Clankerusecase
MITRE ATT&CK detection coverage
 ← Back to main site
Home/ MITRE Matrix/ Defense Evasion/ T1027

T1027Obfuscated Files or Information

T1027 — Obfuscated Files or Information is a MITRE ATT&CK technique in the Defense Evasion tactic. Clankerusecase tracks 47 detection use cases covering it and 246 threat-intel articles citing it.

Defense Evasion
View on the matrix → Filter Detection Library MITRE official spec ↗
47Use cases
246Articles
18Sub-techniques
1Tactic

Sub-techniques (18)

T1027.001 · Binary PaddingT1027.010 · Command ObfuscationT1027.004 · Compile After DeliveryT1027.015 · CompressionT1027.007 · Dynamic API ResolutionT1027.009 · Embedded PayloadsT1027.013 · Encrypted/Encoded FileT1027.011 · Fileless StorageT1027.006 · HTML SmugglingT1027.005 · Indicator Removal from ToolsT1027.018 · Invisible UnicodeT1027.016 · Junk Code InsertionT1027.012 · LNK Icon SmugglingT1027.014 · Polymorphic CodeT1027.002 · Software PackingT1027.003 · SteganographyT1027.008 · Stripped PayloadsT1027.017 · SVG Smuggling

Use cases covering this technique (47)

File hash IOCs — endpoint file/process match Internal install · alerting DSΣP PowerShell encoded / obfuscated command Internal exploit · alerting DSΣP [WEEKLY] npm/yarn/pnpm Install-Hook Spawn → Credential-Store Read or Worm-Payload Drop in node_modules Internal install · alerting DSΣPDD [WEEKLY] Package-install lifecycle script harvests local credentials and beacons to a non-baselined domain Internal install · alerting DSPDD [WEEKLY] Package Manager Install Hook Spawns Scripting Interpreter Then Touches Credential Files or Egresses Off-Registry Internal install · alerting DSPDD Curl Execution with Percent Encoded URL ESCU actions · hunting P Linux Decode Base64 to Shell ESCU actions · alerting P Linux Obfuscated Files or Information Base64 Decode ESCU actions · hunting P Malicious PowerShell Process - Encoded Command ESCU actions · hunting P Powershell Fileless Script Contains Base64 Encoded Content ESCU actions · alerting P Wermgr Process Create Executable File ESCU actions · alerting P Windows Snake Malware File Modification Crmlog ESCU actions · alerting P Windows TinyCC Shellcode Execution ESCU actions · alerting P Cisco Secure Firewall - Lumma Stealer Activity ESCU actions · alerting P Cisco Secure Firewall - Repeated Malware Downloads ESCU actions · hunting P Cisco Secure Firewall - Snort Rule Triggered Across Multiple Hosts ESCU actions · hunting P [LLM] Talos prevalent malware hash dropped to disk (DeviceFileEvents pivot) Bespoke delivery · hunting DSΣPDDCS [LLM] Write of unattend.xml or ReAgent.xml to system recovery partition (GreatXML staging) Bespoke weapon · alerting DSΣPDDCS [LLM] SPECTRALVIPER known-bad SHA1 observed on disk or in process Bespoke install · alerting DSΣPDDCS [LLM] Miasma stealer payload SHA256 match on disk or in execution Bespoke install · hunting DSΣPDDCS Article-specific behavioural hunt — Hypotheses, telemetry, and human judgment: Inside Cisco Talos Threat Hunting Bespoke exploit · hunting DSP [LLM] PowerShell Invoke-WebRequest dropping script.ps1 to user AppData (KongTuke stage-2) Bespoke install · alerting DSΣPDDCS [LLM] Literal PraisonAI sandbox-escape signature: `print.__self__` + builtins dict access Bespoke exploit · alerting DSΣPDDCS [LLM] TamperedChef scheduled-task persistence via task.xml + obfuscated JS (appsuite-print.js) Bespoke install · alerting DSPDDCS [LLM] On-disk presence of malicious @opensearch-project/opensearch payload SHA256 Bespoke install · hunting DSΣPDDCS [LLM] node-ipc stealer __ntw=1 environment marker in process command line Bespoke install · alerting DSΣPDDCS Article-specific behavioural hunt — Kimsuky targets organizations with PebbleDash-based tools Bespoke exploit · hunting DSP [LLM] TeamPCP Mini Shai-Hulud stealer payload hash match (SHA256/SHA1) Bespoke install · alerting DSΣPDDCS [LLM] Mini Shai-Hulud router_init.js dropped at npm package root in node_modules Bespoke install · alerting DSΣPDDCS [LLM] Mini Shai-Hulud Wave 4 (TanStack/TeamPCP) worm