Software misconfig | Data exfiltration | Incident | Finalized |
EC2 Grouper campaign | December 30, 2024 | EC2 Grouper | Exposed secret | UnknownResource hijacking | Campaign | Finalized |
ZAGG customer data compromised via hijacked FreshClicks BigCommerce app | December 28, 2024 | Unknown | Unknown | Data exfiltration | Incident | Stub |
Phishing campaign leading to Azure account takeover | December 18, 2024 | Unknown | End-user compromise | Unknown | Campaign | Finalized |
Diicot Campaign Targeting Linux Environments | December 17, 2024 | Diicot | Password attack | Resource hijacking | Campaign | Finalized |
RCE Vulnerability in Apache Struts Targeted by Attackers | December 17, 2024 | Unknown | 1-day vulnerability | Unknown | Campaign | Finalized |
PHP Targeted with Glutton backdoor | December 16, 2024 | Winnti | Unknown | Data exfiltration | Campaign | Finalized |
LLM Hijacking Targeting AWS | December 15, 2024 | JINX-2401 | Exposed secretEnd-user compromise | Resource hijacking | Campaign | Finalized |
Cleo Vulnerabilities Targeted by Cl0p Ransomware | December 15, 2024 | Cl0p | 0-day vulnerability1-day vulnerability | RansomOp | Campaign | Finalized |
Byte Federal Data Breach via Gitlab Vulnerability | December 12, 2024 | Unknown | 1-day vulnerability | Data exfiltration | Incident | Finalized |
Attack abusing Amazon SES | December 11, 2024 | Unknown | Exposed secret | Resource hijacking | Incident | Finalized |
State-Sponsored APT Abuse Visual Studio Code in Attacks | December 5, 2024 | Unknown | 1-day vulnerability | Data exfiltration | Campaign | Finalized |
Ultralytics compromise | December 5, 2024 | Unknown | Cloud native misconfig | Supply chain attackResource hijacking | Incident | Finalized |
Solana web3.js Supply Chain Attack | December 4, 2024 | Unknown | End-user compromiseSupply chain vector | Supply chain attack | Campaign | Finalized |
Gafgyt Malware Targeting Misconfigured Docker Servers | December 3, 2024 | Gafgyt operator | Software misconfig | Data exfiltrationDenial of service | Campaign | Finalized |
Mauri Ransomware Exploiting Apache ActiveMQ | December 2, 2024 | Unknown | 1-day vulnerability | RansomOp | Campaign | Finalized |
Gelsemium’s Shift to Linux Malware with WolfsBane and FireWood | November 21, 2024 | Gelsemium | Unknown | Data exfiltration | Campaign | Finalized |
Sports Piracy Exploiting Misconfigured Jupyter Servers | November 19, 2024 | Unknown | Software misconfig | Campaign | Finalized | |
Earth Kasha’s Campaign Exploiting Fortinet Vulnerability | November 19, 2024 | Earth Kasha | 1-day vulnerability | Data exfiltration | Campaign | Finalized |
BrazenBamboo Weaponizes FortiClient Vulnerability to Steal Credentials | November 15, 2024 | BrazenBamboo | 0-day vulnerability | Data exfiltration | Campaign | Finalized |
RCE Vulnerability in PAN-OS Exploited in-the-Wild | November 8, 2024 | Unknown | 0-day vulnerability | Unknown | Campaign | Finalized |
Silent Skimmer Attacks Exploiting Telerik UI to Steal Payment Data | November 7, 2024 | Silent Skimmer | 1-day vulnerability | Data exfiltration | Campaign | Finalized |
Mozi Botnet Using AndroxGh0st Toolkit to Target Cloud Environments | November 6, 2024 | Mozi Botnet operator | 1-day vulnerability | Resource hijacking | Campaign | Finalized |
Supply Chain Attack on lottie-player | October 31, 2024 | Unknown | Supply chain vector | Supply chain attack | Campaign | Finalized |
Cyberoam breach (2018) | October 31, 2024 | Volt TyphoonAPT31APT41 | Unknown | Data exfiltration | Incident | Stub |
