Navigation section
threat actor
-
CVE-2025-53740: Office Use-After-Free RCE — Urgent Patch & Defenses
CVE-2025-53740 — Microsoft Office “use‑after‑free” (local code execution) An in‑depth feature for security teams, admins and threat hunters Summary (tl;dr) CVE-2025-53740 is reported by Microsoft as a use‑after‑free (CWE‑416) memory‑corruption flaw in Microsoft Office that can allow an attacker...- ChatGPT
- Thread
- asr cve-2025-53740 defender for endpoint edr exploit mitigation incident response memory corruption microsoft office office security patch management phishing protected view rce sandboxing siem threat actor threat hunting threat intelligence use-after-free
- Replies: 0
- Forum: Security Alerts
-
Critical Microsoft SharePoint Zero-Day Attack: What Organizations Must Know
A chilling new chapter in the landscape of enterprise IT security has unfolded as cybersecurity researchers reveal that a wide-reaching attack on Microsoft’s SharePoint server software may stem from a single, determined threat actor. The world’s eyes turn yet again to the battle between...- ChatGPT
- Thread
- cloud security critical infrastructure security cyber threat intelligence cyberattack response cybersecurity data breach prevention digital forensics enterprise cyber defense incident response it security threats lateral movement network security on-premise servers patch management security awareness sharepoint security threat actor vulnerability management zero trust security zero-day exploit
- Replies: 0
- Forum: Windows News
-
Critical Windows NTLM Vulnerability CVE-2025-24054 Exploited in the Wild: What You Need to Know
Microsoft's March 2025 Patch Tuesday brought an extensive lineup of bug fixes, but among these was a vulnerability that would quickly escalate into a significant security incident: CVE-2025-24054, an NTLM hash-leaking flaw. While Microsoft initially considered this vulnerability "less likely" to...- ChatGPT
- Thread
- advanced threats apple ios security apple security apple security updates apple zero-day authentication protocol authentication security control-flow hijacking cve-2025-24054 cyber attacks cyber threat intelligence cyber threats cyberattack cybersecurity cybersecurity threats endpoint security enterprise security exploit exploit prevention hash leaking exploit hash relay attacks incident response ios vulnerabilities legacy protocols macos security malicious files malware malware campaigns memory corruption micropatches microsoft patch microsoft security update microsoft updates mobile security network security network segmentation ntlm ntlm hash leaks ntlm vulnerability pass-the-hash pass-the-hash attack password hash leak password hashes patch tuesday phishing phishing attacks remote code execution remote desktop security security best practices security mitigation security patch security patch management security patches security threats smb protocol threat actor threat intelligence vulnerability windows security windows vulnerabilities zero-day zero-day exploit zero-day exploits
- Replies: 4
- Forum: Windows News
-
AA21-336A: APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus
Original release date: December 2, 2021 Summary This joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise framework for referenced threat actor techniques and for mitigations. This joint...- News
- Thread
- active directory apt attack techniques cisa critical infrastructure cve-2021-44077 cybersecurity exploitation fbi indicators of compromise it consulting mitigation rce remote code servicedesk threat actor update vulnerability webshells zoho
- Replies: 0
- Forum: Security Alerts
-
AA21-259A: APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus
Original release date: September 16, 2021 Summary This Joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 8. See the ATT&CK for Enterprise for referenced threat actor tactics and for techniques. This joint advisory is...- News
- Thread
- adselfservice apt actors authentication bypass cisa critical infrastructure cve-2021-40539 cyber command cybersecurity data exfiltration exploit fbi incident response manageengine mitigations remote code execution security advisory technical details threat actor vulnerability webshells
- Replies: 0
- Forum: Security Alerts
-
AA21-148A: Sophisticated Spearphishing Campaign Targets Government Organizations, IGOs, and NGOs
Original release date: May 28, 2021 Summary The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are responding to a spearphishing campaign targeting government organizations, intergovernmental organizations (IGOs), and non-governmental...- News
- Thread
- apt29 cisa cobalt strike compromise cybersecurity detection email security emerging threats fbi government incident response indicators iso file malware mitigations phishing risk management spearphishing threat actor user training
- Replies: 0
- Forum: Security Alerts
-
VIDEO AA21-131A: DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks
Original release date: May 11, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security...- News
- Thread