payload file created in node_modules Bespoke install · hunting DSΣPDD [LLM] Known-malicious bw_setup.js / bw1.js SHA256 dropped under @bitwarden/cli Bespoke install · alerting DSΣPDDCS [LLM] lightning PyPI compromise artifacts: start.py / router_runtime.js write Bespoke install · hunting DSΣPDD [LLM] Mini Shai-Hulud payload file drop: setup.mjs/execution.js by hash & size in node_modules Bespoke install · hunting DSΣPDD Article-specific behavioural hunt — axios Compromised on npm - Malicious Versions Drop Remote Access Trojan Bespoke exploit · hunting DSP [LLM] Python spawning python -c with base64.b64decode exec (litellm .pth stage-1 launcher) Bespoke install · alerting DSΣPDDCS [LLM] ForceMemo: init.json persistence file or i.js loader dropped by Python in user home root Bespoke install · hunting DSΣPDD Article-specific behavioural hunt — Glassworm Strikes Popular React Native Phone Number Packages Bespoke exploit · hunting DSP [LLM] GlassWorm invisible-Unicode decoder signature (variation-selector eval loader) in process cmdline Bespoke exploit · hunting DSΣPDD [LLM] Prompt-injection markers (base64, Unicode tags, 'ignore previous instructions') in SKILL.md content Bespoke weapon · hunting DSPDDCS Article-specific behavioural hunt — Fake Clawdbot VS Code Extension Installs ScreenConnect RAT Bespoke exploit · hunting DSP Article-specific behavioural hunt — G_Wagon: npm Package Deploys Python Stealer Targeting 100+ Crypto Wallets Bespoke exploit · hunting DSP [LLM] G_Wagon npm postinstall spawns python with stdin pipe (fileless payload exec) Bespoke install · alerting DSΣPDDCS [LLM] G_Wagon Python runtime drop into npm cache with lib_core/renderer or python_runtime paths Bespoke install · alerting DSΣPDDCS Article-specific behavioural hunt — LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Ja Bespoke exploit · hunting DSP [LLM] Bun/Node executing the Sha1-Hulud worm payload (setup_bun.js / bun_environment.js) Bespoke install · alerting DSΣPDDCS [LLM] Execution / write of ESET APT Q2-Q3 2025 known-bad SHA256 payload Bespoke install · hunting DSΣPDDCS [LLM] cups-browsed writing new PPD or config under /etc/cups or /var/cache/cups Bespoke install · hunting DSΣPDDCS

Articles citing this technique (246)

high Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit art-17
high Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to Launch Stealthy Cyberattacks art-19
high Over 400 Arch Linux packages compromised to push rootkit, infostealer art-25
high Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Credentials, and Wallet Secrets art-26
crit Early Warning Signs of Supply-Chain Attacks Live in the Dark Web art-27
med Over 73,000 French govt employees affected in Tchap messenger breach art-35
high A tale of two eras art-40
crit New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files art-42
crit The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm art-44
high Miasma and Hades Are Spreading Now: Detect Them on Developer Machines with Suspicious Files art-45
high npm v12 delivers one of the biggest security improvements in years art-46
crit Cybersecurity Stars Awards 2026: Winners Announced Across 95 Categories art-48
crit OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack art-53
crit OceanLotus: From external espionage to domestic targeting art-54
high Code is being written everywhere, and the device is the only constant art-58
high Pythagora-io/gpt-pilot Compromised on GitHub - Shai-Hulud Credential Stealer Blocked by Python Linter art-78
crit Miasma Worm Hits Microsoft Again: Azure Functions Action and 72 Other Repositories Disabled After Supply Chain Attack Targeting AI Coding Ag art-79
crit Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues art-82
crit Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now art-84
crit Wait, binding.gyp Can Do What? Exploring npm's Weirdest Build System art-85
crit WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine art-86
high Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer art-90