SharePoint Vulnerability Exploited in-the-Wild | October 30, 2024 | Unknown | 1-day vulnerability | Data exfiltrationData destruction | Incident | Finalized |
EMERALDWHALE Attacks Targeting Exposed Git Config Files | October 30, 2024 | EMERALDWHALE | Exposed secret | Data exfiltration | Campaign | Finalized |
Amazon DB exposed with Prime Video viewing habits | October 27, 2024 | Cloud native misconfig | Resp. disclosure | Research | Finalized | |
TeamTNT’s Docker Gatling Gun Campaign | October 25, 2024 | TeamTNT | Software misconfig | Resource hijacking | Campaign | Finalized |
UNC5820 exploiting FortiManager flaw | October 24, 2024 | UNC5820 | 0-day vulnerability | Data exfiltration | Campaign | Finalized |
Prometei campaign | October 23, 2024 | Prometei operator | 1-day vulnerabilityPassword attack | Resource hijacking | Campaign | Finalized |
Triad Nexus: Funnull malicious campaign | October 22, 2024 | Funnull | Insider threatSupply chain vector | Supply chain attack | Campaign | Finalized |
perfctl campaign targeting Docker API | October 21, 2024 | Unknown | Software misconfig | Resource hijacking | Campaign | Finalized |
EA cross-user access via API | October 18, 2024 | API vulnerability | Resp. disclosure | Research | Stub | |
Earth Simnavaz (APT34) Targeting UAE and Gulf Regions | October 11, 2024 | APT34 | 1-day vulnerability | Data exfiltration | Campaign | Finalized |
Game Freak data leak | October 10, 2024 | Unknown | Software misconfig | Data exfiltration | Incident | Stub |
APT29 Targeting Zimbra and TeamCity Servers | October 10, 2024 | APT29 | 1-day vulnerability | Data exfiltrationRansomOpSupply chain attack | Campaign | Finalized |
Veeam Vulnerability Exploited by Akira and Fog Ransomware | October 10, 2024 | Unknown | 1-day vulnerability | RansomOp | Campaign | Finalized |
perfctl Malware Targeting Linux | October 3, 2024 | Unknown | 1-day vulnerability | Resource hijacking | Campaign | Finalized |
Rackspace incident (2024) | September 30, 2024 | Unknown | 0-day vulnerability | Data exfiltration | Incident | Stub |
REF6138 campaign | September 27, 2024 | REF6138 | Unknown | Resource hijacking | Campaign | Finalized |
Storm-0501 Targeting Hybrid Environments with Ransomware | September 26, 2024 | Storm-0501 | 1-day vulnerability | RansomOp | Campaign | Finalized |
Storm-0501 attacking hybrid environments with ransomware | September 26, 2024 | Storm-0501 | End-user compromise1-day vulnerability | RansomOpData exfiltration | Campaign | Finalized |
Docker Swarm and K8s cryptojacking campaign | September 23, 2024 | Unknown | Software misconfig | Resource hijacking | Campaign | Finalized |
UNC1860 Attacks Targeting the Middle East | September 20, 2024 | UNC1860 | 1-day vulnerability | Data exfiltration | Campaign | Finalized |
Scattered Spider targeting GCP environment | September 17, 2024 | 0ktapus | Unknown | RansomOp | Incident | Stub |
Scattered Spider targeting Azure environment | September 17, 2024 | 0ktapus | End-user compromise | RansomOp | Incident | Stub |
GitHub PAT leakage leading to RDS Database exfiltration | September 17, 2024 | Unknown | Exposed secret | Data exfiltration | Incident | Stub |
Fortinet Sharepoint data leak | September 12, 2024 | Unknown | Unknown | Data exfiltration | Incident | Stub |
Campaign targeting Selenium Grid for cryptomining | September 12, 2024 | Unknown | Software misconfig | Resource hijacking | Campaign | Finalized |
Hadooken Malware Targeting Weblogic Servers | September 12, 2024 | Unknown | Software misconfig | Resource hijacking | Campaign | Finalized |
DragonRank Targeting IIS Web Servers | September 10, 2024 | DragonRank | 1-day vulnerabilitySoftware misconfig | Data exfiltrationResource hijacking | Campaign | Finalized |
