Targeted Technologies

Technologies targeted by threat actors or at risk of exploitation (prevalence indicates percentage of cloud environments with at least one hosted instance of the technology)

Name	No. Incidents	Techniques	Prevalence (%)
Adobe ColdFusion
aiohttp	1		0.82
Amazon Bedrock	1
Amazon EKS
Amazon SageMaker	1		0.38
Amazon SES	1
Amazon SNS	0	SNS abuse for spam or phishing
Ansible	1		0.61
Apache ActiveMQ	6		0.35
Apache Airflow	0		0.34
Apache Ant	0		0.33
Apache Axis	0		0.13
Apache Cassandra	1		0.18
Apache CloudStack	0		0.11
Apache CouchDB	2		0.06
Apache Druid	1		0.01
Apache Flink	1		0.08
Apache Hadoop	7	Misconfigured Apache Hadoop abuse	0.53
Apache HTTP Server	3		0.77
Apache Kafka	0		0.32
Apache OFBiz
Apache RocketMQ	1		0.01
Apache Shiro	0		0.49
Apache Spark	1		0.01
Apache Struts
Apache Subversion	0		0.79
Apache Superset	0		0.1
Apache Thrift	0		0.14
Apache Tomcat	0		0.64
Apache ZooKeeper	0		0.7
Apollo Server	0		0.36
Argo CD	0	Misconfigured Argo abuse	0.32
Aspera Faspex	1		0.01
Autodesk Revit
Avahi	0		0.43
Aviatrix Controller
AWS Amplify	1
AWS Appstream	0	Appstream abuse
AWS CloudFormation	1	Resource injection in CloudFormation template
AWS Codebuild	1
AWS ECS	1
AWS Fargate	2
AWS Lambda	1	Backdoor Lambda LayerServerless executionLambda persistence
AWS SSM
Azure Arc	0	Azure Arc abuse
Azure Batch	1	Azure Batch abuse
Azure Entra ID
Azure Storage	3
Barracuda ESG	1		0.01
BeyondTrust
BitBucket Server	1		0.07
cAdvisor		cAdvisor abuse	0.01
CBL Mariner	0		0.23
Celery	0		0.55
Certbot	0		0.39
Chef Client	0		0.23
Chocolatey	0		0.45
Cisco Adaptive Security Appliance (ASA)
Cisco ISE
Citrix NetScaler
Citrix Receiver	0		0.18
Cleo file transfer software
ClickHouse	0		0.13
CockroachDB	0		0.17
ComfyUI
Confluence Server	13		0.1
ConnectWise ScreenConnect	1		0.01
containerd	0		0.91
CraftCMS
Django	0		0.65
Docker	16	Abusing exposed Docker socketBackdoor Docker imageMisconfigured Docker abuse	0.89
DogWifTools
Drupal	1		0.07
Elasticsearch	3		0.61
Envoy	0		0.20
ESXi Server	1		0.11
etcd	0
Exim	1		0.45
F5 BIG IP	1		0.27
FileZilla Server	0		0.11
Firebase	0		0.23
Flask	0		0.82
Flower	0		0.34
Fluent Bit	0		0.42
Flux Kustomize Controller	0		0.2
FortiClient
Fortinet Fortigate
Fortinet FortiManager
FortiOS
FRP Client	0		0.26
Geronimo	0		0.24
Ghostscript	0		0.77
Gitea		Misconfigured Gitea Abuse
gith
GitHub	6	pwn requestRepository webhook abuseRegister self-hosted runnerScript injection into CICD workflow	0.05
GitLab	3	Script injection into CICD workflow	0.10
Google Cloud Storage
Grafana	0		0.31
Gunicorn	0		0.70
H2 Database	0		0.11
HAProxy	0		0.43
Hashicorp Consul	1	Misconfigured Consul abuse	0.19
HashiCorp Vault	0		0.33
Helm	0		0.23
Hugging Face Transformers	0		0.42
ImageMagick	0		0.82
InfluxDB	0		0.25
InMage Scout	0		0.17
Istio	0		0.25
Ivanti Connect Secure VPN	3		0.01
Ivanti CSA
Ivanti EPMM
JDWP