crit Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files Contempt Order art-101
crit AI brands as bait: How threat actors are using the AI hype in social engineering art-102
crit VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances art-107
crit CISA KEV: CVE-2026-50751 — Check Point Security Gateway Improper Authentication Vulnerability art-111
high Securing CI/CD in an agentic world: Claude Code Github action case art-117
crit [GHSA / CRITICAL] GHSA-jpvj-wpmj-h7rv: Supply chain compromise via malicious @cap-js/openapi art-123
high Reporting from Vegas: Networking, AI, and good boys art-126
crit Miasma npm Supply Chain Attack: Self-Spreading Worm via Phantom Gyp art-127
high Hypotheses, telemetry, and human judgment: Inside Cisco Talos Threat Hunting art-129
high Node-gyp Supply Chain Compromise: A Self-Propagating npm Worm That Hides in binding.gyp art-130
high Argamal: Malware hidden in hentai games art-137
crit Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign art-139
high Why EDR and proxy won’t save you from supply chain malware art-142
crit The npm Threat Landscape: Attack Surface and Mitigations (Updated June 2) art-143
high Multiple redhat-cloud-services npm Packages compromised art-144
high Laravel-Lang Supply Chain Attack: Every Tag Across Multiple Composer Packages Rewritten to Steal CI Secrets art-145
high Nx Console VS Code Extension Compromised art-146
crit Operation FlutterBridge: macOS Malvertising Campaign Spreads New FlutterShell Backdoor art-150
high Protestware by open source maintainer to hinder agentic coding: The jqwik 1.10.0 Prompt Injection art-151
crit Containers on fire: from container escapes to supply chain attacks art-158
high Miasma supply chain attack: malicious code found in @redhat-cloud-services npm packages art-159
crit Malicious npm packages abuse dependency confusion to profile developer environments art-161
crit [GHSA / CRITICAL] CVE-2026-47392: PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subpro art-166
high Typosquatted npm packages used to steal cloud and CI/CD secrets art-183
high Less panic patching, more precision art-185
high What MDM can't protect on developer machines (and what to do about it) art-186
med Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years art-190
crit CISA KEV: CVE-2026-48027 — Nx Console Embedded Malicious Code Vulnerability art-203
crit CISA KEV: CVE-2026-45321 — TanStack Unspecified Vulnerability art-204
crit CISA KEV: CVE-2026-8398 — Daemon Tools Lite Embedded Malicious Code Vulnerability art-205
high Why developer machines are now the number one target for supply chain attacks art-208
crit BTMOB: A stealthy RAT burrowing deep into Android devices art-209
crit Laravel Lang Supply Chain Advisory art-211
high Megalodon: Mass GitHub Actions Secret Exfiltration Across 5,500+ Public Repositories art-215
crit Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns art-217
crit Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload art-219
crit [GHSA / CRITICAL] CVE-2026-46703: Boxlite: Path Traversal Vulnerability Leads to Arbitrary File Write on the Host art-223
high The art of being ungovernable art-228
crit 5 Supply Chain Attacks in 48 Hours: Why Securing One Layer Is Not Enough art-230
crit [GHSA / CRITICAL] CVE-2026-46421: Supply chain compromise via malicious package versions (@cap-js/sqlite, @cap-js/postgres, @cap-js/db-serv art-235
crit The Wild West of VS Code extensions and how a poisoned extension breached GitHub art-236
crit Tracking TamperedChef Clusters via Certificate and Code Reuse art-237
high GitHub breached via a malicious VS Code extension: why developer devices are the real target art-238
crit Webworm: New burrowing techniques art-240
crit The AntV Supply Chain Campaign Expands: Microsoft's `durabletask` PyPI Package Compromised art-248
high Microsoft's durabletask package on PyPi Compromised. Mini Shai Hulud attacks again... again! art-254
crit [GHSA / CRITICAL] GHSA-27f5-xjrr-q9ff: Malware in @opensearch-project/opensearch art-263