Godzilla Backdoor Exploiting Confluence Vulnerability | August 30, 2024 | Unknown | 1-day vulnerability | Unknown | Campaign | Finalized |
Confluence exploited for cryptojacking | August 28, 2024 | Unknown | 1-day vulnerability | Resource hijacking | Campaign | Finalized |
ShinyHunters Ransomware Targeting Cloud Environments | August 23, 2024 | Bling Libra | Exposed secretCloud native misconfig | RansomOp | Campaign | Finalized |
PG_MEM Malware Exploiting Misconfigured PostreSQL Instances | August 19, 2024 | JINX-0126 | Software misconfigPassword attack | Resource hijacking | Campaign | Finalized |
Msupedge Backdoor Targeting Taiwanese University | August 19, 2024 | Unknown | 1-day vulnerability | Data exfiltration | Campaign | Finalized |
Extortion Campaign Exploiting Exposed Environment Variable | August 15, 2024 | Unknown | Exposed secret | Data exfiltrationRansomOp | Campaign | Finalized |
Gafgyt Malware Targeting Cloud Environments | August 14, 2024 | Gafgyt operator | Password attack | Resource hijacking | Campaign | Finalized |
Horde Panda targeting South Asian telecommunications provider | August 9, 2024 | Horde Panda | Functionality abuse | Data exfiltration | Campaign | Finalized |
Scattered Spider Abuses Cloud Management Agent | August 9, 2024 | 0ktapus | End-user compromise | Resource hijacking | Campaign | Finalized |
Earth Baku campaign | August 9, 2024 | APT41 | Software misconfig | Data exfiltration | Campaign | Finalized |
Panamorfi campaign | August 2, 2024 | Unknown | Software misconfig | Denial of service | Campaign | Stub |
Mirai Botnet Exploiting Apache OFBiz Vulnerability | July 31, 2024 | Mirai | 1-day vulnerability | Resource hijacking | Campaign | Finalized |
Ransomware operators exploit ESXi vulnerability | July 29, 2024 | Storm-0506Storm-1175Manatee Tempest0ktapus | 1-day vulnerability | RansomOp | Campaign | Finalized |
BORN Group supply chain attack | July 25, 2024 | IntelBroker | 1-day vulnerability | Supply chain attack | Incident | Stub |
SeleniumGreed: Threat actors exploit exposed Selenium Grid services for Cryptomining | July 25, 2024 | Unknown | Functionality abuseSoftware misconfig | Resource hijacking | Campaign | Finalized |
Disney Slack breach | July 15, 2024 | NullBulge | End-user compromise | Data exfiltration | Incident | Stub |
CRYSTALRAY: threat actors exploiting OSS tools | July 11, 2024 | CRYSTALRAY | 1-day vulnerability | Resource hijackingData exfiltration | Campaign | Finalized |
Python infrastructure leaked access token | July 8, 2024 | Exposed secret | Resp. disclosure | Research | Stub | |
Misconfigured Jenkins Servers Used for Cryptomining | July 5, 2024 | Unknown | Unknown | Resource hijacking | Campaign | Stub |
8220 Gang Exploiting WebLogic Vulnerabilities for Cryptojacking | June 30, 2024 | 8220 Gang | 1-day vulnerability | Resource hijacking | Campaign | Finalized |
Funnull Polyfill supply chain attack | June 25, 2024 | Funnull | Insider threatSupply chain vector | Supply chain attackDefacement | Campaign | Finalized |
Rabbit AI exposed keys in code | June 25, 2024 | Exposed secret | Resp. disclosure | Research | Stub | |
RedJuliett Exploiting VPN and Firewall Vulnerabilities | June 24, 2024 | RedJuliett | Software misconfig1-day vulnerabilityWeb vulnerability | Data exfiltration | Campaign | Finalized |
Boolka campaign | June 21, 2024 | Boolka | Web vulnerability | Resource hijacking | Campaign | Stub |
Scattered Spider SaaS targeting (2024) | June 14, 2024 | 0ktapus | End-user compromise | Data exfiltrationRansomOp | Campaign | Finalized |
