Targeted Technologies

Technologies targeted by threat actors or at risk of exploitation (prevalence indicates percentage of cloud environments with at least one hosted instance of the technology)

Name	No. Incidents	Techniques	Prevalence (%)
Adobe ColdFusion
aiohttp	1		0.82
Amazon Bedrock	1
Amazon EKS
Amazon SageMaker	1		0.38
Amazon SES	1
Amazon SNS	0	SNS abuse for spam or phishing
Ansible	1		0.61
Apache ActiveMQ	6		0.35
Apache Airflow	0		0.34
Apache Ant	0		0.33
Apache Axis	0		0.13
Apache Cassandra	1		0.18
Apache CloudStack	0		0.11
Apache CouchDB	2		0.06
Apache Druid	1		0.01
Apache Flink	1		0.08
Apache Hadoop	7	Misconfigured Apache Hadoop abuse	0.53
Apache HTTP Server	3		0.77
Apache Kafka	0		0.32
Apache OFBiz
Apache RocketMQ	1		0.01
Apache Shiro	0		0.49
Apache Spark	1		0.01
Apache Struts
Apache Subversion	0		0.79
Apache Superset	0		0.1
Apache Thrift	0		0.14
Apache Tomcat	0		0.64
Apache ZooKeeper	0		0.7
Apifox Desktop Client
Apollo Server	0		0.36
Argo CD	0	Misconfigured Argo abuse	0.32
Aspera Faspex	1		0.01
Autodesk Revit
Avahi	0		0.43
Aviatrix Controller
AWS Amplify	1
AWS Appstream	0	Appstream abuse
AWS CloudFormation	1	Resource injection in CloudFormation template
AWS Codebuild	1
AWS ECS	1
AWS Fargate	2
AWS Lambda	1	Backdoor Lambda Layer Serverless execution Lambda persistence
AWS SSM
AWS WorkMail
Azure Arc	0	Azure Arc abuse
Azure Batch	1	Azure Batch abuse
Azure Entra ID
Azure Storage	3
Barracuda ESG	1		0.01
BeyondTrust
BitBucket Server	1		0.07
BuddyBoss
cAdvisor		cAdvisor abuse	0.01
CBL Mariner	0		0.23
Celery	0		0.55
Certbot	0		0.39
Chef Client	0		0.23
Chocolatey	0		0.45
Cisco Adaptive Security Appliance (ASA)
Cisco ISE
Cisco Secure Email Gateway
Citrix NetScaler
Citrix Receiver	0		0.18
Cleo file transfer software
ClickHouse	0		0.13
CockroachDB	0		0.17
ComfyUI
Confluence Server	13		0.1
ConnectWise ScreenConnect	1		0.01
containerd	0		0.91
CraftCMS
Django	0		0.65
Docker	16	Abusing exposed Docker socket Backdoor Docker image Misconfigured Docker abuse	0.89
DogWifTools
Drupal	1		0.07
Elasticsearch	3		0.61
Electron
Envoy	0		0.20
ESXi Server	1		0.11
etcd	0
Exim	1		0.45
F5 BIG IP	1		0.27
FileZilla Server	0		0.11
Firebase	0		0.23
Flask	0		0.82
Flower	0		0.34
Fluent Bit	0		0.42
Flux Kustomize Controller	0		0.2
FortiClient
Fortinet Fortigate
Fortinet FortiManager
FortiOS
FRP Client	0		0.26
GeoServer
Geronimo	0		0.24
Ghostscript	0		0.77
Gitea		Misconfigured Gitea Abuse
gith
GitHub	6	pwn request Repository webhook abuse Register self-hosted runner Script injection into CICD workflow	0.05
GitLab	3	Script injection into CICD workflow	0.10
Google Cloud Storage
Grafana	0		0.31
Gunicorn	0		0.70
H2 Database	0		0.11
HAProxy	0		0.43
Hashicorp Consul	1	Misconfigured Consul abuse	0.19
HashiCorp Vault	0		0.33
Helm	0		0.23
Hugging Face Transformers	0		0.42
ImageMagick	0		0.82
InfluxDB	0		0.25
InMage Scout	0		0.17
Istio	0		0.25
Ivanti Connect Secure VPN	3		0.01
Ivanti CSA
Ivanti EPMM