crit From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat art-265
crit Mini Shai-Hulud strikes again: npm worm compromises hundreds of @antv packages art-267
crit Active Supply Chain Attack: Malicious node-ipc Versions Published to npm art-269
crit Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Published via Compromised Maintainer Account art-270
crit [GHSA / CRITICAL] GHSA-wx9m-wx4f-4cmg: Malicious dropper in mistralai 2.4.6 PyPI package art-272
high Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files art-281
crit Malicious node-ipc versions published to npm in suspected maintainer account compromise art-284
crit [GHSA / CRITICAL] CVE-2026-45369: utcp-cli Vulnerable to Command Injection via Unsanitized Argument Substitution in CLI Communication Protoc art-288
high The time of much patching is coming art-296
crit Kimsuky targets organizations with PebbleDash-based tools art-308
crit FrostyNeighbor: Fresh mischief and digital shenanigans art-309
crit TeamPCP's Mini Shai-Hulud Is Back: A Self-Spreading Supply Chain Attack Compromises TanStack npm Packages art-312
crit Mini Shai-Hulud Is Back: npm Worm Hits over 160 Packages, including Mistral and Tanstack art-315
crit Inside AD CS Escalation: Unpacking Advanced Misuse Techniques and Tools art-316
crit TanStack Npm Packages Compromised Inside The Mini Shai Hulud Supply Chain Attack art-318
crit PCPJack | Cloud Worm Evicts TeamPCP and Steals Credentials at Scale art-322
crit Fake call logs, real payments: How CallPhantom tricks Android users art-323
crit Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution art-325
crit A rigged game: ScarCruft compromises gaming platform in a supply-chain attack art-332
crit Shai-Hulud Worm Pivots to Multi-Cloud: intercom-client@7.0.4 Hijacked — 361,000 Weekly Downloads, AWS, GCP, and Azure Credentials Now in Sco art-333
crit Bitwarden CLI Hijacked on npm: Bun-Staged Credential Stealer Targets Developers, GitHub Actions, and AI Tools art-335
crit CanisterSprawl: pgserve Compromised on npm: Malicious Versions Harvest Credentials and Exfiltrate to a Decentralized ICP Canister art-336
high Popular PyTorch Lightning Package Compromised by Mini Shai-Hulud art-339
crit lightning PyPI Compromise: A Bun-Based Credential Stealer in Python art-343
crit Mini Shai-Hulud Targets SAP npm Packages With a Bun-Based Secret Stealer art-345
high Someone published four versions of a fake "tanstack" package in 27 minutes to steal your .env files art-346
high "A Mini Shai-Hulud Has Appeared": Bun-Based Stealer Hits SAP @cap-js and mbt npm Packages art-348
high Malicious Release of elementary-data PyPI Package Steals Cloud Credentials from Data Engineers art-352
crit fast16 | Mystery Shadow Brokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet art-360
high Is Shai-Hulud Back? Compromised Bitwarden CLI Contains a Self-Propagating npm Worm art-361
crit GopherWhisper: A burrow full of malware art-362
high GPT-Proxy Backdoor in npm and PyPI turns Servers into Chinese LLM Relays art-367
crit What the ransom note won’t say art-370
high Securing Vibe Coding and AI Coding Agents: An End-to-End Approach with StepSecurity art-395
crit Behind the Scenes: How StepSecurity Detected and Helped Remediate the Largest npm Supply Chain Attack art-400
crit axios Compromised on npm - Malicious Versions Drop Remote Access Trojan art-401
high hackerbot-claw: An AI-Powered Bot Actively Exploiting GitHub Actions - Microsoft, DataDog, and CNCF Projects Hit So Far art-403
high GlassWorm goes native: New Zig dropper infects every IDE on your machine art-405
high Malicious IoliteLabs VSCode Extensions Target Solidity Developers on Windows, macOS, and Linux with Backdoor art-412
crit TeamPCP Plants WAV Steganography Credential Stealer in telnyx PyPI Package art-413
high Axios npm Package Compromised: Supply Chain Attack Delivers Cross-Platform RAT art-420
high axios compromised on npm: maintainer account hijacked, RAT deployed art-421
crit litellm: Credential Stealer Hidden in PyPI Wheel art-423