NCS mass server deletion | June 13, 2024 | Insider threat | Data destruction | Incident | Stub | |
RCE Vulnerability in PHP CGI Exploited by TellYouThePass | June 10, 2024 | TellYouThePass Gang | 1-day vulnerability | RansomOp | Campaign | Stub |
NYT source code theft | June 8, 2024 | Unknown | End-user compromise | Data exfiltration | Incident | Stub |
DERO cryptojacking campaign (2024) | June 7, 2024 | Unknown | Cloud native misconfig | Resource hijacking | Campaign | Finalized |
Scylla LLMJacking campaign | June 6, 2024 | Unknown | End-user compromise | Resource hijacking | Campaign | Stub |
Gitloker campaign | June 5, 2024 | Gitloker | End-user compromise | RansomOp | Campaign | Stub |
Club Penguin data theft via Confluence | June 5, 2024 | Unknown | End-user compromise | Data exfiltration | Incident | Stub |
Dama webshell deployment via ThinkPHP exploitation | June 5, 2024 | Unknown | 1-day vulnerability | Resource hijacking | Campaign | Stub |
Operation Veles | June 4, 2024 | UTG-Q-008 | Password attack | Resource hijacking | Campaign | Stub |
Muhstik campaign | June 4, 2024 | Muhstik operator | 1-day vulnerability | Resource hijackingDenial of service | Campaign | Finalized |
ByteDance Rspack GitHub misconfiguration | May 31, 2024 | Software misconfig | Resp. disclosure | Research | Stub | |
RedTail Cryptomining campaign | May 30, 2024 | RedTail operator | 1-day vulnerability | Resource hijacking | Campaign | Finalized |
Snowflake compromised creds abuse campaign | May 29, 2024 | UNC5537 | End-user compromise | Data exfiltration | Incident | Stub |
Kinsing targeting cloud servers | May 16, 2024 | Kinsing operator | 1-day vulnerability | Resource hijacking | Campaign | Finalized |
Mirai campaign targeting Ivanti products | May 7, 2024 | Unknown | 1-day vulnerability | Resource hijacking | Campaign | Stub |
Atlas Lion phishing campaign | May 6, 2024 | Atlas Lion | End-user compromise | Resource hijackingDenial of walletData exfiltration | Campaign | Finalized |
LLMjacking via Laravel exploitation | May 6, 2024 | Unknown | 1-day vulnerability | Resource hijacking | Incident | Finalized |
Utah “Bathroom Bill” open database | May 3, 2024 | Cloud native misconfig | Data exfiltration | Research | Stub | |
TargetCompany Abusing MSSQL Servers for Ransomware | May 2, 2024 | TargetCompany | Password attackSoftware misconfig | RansomOp | Campaign | Finalized |
ArcaneDoor Campaign Targeting Cisco Adaptive Security Appliance 0day | April 24, 2024 | STORM-1849 | 0-day vulnerability | Data exfiltration | Campaign | Finalized |
APT28 Targeting Print Spooler Vulnerability for GooseEgg Deployment | April 22, 2024 | APT28 | 0-day vulnerability1-day vulnerability | Data exfiltration | Finalized | |
MITRE breach via Ivanti Connect Secure | April 19, 2024 | UNC5221 | 1-day vulnerability | Data exfiltration | Incident | Stub |
K8s targeted via OpenMetadata exploitation | April 17, 2024 | Unknown | 1-day vulnerabilityExposed secret | Resource hijacking | Campaign | Finalized |
Delinea breach | April 14, 2024 | Unknown | 1-day vulnerability | Unknown | Incident | Stub |
Abusing management tooling for cloud access | April 11, 2024 | Unknown | End-user compromise | Data exfiltration | Incident | Stub |
Sisense breach | April 11, 2024 | Unknown | Unknown | Data exfiltration | Incident | Finalized |
From password reset to data exfiltration | April 11, 2024 | Unknown | Cloud native misconfig | Data exfiltration | Incident | Stub |
Smishing into Entra onto VMWare ransomware | April 11, 2024 | Unknown | End-user compromise | RansomOp | Incident | Stub |
