Tag: mitre

China-linked cloud credential heist runs on typos and SMTP

Apr 14, 2026 3:52 PM

Tags: access, china, cloud, credentials, detection, espionage, infrastructure, linux, malicious, malware, mitre, monitoring, network, service, tactics, tool

Typosquatting for cloud-native espionage: The campaign relies heavily on deception, the researchers pointed out, using C2 domains closely resembling legitimate Alibaba Cloud services. The typosquatting approach allows malicious traffic to blend into routine cloud operations, specifically in environments where outbound filtering is absent.The implant used is an obfuscated ELF binary, with an executable designed for…
MITRE releases a shared fraud-cyber framework built from real attack data

Apr 13, 2026 7:51 AM

Tags: attack, cyber, data, finance, framework, fraud, mitre

Financial fraud losses in the United States reached $16.6 billion in 2024, up from $4.2 billion in 2020. Behind those numbers is a structural problem: the teams responsible … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/13/mitre-fight-fraud-framework-f3/
MITRE Gave XDR a Perfect Score. Then the Analyst Had to Investigate Alone

Apr 10, 2026 11:53 PM

Tags: edr, mitre

XDR detects threats. It does not investigate them. 80% of analyst time is investigation, and XDR provides zero autonomous capability. Here’s the structural analysis. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/mitre-gave-xdr-a-perfect-score-then-the-analyst-had-to-investigate-alone/
What to Know About CyberAv3ngers: The IRGC-Linked Group Targeting Critical Infrastructure

Apr 10, 2026 1:52 AM

Tags: access, advisory, ai, attack, authentication, automation, backup, cctv, chatgpt, cisa, communications, compliance, control, credentials, crypto, cve, cyber, cybersecurity, data, data-breach, defense, detection, dns, email, exploit, finance, firewall, flaw, government, group, healthcare, infrastructure, intelligence, international, Internet, iot, iran, kev, leak, linux, malicious, malware, mitigation, mitre, monitoring, network, office, openai, password, radius, resilience, risk, router, service, siem, software, strategy, switch, technology, threat, tool, update, vpn, vulnerability, vulnerability-management

An Iran-affiliated threat group has evolved from defacing water utility displays to deploying custom ICS malware and exploiting Rockwell Automation PLCs across multiple U.S. critical infrastructure sectors. Key takeaways: CyberAv3ngers is a state-directed threat group operating under Iran’s IRGC Cyber-Electronic Command. The U.S. Treasury sanctioned six named officials in February 2024 and the State Department…
The tabletop exercise grows up

Apr 8, 2026 11:50 AM

Tags: ai, awareness, breach, business, cisa, ciso, csf, cyber, data, data-breach, framework, guide, ibm, incident response, jobs, metric, mitre, nist, skills, technology, threat

would do. They do not do it.Every experienced facilitator knows the moment: someone in the room challenges the premise and the facilitator asks participants to “suspend disbelief.” That phrase should give us pause. If the scenario requires suspension of disbelief, it is not building preparedness. It is building familiarity with a document.The gap between documentation…
The case for fixing CWE weakness patterns instead of patching one bug at a time

Apr 7, 2026 7:52 AM

Tags: mitre, update, vulnerability

In this Help Net Security interview, Alec Summers, MITRE CVE/CWE Project Lead, discusses how CWE is moving from a background reference into active use in vulnerability … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/07/alec-summers-mitre-cwe-vulnerability-mapping/
MITRE ATTCK v19 Drops April 28: How to Prepare Your SOC for the Defense Evasion Split

Apr 6, 2026 10:51 PM

Tags: defense, framework, mitre, soc, tactics

MITRE ATT&CK v19: What the Defense Evasion Split Means for Your SOC What’s Changing in ATT&CK v19 MITRE ATT&CK v19 drops April 28, 2026. The biggest change: Defense Evasion (TA0005), the framework’s most bloated tactic, is being split into two new tactics with distinct operational meanings. We covered the rationale and early previews back in……
Why Kubernetes controllers are the perfect backdoor

Mar 30, 2026 12:30 PM

Tags: access, api, automation, backdoor, compliance, container, control, kubernetes, malicious, mitre, service, threat

Figure 1: Anatomy of a controller-based attack. The malicious webhook intercepts legitimate pod creation requests and injects a backdoor sidecar before the object is persisted to etcd. Niranjan Kumar Sharma As illustrated in Figure 1, this webhook acts as a controller. Every time a legitimate pod is created (e.g., a payment service), the API server sends…
After Funding Jolt, EU Moves to Back the CVE Vulnerability System

Mar 27, 2026 10:30 PM

Tags: cve, cyber, cybersecurity, mitre, vulnerability

The European Union is stepping forward to reinforce what many experts describe as a bedrock cyber vulnerability tracking system, as questions linger over the long-term sustainability of the Common Vulnerabilities and Exposures Program. The initiative, widely relied upon by cybersecurity professionals worldwide, has come under renewed scrutiny following a contracting scare involving MITRE, prompting discussions about diversification…
What Does MITRE ATTCK Coverage Really Mean?