crit Popular telnyx package compromised on PyPI by TeamPCP art-425
high CanisterWorm: How a Self-Propagating npm Worm Is Spreading Backdoors Across the Ecosystem art-429
crit bittensor-wallet 4.0.2 Compromised on PyPI - Backdoor Exfiltrates Private Keys art-431
high Malicious npm Releases Found in Popular React Native Packages - 130K+ Monthly Downloads Compromised art-432
crit Malicious Polymarket Bot Hides in Hijacked dev-protocol GitHub Org and Steals Wallet Keys art-433
crit ForceMemo: Hundreds of GitHub Python Repos Compromised via Account Takeover and Force-Push art-434
high xygeni-action Compromised: C2 Reverse Shell Backdoor Injected via Tag Poisoning art-435
high TeamPCP deploys CanisterWorm on NPM following Trivy compromise art-445
crit EDR killers explained: Beyond the drivers art-455
crit GlassWorm Hides a RAT Inside a Malicious Chrome Extension art-458
crit fast-draft Open VSX Extension Compromised by BlokTrooper art-459
crit Securing the Agent Skills Registry: How Snyk and Tessl Are Setting the Standard art-465
high Glassworm Strikes Popular React Native Phone Number Packages art-466
crit Glassworm Is Back: A New Wave of Invisible Unicode Attacks Hits Hundreds of Repositories art-468
high DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear art-470
high kubernetes-el Compromised: How a Pwn Request Exploited a Popular Emacs Package art-475
crit Sednit reloaded: Back in the trenches art-477
crit PlugX Meeting Invitation via MSBuild and GDATA art-503
high 20+ Popular NPM Packages Compromised (Chalk, Debug, Strip-ANSI, Color-Convert, Wrap-ANSI...) art-537
high 2024 in Review: The Evolution of CI/CD Security & What's Next art-538
crit Operation MacroMaze: new APT28 campaign using basic tooling and legit infrastructure art-542
high Harden-Runner detection: tj-actions/changed-files action is compromised art-556
high Why Your “Skill Scanner” Is Just False Security (and Maybe Malware) art-561
crit Snyk Finds Prompt Injection in 36%, 1467 Malicious Payloads in a ToxicSkills Study of Agent Skills Supply Chain Compromise art-574
crit DynoWiper update: Technical analysis and attribution art-590
high Fake Clawdbot VS Code Extension Installs ScreenConnect RAT art-594
high ESET Research: Sandworm behind cyberattack on Poland’s power grid in late 2025 art-603
high G_Wagon: npm Package Deploys Python Stealer Targeting 100+ Crypto Wallets art-604
high Gone Phishin': npm Packages Serving Custom Credential Harvesting Pages art-605
crit Malicious PyPI Packages spellcheckpy and spellcheckerpy Deliver Python RAT art-608
high The Holiday Whisper: Shai-Hulud 3.0 art-635
crit LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan art-642
high How Harden Runner Detected the Sha1-Hulud Supply Chain Attack in CNCF's Backstage Repository art-652
high Sha1-Hulud: The Second Coming - Zapier, ENS Domains, and Other Prominent NPM Packages Compromised art-653
high Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182) art-673
high SHA1-Hulud, npm supply chain incident art-686
crit Shai-Hulud: Self-Replicating Worm Compromises 500+ NPM Packages art-690
crit PlushDaemon compromises network devices for adversary-in-the-middle attacks art-695
crit CISA KEV: CVE-2025-21042 — Samsung Mobile Devices Out-of-Bounds Write Vulnerability art-712
crit The who, where, and how of APT attacks in Q2 2025–Q3 2025 art-714
crit CISA KEV: CVE-2025-24893 — XWiki Platform Eval Injection Vulnerability art-726
crit Gotta fly: Lazarus targets the UAV sector art-734
crit CISA KEV: CVE-2025-61932 — Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability art-738
crit Phishing Campaign Leveraging the NPM Ecosystem art-754
crit CISA KEV: CVE-2025-61882 — Oracle E-Business Suite Unspecified Vulnerability art-764
crit CISA KEV: CVE-2025-21043 — Samsung Mobile Devices Out-of-Bounds Write Vulnerability art-768
crit CISA KEV: CVE-2025-10035 — Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability art-773
crit CISA KEV: CVE-2025-20352 — Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability art-774