Third party to cloud compromise | April 11, 2024 | Unknown | Supply chain vector | RansomOp | Incident | Stub |
Personal local drive to AWS ransomware | April 11, 2024 | Unknown | End-user compromise | RansomOp | Incident | Stub |
RUBYCARP: Botnet Exploiting Vulnerabilities for Crypto | April 9, 2024 | RUBYCARP | 1-day vulnerabilityPassword attack | Denial of serviceResource hijacking | Campaign | Finalized |
Microsoft exposed storage with credentials | April 9, 2024 | Cloud native misconfig | Resp. disclosure | Research | Stub | |
Muddled Libra campaigns (2024) | April 9, 2024 | 0ktapus | End-user compromise | Data exfiltration | Campaign | Stub |
Hugging Face cross-tenant access | April 4, 2024 | Cloud native misconfigWeb vulnerability | Resp. disclosure | Research | Finalized | |
Affirmed Networks breach | April 2, 2024 | Storm-0558 | Unknown | Data exfiltration | Incident | Finalized |
XZ Utils backdoor incident | March 29, 2024 | Unknown | Insider threat | Supply chain attack | Incident | Finalized |
Agenda Ransomware Targets ESXi and vCenter Servers | March 26, 2024 | Agenda operator | Unknown | RansomOp | Campaign | Finalized |
Compromise of Top.gg repo | March 25, 2024 | Unknown | End-user compromise | Supply chain attack | Incident | Stub |
UNC5174 ScreenConnect and F5 BIG-IP exploitation | March 22, 2024 | UNC5174 | 1-day vulnerability | Data exfiltration | Campaign | Finalized |
Fujitsu exposed bucket | March 21, 2024 | Cloud native misconfig | Resp. disclosure | Research | Stub | |
Widespread TeamCity exploitation (March ‘24) | March 19, 2024 | Unknown | 1-day vulnerability | Resource hijackingRansomOp | Campaign | Stub |
ShadowSyndicate aiohttp exploitation | March 15, 2024 | ShadowSyndicate | 1-day vulnerability | RansomOp | Campaign | Finalized |
Meson Network cryptojacking campaign | March 11, 2024 | Unknown | 1-day vulnerabilitySoftware misconfig | Resource hijacking | Campaign | Finalized |
From writable bucket to credential theft | March 8, 2024 | Cloud native misconfig | Resp. disclosure | Research | Stub | |
Magnet Goblin campaign (2024) | March 8, 2024 | Magnet Goblin | 1-day vulnerability | Unknown | Campaign | Stub |
Redis, Hadoop, and Docker exploitation | March 6, 2024 | Unknown | Software misconfig1-day vulnerability | Resource hijacking | Campaign | Finalized |
z0Miner targeting WebLogic servers | March 6, 2024 | z0miner | 1-day vulnerability | Resource hijacking | Campaign | Finalized |
From social engineering to cryptocurrency theft | March 6, 2024 | Unknown | End-user compromise | Data exfiltration | Incident | Stub |
Cutout.Pro Breach | February 28, 2024 | KryptonZambie | Unknown | Data exfiltration | Incident | Finalized |
Pure Incubation (DemandScience) Breach | February 28, 2024 | KryptonZambie | Unknown | Data exfiltration | Incident | Finalized |
From refresh token theft to global admin | February 23, 2024 | Unknown | Resp. disclosure | Research | Stub | |
Lucifer Botnet targeting Hadoop | February 22, 2024 | Lucifer operator | 1-day vulnerabilitySoftware misconfig | Denial of serviceResource hijacking | Campaign | Finalized |
US DOI PII exfiltration pentest | February 21, 2024 | Insider threat | Resp. disclosure | Research | Stub | |
S3 ransomware scam | February 21, 2024 | Unknown | Unknown | Data exfiltrationData destruction | Incident | Stub |
Migo cryptominer targeting Redis | February 20, 2024 | Migo operator | Software misconfig | Resource hijacking | Campaign | Finalized |
SSH-Snake Confluence targeting campaign | February 20, 2024 | Unknown | 1-day vulnerability | Resource hijacking | Campaign | Stub |