Mar 10, 2026 3:48 PM

Tags: framework, mitre

Coverage claims without context are one of the most persistent sources of confusion in security tooling. This post breaks down four myths behind ATT&CK coverage claims and offers a more useful framework for thinking about ATT&CK coverage in practice. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/what-does-mitre-attck-coverage-really-mean/
CVE program funding secured, easing fears of repeat crisis

Mar 9, 2026 7:48 PM

Tags: access, advisory, cisa, cve, cyber, cybersecurity, data, framework, governance, government, infrastructure, intelligence, international, mitre, resilience, service, vulnerability, vulnerability-management

Transparency questions remain: Despite the apparent funding stability, the contract itself remains largely opaque, even to members of the CVE board.A source close to the CVE program, who requested anonymity to preserve working relationships with CISA and MITRE, described the agreement as reassuring but lacking transparency.”It’s a mystery contract with a mystery number that has…
4 ways to prepare your SOC for agentic AI

Mar 9, 2026 9:47 AM

Tags: access, ai, attack, automation, best-practice, cloud, compliance, control, cybersecurity, data, defense, detection, edr, framework, governance, guide, identity, injection, intelligence, least-privilege, metric, mitre, radius, RedTeam, risk, siem, skills, soar, soc, threat, tool

Build capabilities for AI governance, content and quality: Upskilling existing analysts alone is not enough. As AI agents begin operating across tools, making decisions and triggering actions with minimal human involvement, the demands on the SOC will extend well beyond traditional analyst capabilities, experts say.Content engineering, for instance, is one emerging requirement. In an AI-enabled…
Tarnung als Taktik: Warum Ransomware-Angriffe raffinierter werden

Mar 9, 2026 5:46 AM

Tags: access, ai, ciso, control, cyber, cyberattack, detection, encryption, endpoint, extortion, framework, intelligence, lockbit, mitre, openai, ransomware, RedTeam, service, software, strategy, threat, tool, vulnerability

Statt eines kurzen, aber sehr schmerzhaften Stiches setzen Cyberkrimelle zunehmend darauf, sich in ihren Opfern festzubeißen und beständig auszusaugen.Ransomware-Angreifer ändern zunehmend ihre Taktik und setzen vermehrt auf unauffällige Infiltration. Dies liegt daran, dass die Drohung mit der Veröffentlichung sensibler Unternehmensdaten zum Hauptdruckmittel bei Erpressungen geworden ist.Der jährliche Red-Teaming-Bericht von Picus Security zeigt, dass Angreifer zunehmen…
Invisible Threats: Source Code Exfiltration in Google Antigravity FireTail Blog

Mar 4, 2026 3:48 PM

Tags: access, ai, attack, breach, exploit, google, injection, jobs, LLM, malicious, malware, mitre, network, phishing, social-engineering, threat

Mar 04, 2026 – Viktor Markopoulos – Invisible Threats: Source Code Exfiltration in Google Antigravity”TL;DR: We explored a known issue in Google Antigravity where attackers can silently exfiltrate proprietary source codeBy hiding malicious instructions inside seemingly empty C++ comments, threat actors can force the AI assistant to package up the developer’s code and send it to…
Shadow AI vs Managed AI: What’s the Difference? FireTail Blog

Mar 4, 2026 12:48 PM

Tags: access, ai, api, attack, breach, chatgpt, ciso, cloud, computer, control, credentials, credit-card, data, data-breach, framework, google, injection, intelligence, Internet, law, LLM, malicious, mitre, monitoring, network, password, phishing, phone, risk, software, switch, threat, tool, training, vulnerability

Mar 04, 2026 – – Quick Facts: Shadow AI vs. Managed AIShadow AI is a visibility gap: It refers to any AI tool used by employees that the IT department doesn’t know about. Most companies have 10x more AI tools in use than they realize.Managed AI is a “Paved Path”: It uses approved, secure versions…
Finally, CTEM and MITRE INFORM Without the Jargon

Mar 3, 2026 5:47 PM

Tags: mitre, threat, vulnerability

Your vulnerability scanner just came back with 10,000 findings. Your pen test report has a 47-page appendix. Your threat intel feed is piling up faster than anyone can read it. And somewhere in the middle of all of it, a real attacker is quietly looking for the one gap that actually matters. The problem isn’t……
Innovation without exposure: A CISO’s secure-by-design framework for business outcomes

Mar 2, 2026 1:47 PM

Tags: ai, authentication, awareness, business, chatgpt, cisa, ciso, cloud, control, cyber, cybersecurity, data, detection, firmware, framework, fraud, governance, identity, injection, iot, law, leak, LLM, metric, mitre, network, nist, offense, radius, RedTeam, resilience, risk, risk-management, service, social-engineering, threat, tool, unauthorized, update

A detection engineer owning “detection as code” patterns and test harnessesA threat hunter owning telemetry quality improvements and query optimizationAn incident responder owning tabletop iterations and runbook hardeningA cloud security lead owning guardrailed landing zone enhancementsThe critical constraint is this: every experiment needs an exit plan. Either it becomes a supported capability, or it is…
How to make LLMs a defensive advantage without creating a new attack surface