crit s1ngularity: Popular Nx Build System Package Compromised with Data-Stealing Malware art-778
high Zero-day Extensive NPM Package Compromise - Shai Hulud Supply Chain Attack art-789
crit CISA KEV: CVE-2025-5086 — Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability art-790
crit CISA KEV: CVE-2025-53690 — Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability art-799
high Suspicious Tag Movement in AWS’s GitHub Action: What Happened and Why It Matters art-814
crit When 'Changed Files' Changed Everything: Our Black Hat 2025 Presentation on the tj-actions Supply Chain Breach art-815
crit CISA KEV: CVE-2025-8088 — RARLAB WinRAR Path Traversal Vulnerability art-820
crit CISA KEV: CVE-2013-3893 — Microsoft Internet Explorer Resource Management Errors Vulnerability art-822
crit Lessons from AWS CodeBuild’s Memory-Dump Incident (CVE-2025-8217) art-823
high Supply Chain Security Alert: num2words PyPI Package Shows Signs of Compromise art-824
crit Maintainers of ESLint Prettier Plugin Attacked via npm Supply Chain Malware art-837
crit CISA KEV: CVE-2025-49704 — Microsoft SharePoint Code Injection Vulnerability art-841
high Cursor IDE Malware Extension Compromise in $500k Crypto Heist art-842
crit CISA KEV: CVE-2025-53770 — Microsoft SharePoint Deserialization of Untrusted Data Vulnerability art-844
crit CISA KEV: CVE-2025-47812 — Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability art-847
crit CISA KEV: CVE-2023-33538 — TP-Link Multiple Routers Command Injection Vulnerability art-868
crit CISA KEV: CVE-2025-33053 — Microsoft Windows External Control of File Name or Path Vulnerability art-874
crit CISA KEV: CVE-2024-42009 — RoundCube Webmail Cross-Site Scripting Vulnerability art-876
crit CISA KEV: CVE-2025-35939 — Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability art-888
crit CISA KEV: CVE-2024-27443 — Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability art-900
crit CISA KEV: CVE-2025-27920 — Srimax Output Messenger Directory Traversal Vulnerability art-901
crit CISA KEV: CVE-2024-11182 — MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability art-902
crit CISA KEV: CVE-2025-4428 — Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability art-903
crit CISA KEV: CVE-2025-42999 — SAP NetWeaver Deserialization Vulnerability art-904
crit CISA KEV: CVE-2024-12987 — DrayTek Vigor Routers OS Command Injection Vulnerability art-905
crit CISA KEV: CVE-2025-32756 — Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability art-906
crit CISA KEV: CVE-2024-11120 — GeoVision Devices OS Command Injection Vulnerability art-914
crit CISA KEV: CVE-2025-3248 — Langflow Missing Authentication Vulnerability art-917
crit CISA KEV: CVE-2025-31324 — SAP NetWeaver Unrestricted File Upload Vulnerability art-923
crit CISA KEV: CVE-2025-24054 — Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability art-929
crit CISA KEV: CVE-2021-20035 — SonicWall SMA100 Appliances OS Command Injection Vulnerability art-933
crit CISA KEV: CVE-2025-29824 — Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability art-936
crit CISA KEV: CVE-2025-30406 — Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability art-937
crit CISA KEV: CVE-2025-31161 — CrushFTP Authentication Bypass Vulnerability art-938
crit CISA KEV: CVE-2025-22457 — Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability art-939
crit CISA KEV: CVE-2025-2783 — Google Chromium Mojo Sandbox Escape Vulnerability art-945
crit CISA KEV: CVE-2025-30154 — reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability art-947
crit CISA KEV: CVE-2025-30066 — tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability art-955
crit CISA KEV: CVE-2025-24472 — Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability art-956
crit Reconstructing the TJ Actions Changed Files GitHub Actions Compromise art-957
crit CISA KEV: CVE-2025-21590 — Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability art-960
crit CISA KEV: CVE-2025-26633 — Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability art-970