WinStar exposed app database | February 18, 2024 | Software misconfig | Resp. disclosure | Research | Stub | |
Sliver deployment via Confluence vulnerability | February 15, 2024 | Unknown | 1-day vulnerability | Resource hijacking | Campaign | Stub |
BMW exposed cloud storage | February 14, 2024 | Cloud native misconfig | Resp. disclosure | Research | Stub | |
U.S. Internet exposed email server | February 14, 2024 | Software misconfig | Resp. disclosure | Research | Stub | |
CGI Federal incident | February 13, 2024 | Unknown | 1-day vulnerability | Data exfiltration | Incident | Stub |
Zenlayer exposed database | February 13, 2024 | Software misconfig | Resp. disclosure | Research | Stub | |
Microsoft Smartscreen Vulnerability Exploited by Water Hydra | February 13, 2024 | Water Hydra | 1-day vulnerabilityEnd-user compromise0-day vulnerability | Data exfiltration | Campaign | Finalized |
Würk exposed database | February 9, 2024 | Software misconfig | Resp. disclosure | Research | Stub | |
Juniper support portal exposure | February 9, 2024 | Software misconfig | Resp. disclosure | Research | Stub | |
C3Pool mining via Confluence vulnerability | February 8, 2024 | Unknown | 1-day vulnerability | Resource hijacking | Campaign | Stub |
Almerys incident | February 8, 2024 | Unknown | Unknown | Data exfiltration | Incident | Stub |
Viamedis incident | February 8, 2024 | Unknown | End-user compromise | Data exfiltration | Incident | Stub |
Cryptojacking via Azure Batch | February 6, 2024 | Unknown | End-user compromise | Resource hijacking | Incident | Stub |
Windows SmartScreen vulnerability exploited by Mispadu trojan | February 2, 2024 | Mispadu operator | 1-day vulnerability | Data exfiltration | Campaign | Finalized |
Cloudflare incident following Okta breach | February 1, 2024 | Unknown | Supply chain vector | Data exfiltration | Incident | Stub |
Commando Cat campaign | February 1, 2024 | Commando Cat | Software misconfig | Resource hijacking | Campaign | Finalized |
Football Australia exposed cloud key | February 1, 2024 | Exposed secretCloud native misconfig | Resp. disclosure | Research | Stub | |
DangerDev SES abuse incident | January 31, 2024 | Unknown | Exposed secret | Resource hijacking | Incident | Stub |
New Relic incident (November 2023) | January 31, 2024 | Unknown | End-user compromise | Data exfiltration | Incident | Stub |
Mimic used by Trigona operators | January 28, 2024 | Trigona operator | Software misconfig1-day vulnerabilityPassword attack | RansomOp | Campaign | Finalized |
Mercedes-Benz source code exposure | January 26, 2024 | Exposed secret | Resp. disclosure | Research | Finalized | |
ECS Fargate cryptojacking | January 19, 2024 | Unknown | Exposed secret | Resource hijacking | Campaign | Finalized |
S3 data exfiltration | January 19, 2024 | Unknown | Exposed secret | Data exfiltration | Incident | Finalized |
Microsoft email exfiltration by Nobelium | January 19, 2024 | APT29 | Password attack | Data exfiltration | Incident | Finalized |
From ActiveMQ to Godzilla webshell | January 18, 2024 | Unknown | 1-day vulnerability | Resource hijacking | Campaign | Stub |
Mimo cryptomining campaign | January 18, 2024 | Mimo operator | 1-day vulnerability | Resource hijackingRansomOp | Campaign | Stub |
9hits Docker campaign | January 18, 2024 | Unknown | 1-day vulnerability | Resource hijacking | Campaign | Stub |
AndroxGh0st usage (2024) | January 16, 2024 | Unknown | 1-day vulnerabilitySoftware misconfig | Resource hijacking | Campaign | Stub |
TensorFlow GitHub misconfiguration | January 15, 2024 | Software misconfig | Resp. disclosure | Research | Stub | |