Jenkins	6	Repository webhook abuse	0.46
Jira Server	3		0.12
Jupyter Notebook	4	Jupyter Notebook misconfig abuseJupyter Notebook ransomware	0.63
JupyterLab	1		0.54
Keycloak	0		0.21
Kibana	1		0.22
Krpano
KubeFlow	0	Misconfigured KubeFlow abuse	0.04
Kubernetes	9	Propagation via KubeletK8s anonymous auth abuse	0.77
LangChain	0		0.30
Langflow
Laravel	3		0.23
LevelDB	0		0.17
Liferay	1
Lighttpd
Linux
Localtunnel	0		0.33
Lottie-player
Magento	1		0.05
MariaDB	0		0.50
Maven	0		0.41
Mbed TLS	0		0.17
Memcached	0		0.27
Metabase	1		0.11
Metricbeat	0		0.16
Microsoft Exchange	2	Email server hijacking	0.1
Microsoft Graph API
Microsoft IIS	0		0.42
Microsoft OneDrive
Microsoft Outlook
Microsoft Power Pages		Misconfigured Power Pages abuse
Microsoft SCCM	0		0.28
Microsoft SQL Server	4	SQL injectionSQL commands	0.46
Microsoft Teams
Microsoft Word
MinIO	1		0.02
Moby	0		0.11
MODX	1
MongoDB	2		0.58
Monit	0		0.24
MySQL	1	SQL injectionSQL commands	0.65
NGINX	2		0.86
ngrok	0		0.12
Nomad
npm	1	Package dependency confusionSlopsquatting	0.59
Office365	1
OMI	0		0.37
Open WebUI
Openfire
OpenMetadata	1		0.02
OpenResty	0		0.28
Openscap	0		0.19
OpenSearch	0		0.21
Oracle Cloud
Oracle Database	0		0.11
Oracle E-Business Suite
Packer	0		0.14
PAN-OS	0		0.26
PaperCut	1		0.03
PHP	3		0.68
phpMyAdmin	1		0.29
PHPUnit
Podman	0		0.34
PostgreSQL	4	Misconfigured DB abuse	0.87
Prometheus	0		0.26
Proself
Puppet	0		0.16
Puppet Agent	0		0.20
PyPI		SlopsquattingPackage dependency confusion
Qlink Sense	1		0.05
RabbitMQ	0		0.34
Ray AI
Redis	13	Redis-as-a-backdoorMisconfigured Redis abuse	0.80
ReportLab	0		0.33
RocksDB	0		0.12
RStudio	0		0.15
RubyGems	0		0.25
S3 Bucket	5	Storage Denial of Wallet amplification attack
Safe{wallet}
Salesforce	1
Salesloft Drift
SaltStack	1		0.17
Samba	0		0.40
SAP Crystal Reports	0		0.19
SAP NetWeaver
ScienceLogic SL1
Selenium Grid		Misconfigured Selenium Grid abuse	0.33
SharePoint	1		0.05
SimpleHelp
Slack
Smartsheet	1
Snowflake
Solana
Solr	1		0.33
SonarQube	0		0.25
Sonatype Nexus	0		0
SonicWall firewall
Splunk Forwarder	0		0.30
Spring Boot	0	Spring Boot Actuator abuse	0.72
Spring Boot Actuator
Spring Cloud	0		0.18
Spring Framework	1		0.84
Squid	0		0.28
strongSwan	0		0.29
SugarCRM	1		0.01
Tableau Server	0		0.21
TaffyDB	0		0.39
Team Foundation Server	0		0.30
TeamCity	2	Repository webhook abuse	0.09
Telerik UI
Tenable Nessus	0		0.2
Tensorflow Hub	0		0.22
TestNG	0		0.11
ThinkPHP	1
TigerVNC	0		0.26
TightVNC	0		0.20
TP-Link Router
Triofox
vCenter Server	1
Veeam
Verdaccio	0		0.20
VirtualBox	0		0.15
Visual Studio Code
VMware Horizon	1		0.02
VMware vSphere
VMWare Workspace ONE Access and Identity Manager
vsftpd	0		0.31
WebLogic	3		0.1
Windows AFD
Windows Print Spooler
Windows SmartScreen
WinRAR
WordPress	3	Misconfigured Wordpress abuse	0.31
WSO2	2		0.02
Zabbix Agent	0		0.21
ZeroMQ	0		0.23
Zimbra Server
Zoho ManageEngine	1		0.12
Zyxel