crit CISA KEV: CVE-2024-57968 — Advantive VeraCore Unrestricted File Upload Vulnerability art-972
crit CISA KEV: CVE-2025-25181 — Advantive VeraCore SQL Injection Vulnerability art-973
crit CISA KEV: CVE-2025-22224 — VMware ESXi and Workstation TOCTOU Race Condition Vulnerability art-979
crit CISA KEV: CVE-2023-20118 — Cisco Small Business RV Series Routers Command Injection Vulnerability art-984
crit CISA KEV: CVE-2024-41710 — Mitel SIP Phones Argument Injection Vulnerability art-1002
crit CISA KEV: CVE-2025-0994 — Trimble Cityworks Deserialization Vulnerability art-1006
crit CISA KEV: CVE-2025-0411 — 7-Zip Mark of the Web Bypass Vulnerability art-1012
crit CISA KEV: CVE-2024-50603 — Aviatrix Controllers OS Command Injection Vulnerability art-1027
med Snyk Security Labs Testing Update: Cursor.com AI Code Editor art-1029
crit CISA KEV: CVE-2025-0282 — Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability art-1037
crit CISA KEV: CVE-2021-44207 — Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability art-1044
crit CISA KEV: CVE-2024-55956 — Cleo Multiple Products Unauthenticated File Upload Vulnerability art-1051
high Ultralytics AI Pwn Request Supply Chain Attack art-1055
crit CISA KEV: CVE-2024-11667 — Zyxel Multiple Firewalls Path Traversal Vulnerability art-1063
crit CISA KEV: CVE-2024-9474 — Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability art-1078
crit CISA KEV: CVE-2024-49039 — Microsoft Windows Task Scheduler Privilege Escalation Vulnerability art-1089
crit CISA KEV: CVE-2024-47575 — Fortinet FortiManager Missing Authentication Vulnerability art-1103
crit CISA KEV: CVE-2024-38094 — Microsoft SharePoint Deserialization Vulnerability art-1106
crit CISA KEV: CVE-2024-9680 — Mozilla Firefox Use-After-Free Vulnerability art-1114
crit CISA KEV: CVE-2024-9380 — Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability art-1119
crit CISA KEV: CVE-2023-25280 — D-Link DIR-820 Router OS Command Injection Vulnerability art-1133
high Zero-day RCE vulnerability found in CUPS - Common UNIX Printing System art-1134
crit CISA KEV: CVE-2024-8963 — Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability art-1140
crit CISA KEV: CVE-2014-0502 — Adobe Flash Player Double Free Vulnerablity art-1147
crit CISA KEV: CVE-2024-6670 — Progress WhatsUp Gold SQL Injection Vulnerability art-1151
crit CISA KEV: CVE-2024-8190 — Ivanti Cloud Services Appliance OS Command Injection Vulnerability art-1153
crit CISA KEV: CVE-2024-38217 — Microsoft Windows Mark of the Web (MOTW) Protection Mechanism Failure Vulnerability art-1154
crit CISA KEV: CVE-2024-7262 — Kingsoft WPS Office Path Traversal Vulnerability art-1163
crit CISA KEV: CVE-2024-39717 — Versa Director Dangerous File Type Upload Vulnerability art-1172
crit CISA KEV: CVE-2024-38213 — Microsoft Windows SmartScreen Security Feature Bypass Vulnerability art-1185
crit CISA KEV: CVE-2024-38178 — Microsoft Windows Scripting Engine Memory Corruption Vulnerability art-1186
crit CISA KEV: CVE-2018-0824 — Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability art-1193
crit CISA KEV: CVE-2012-4792 — Microsoft Internet Explorer Use-After-Free Vulnerability art-1202
crit CISA KEV: CVE-2024-36401 — OSGeo GeoServer GeoTools Eval Injection Vulnerability art-1209
crit CISA KEV: CVE-2024-23692 — Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability art-1213
crit CISA KEV: CVE-2024-26169 — Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability art-1230
crit CISA KEV: CVE-2024-4577 — PHP-CGI OS Command Injection Vulnerability art-1234
med Preventing broken access control in express Node.js applications art-1243
crit The XZ backdoor CVE-2024-3094 art-1266
high GitHub “besieged” by malware repositories and repo confusion: Why you'll be ok art-1272
med Real-time threat protection with Snyk and SentinelOne art-1337
high Modern VS Code extension development tutorial: Building a secure extension art-1369
high What are AI hallucinations and why should developers care? art-1395
med Building a security-conscious CI/CD pipeline art-1423