JDWP
Jenkins	6	Repository webhook abuse	0.46
Jira Server	3		0.12
Jupyter Notebook	4	Jupyter Notebook misconfig abuse Jupyter Notebook ransomware	0.63
JupyterLab	1		0.54
Keycloak	0		0.21
Kibana	1		0.22
Krpano
KubeFlow	0	Misconfigured KubeFlow abuse	0.04
Kubernetes	9	Propagation via Kubelet K8s anonymous auth abuse	0.77
LangChain	0		0.30
Langflow
Laravel	3		0.23
LevelDB	0		0.17
Liferay	1
Lighttpd
Linux
LiteLLM
Localtunnel	0		0.33
Lottie-player
Magento	1		0.05
MariaDB	0		0.50
Maven	0		0.41
Mbed TLS	0		0.17
MCP servers
Memcached	0		0.27
Metabase	1		0.11
Metricbeat	0		0.16
Microsoft Exchange	2	Email server hijacking	0.1
Microsoft Graph API
Microsoft IIS	0		0.42
Microsoft OneDrive
Microsoft Outlook
Microsoft Power Pages		Misconfigured Power Pages abuse
Microsoft SCCM	0		0.28
Microsoft SQL Server	4	SQL injection SQL commands	0.46
Microsoft Teams
Microsoft Word
MinIO	1		0.02
Moby	0		0.11
MODX	1
MongoDB	2		0.58
Monit	0		0.24
MySQL	1	SQL injection SQL commands	0.65
NGINX	2		0.86
ngrok	0		0.12
Nomad
Notepad++
npm	1	Package dependency confusion Slopsquatting	0.59
Office365	1
Ollama
OMI	0		0.37
Open WebUI
Openfire
OpenMetadata	1		0.02
OpenResty	0		0.28
Openscap	0		0.19
OpenSearch	0		0.21
Oracle Cloud
Oracle Database	0		0.11
Oracle E-Business Suite
Packer	0		0.14
PAN-OS	0		0.26
PaperCut	1		0.03
PHP	3		0.68
phpMyAdmin	1		0.29
PHPUnit
Podman	0		0.34
PostgreSQL	4	Misconfigured DB abuse	0.87
Prometheus	0		0.26
Proself
Puppet	0		0.16
Puppet Agent	0		0.20
PyPI		Slopsquatting Package dependency confusion
Qlink Sense	1		0.05
RabbitMQ	0		0.34
Ray AI
Redis	13	Redis-as-a-backdoor Misconfigured Redis abuse	0.80
ReportLab	0		0.33
RocksDB	0		0.12
RStudio	0		0.15
RubyGems	0		0.25
S3 Bucket	5	Storage Denial of Wallet amplification attack
Safe{wallet}
Salesforce	1
Salesloft Drift
SaltStack	1		0.17
Samba	0		0.40
SAP Crystal Reports	0		0.19
SAP NetWeaver
ScienceLogic SL1
Selenium Grid		Misconfigured Selenium Grid abuse	0.33
SharePoint	1		0.05
SimpleHelp
Slack
Smartsheet	1
Snowflake
Solana
Solr	1		0.33
SonarQube	0		0.25
Sonatype Nexus	0		0
SonicWall firewall
Splunk Forwarder	0		0.30
Spring Boot	0	Spring Boot Actuator abuse	0.72
Spring Boot Actuator
Spring Cloud	0		0.18
Spring Framework	1		0.84
Squid	0		0.28
strongSwan	0		0.29
SugarCRM	1		0.01
Tableau Server	0		0.21
TaffyDB	0		0.39
Team Foundation Server	0		0.30
TeamCity	2	Repository webhook abuse	0.09
Telerik UI
Tenable Nessus	0		0.2
Tensorflow Hub	0		0.22
TestNG	0		0.11
ThinkPHP	1
TigerVNC	0		0.26
TightVNC	0		0.20
TP-Link Router
Triofox
Trivy
vCenter Server	1
Veeam
Verdaccio	0		0.20
VirtualBox	0		0.15
Visual Studio Code
VMware Horizon	1		0.02
VMware vSphere
VMWare Workspace ONE Access and Identity Manager
vsftpd	0		0.31
WebLogic	3		0.1
Windows AFD
Windows Print Spooler
Windows SmartScreen
WinRAR
WordPress	3	Misconfigured Wordpress abuse	0.31
WSO2	2		0.02
Zabbix Agent	0		0.21
ZeroMQ	0		0.23
Zimbra Server
Zoho ManageEngine	1		0.12
Zyxel