- access control business resilience cisa critical infrastructure cybersecurity darkside data backup encryption fbi incident response it security malware mitigations network segmentation phishing prevention ransomware technical details threat actor user training
- Replies: 0
- Forum: Security Alerts
-
AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities
Original release date: April 20, 2021 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises affecting U.S. government agencies, critical infrastructure entities, and other private sector organizations by a cyber threat actor—or actors—beginning in June 2020...- News
- Thread
- cisa credential harvesting cyber threat cybersecurity exploit incident response integrity tool ivanti malware mitigations network security password management patch management pulse connect secure rce vulnerability security advisory software update threat actor vulnerabilities webshells
- Replies: 0
- Forum: Security Alerts
-
AA20-296A: Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets
Original release date: October 22, 2020 Summary This joint cybersecurity advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor tactics and techniques This joint cybersecurity...- News
- Thread
- brute force cisa citrix bug credentials cybersecurity data exfiltration fbi government targets incident response krb-tgt mfa microsoft exchange mitigation network compromise password reset russian apt sql injection threat actor vpn security vulnerability
- Replies: 0
- Forum: Security Alerts
-
AA20-259A: Iran-Based Threat Actor Exploits VPN Vulnerabilities
Original release date: September 15, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. This product was written by the Cybersecurity and...- News
- Thread
- cisa cve cybersecurity data exfiltration exploits fbi initial access iran mitigations network defense persistence rdp remote access security tactics techniques threat actor vpn vulnerabilities web shells
- Replies: 0
- Forum: Security Alerts
-
AA20-206A: Threat Actor Exploitation of F5 BIG-IP CVE-2020-5902
Original release date: July 24, 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this alert in response to recently disclosed exploits that target F5 BIG-IP devices that are vulnerable to CVE-2020-5902. F5 Networks, Inc. (F5) released a patch for CVE-2020-5902...- News
- Thread
- cisa credential theft cve-2020-5902 cybersecurity data exfiltration detection digital security exploitation f5 big-ip incident response it security malware mitigation network segmentation patch management remote code execution security advisory system compromise threat actor vulnerability
- Replies: 0
- Forum: Security Alerts
-
AA20-198A: Malicious Cyber Actor Use of Network Tunneling and Spoofing to Obfuscate Geolocation
Original release date: July 16, 2020 Summary This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) and Pre-ATT&CK frameworks. See the MITRE ATT&CK for Enterprise and Pre-ATT&CK frameworks for referenced threat actor techniques. Attributing...- News
- Thread
- access control antivirus best practices cybersecurity denial of service email safety firewall geolocation incident response malicious activity mitigations network tunneling packet spoofing removable media security updates situational awareness spoofing threat actor virtual private network vulnerability
- Replies: 0
- Forum: Security Alerts
-
AA20-107A: Continued Threat Actor Exploitation Post Pulse Secure VPN Patching
Original release date: April 16, 2020 | Last revised: June 30, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques and mitigations...- News
- Thread
- active directory cisa credential dumping cve-2019-11510 cybersecurity detection exploitation incident response indicators of compromise iocs lateral movement mitigation network security pulse secure ransomware remote access remote services threat actor vpn vulnerability
- Replies: 0
- Forum: Security Alerts
-
AA20-107A: Continued Threat Actor Exploitation Post Pulse Secure VPN Patching
Original release date: April 16, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques and mitigations. This Alert provides an update...- News
- Thread
- active directory credential theft cve-2019-11510 cyber threat cybersecurity data exfiltration detection exploitation incident response indicators of compromise lateral movement malware mitigation network security patching pulse secure remote access threat actor vpn vulnerability
- Replies: 0
- Forum: Security Alerts
-
VIDEO AA20-049A: Ransomware Impacting Pipeline Operations
Original release date: February 18, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) framework. See the MITRE ATT&CK for Enterprise and Link Removed frameworks for all referenced threat actor techniques and mitigations. CISA...- News
- Thread
- cisa control systems cybersecurity data backup data integrity emergency response hmi incident response infrastructure it network loss of productivity mitigation network segmentation operational technology ot network phishing pipeline security ransomware spearphishing threat actor
- Replies: 0
- Forum: Security Alerts