PyTorch GitHub misconfiguration | January 11, 2024 | Software misconfig | Resp. disclosure | Research | Stub | |
FBot toolkit targets cloud environments | January 11, 2024 | Unknown | Password attackWeb vulnerabilityFunctionality abuse | Resource hijacking | Campaign | Finalized |
Dreambus campaign (2023) | January 11, 2024 | Dreambus operator | Software misconfig1-day vulnerability | Resource hijacking | Campaign | Stub |
S3 RansomOp following long-term key exposure | January 11, 2024 | Unknown | Exposed secret | RansomOpData exfiltration | Incident | Stub |
Ivanti Connect Secure targeting campaign | January 10, 2024 | UNC5221 | 0-day vulnerability | Unknown | Campaign | Stub |
Apache app cryptojacking campaign | January 10, 2024 | Unknown | 1-day vulnerabilitySoftware misconfig | Resource hijacking | Campaign | Stub |
RE#TURGENCE MSSQL Server RansomOp | January 10, 2024 | Unknown | Software misconfigPassword attack | RansomOp | Campaign | Finalized |
New York Times - source code stolen | January 1, 2024 | Not started | ||||
Cyber Toufan Linux destruction | December 28, 2023 | Cyber Toufan | Supply chain vector | Data exfiltrationData destruction | Campaign | Stub |
Cloud lateral movement via Citrix cookie | December 15, 2023 | Unknown | End-user compromise | Data exfiltration | Incident | Stub |
GambleForce SQL injection campaign | December 14, 2023 | GambleForce | Web vulnerability1-day vulnerability | Data exfiltration | Campaign | Stub |
APT29 TeamCity campaign | December 13, 2023 | APT29 | 1-day vulnerability | Data exfiltration | Campaign | Stub |
OAuth applications to deploy VMs for cryptomining | December 12, 2023 | Storm-1283 | End-user compromise | Resource hijacking | Campaign | Stub |
First Republic Bank incident | December 12, 2023 | Unknown | Insider threat | Data destruction | Incident | Stub |
Krasue Thailand campaign | December 7, 2023 | Krasue operator | Unknown | Data exfiltration | Campaign | Stub |
Package hijacking redteam op | December 6, 2023 | End-user compromise | Resp. disclosure | Research | Stub | |
GoTitan ActiveMQ campaign | November 28, 2023 | GoTitan operator | 1-day vulnerability | Unknown | Campaign | Stub |
LINE and NAVER Cloud incident | November 27, 2023 | Unknown | End-user compromise | Data exfiltration | Incident | Stub |
Andariel exploiting Apache ActiveMQ | November 27, 2023 | Andariel | 1-day vulnerability | Unknown | Campaign | Stub |
Apache server Cryptojacking with Cobalt Strike | November 20, 2023 | Unknown | 1-day vulnerability | Resource hijacking | Campaign | Finalized |
Confluence targeting by C3RB3R | November 14, 2023 | C3RB3R operator | 1-day vulnerability | RansomOp | Campaign | Stub |
OracleIV campaign | November 13, 2023 | Unknown | Software misconfig | Resource hijacking | Campaign | Stub |
Sumologic incident | November 7, 2023 | Unknown | Unknown | Unknown | Incident | Stub |
EleKtra-Leak | October 30, 2023 | Unknown | Exposed secret | Resource hijacking | Campaign | Stub |
Okta support system supply chain attack | October 20, 2023 | Unknown | End-user compromise | Supply chain attack | Incident | Stub |
Qubitstrike Crypto Mining and Rootkit Campaign | October 18, 2023 | Unknown | Software misconfig | Resource hijacking | Campaign | Finalized |
Cloud tools imitation campaign | October 10, 2023 | Unknown | Supply chain vector | Unknown | Campaign | Stub |
SQL Server to cloud lateral movement | October 3, 2023 | Unknown | Web vulnerability | Data exfiltration | Campaign | Stub |
Darkbeam data exposure | October 2, 2023 | Software misconfig | None | Research | Stub |