Feb 27, 2026 12:37 PM

Tags: access, ai, api, attack, authentication, best-practice, business, control, credentials, cyber, cybersecurity, data, email, exploit, framework, fraud, governance, group, identity, infrastructure, injection, intelligence, international, LLM, login, malware, mitre, nist, phishing, radius, RedTeam, risk, risk-management, scam, spear-phishing, switch, technology, threat, tool, training, unauthorized, update, vulnerability

Alert triage summaries that turn raw telemetry into a short “what happened, why it matters and what I should check next” narrativeInvestigation copilots that generate a timeline from logs, tickets and chat transcripts, then highlight gaps and recommended pivotsDetection engineering assistance for drafting Sigma, YARA or query language snippets that an engineer can review and…
From Exposure to Assurance: How CTEM and MITRE INFORM Enable Modern Cyber Defense

Feb 24, 2026 5:02 PM

Tags: cyber, data, defense, mitre

What if you could prove”, right now”, that your defenses actually work? See how CTEM and MITRE INFORM turn exposure data into real, board-level confidence. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/from-exposure-to-assurance-how-ctem-and-mitre-inform-enable-modern-cyber-defense/
AI Compliance Tools: What to Look For FireTail Blog

Jan 30, 2026 8:42 PM

Tags: ai, antivirus, api, attack, automation, backdoor, business, cloud, compliance, control, credit-card, data, defense, email, finance, framework, GDPR, governance, grc, guide, identity, injection, intelligence, jobs, LLM, login, malicious, mitre, network, nist, okta, remote-code-execution, risk, risk-management, siem, software, threat, tool, training, unauthorized, vulnerability

Jan 30, 2026 – Alan Fagan – Quick Facts: AI Compliance ToolsManual tracking often falls short: Spreadsheets cannot track the millions of API calls and prompts generated by modern AI systems.Real-time is required: The best AI compliance tools monitor live traffic, not just static policy documents.Framework mapping matters: Firetail automatically maps activity to the OWASP…
Hand CVE Over to the Private Sector

Jan 27, 2026 2:21 PM

Tags: cve, mitre, vulnerability

How MITRE has mismanaged the world’s vulnerability database for decades and wasted millions along the way. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/hand-cve-over-to-private-sector
What is AI fuzzing? And what tools, threats and challenges generative AI brings

Jan 15, 2026 9:11 AM

Tags: ai, attack, breach, ceo, chatgpt, china, cisco, cve, cyber, cyberattack, cybercrime, cybersecurity, data, finance, gartner, google, government, group, hacker, injection, intelligence, LLM, malicious, mitre, open-source, RedTeam, russia, service, social-engineering, software, sql, technology, threat, tool, usa, vulnerability

How fuzzing works: In 2019, AI meant machine learning, and it was emerging as a new technique for generating test cases. The way traditional fuzzing works is you generate a lot of different inputs to an application in an attempt to crash it. Since every application accepts inputs in different ways, that requires a lot…
Microsoft’s January 2026 Patch Tuesday Addresses 113 CVEs (CVE-2026-20805)

Jan 14, 2026 12:04 AM

Tags: access, attack, best-practice, cloud, cve, cyber, exploit, firmware, flaw, Internet, malicious, microsoft, mitre, ntlm, office, rce, remote-code-execution, service, social-engineering, sql, technology, update, vulnerability, windows, zero-day

8Critical 105Important 0Moderate 0Low Microsoft addresses 113 CVEs in the first Patch Tuesday of 2026, with two zero-days, including one that was exploited in the wild. Microsoft patched 113 CVEs in its January 2026 Patch Tuesday release, with eight rated critical and 105 rated as important. Our counts omitted one CVE that was assigned by…
Microsoft’s January 2026 Patch Tuesday Addresses 113 CVEs (CVE-2026-20805)

Jan 14, 2026 12:04 AM

Tags: access, attack, best-practice, cloud, cve, cyber, exploit, firmware, flaw, Internet, malicious, microsoft, mitre, ntlm, office, rce, remote-code-execution, service, social-engineering, sql, technology, update, vulnerability, windows, zero-day

8Critical 105Important 0Moderate 0Low Microsoft addresses 113 CVEs in the first Patch Tuesday of 2026, with two zero-days, including one that was exploited in the wild. Microsoft patched 113 CVEs in its January 2026 Patch Tuesday release, with eight rated critical and 105 rated as important. Our counts omitted one CVE that was assigned by…
CWE Top 25 (2026) List of Top 25 Most Dangerous Software Weakness that Developers Need to Focus

Jan 13, 2026 8:01 AM

Tags: control, cyber, mitre, software, vulnerability

MITRE has released a list of Top 25 Most Dangerous Software Errors (CWE Top 25) that are widely spread and leads to serious vulnerabilities. The list was generated based on the vulnerabilities published within the National Vulnerability Database. These vulnerabilities are easily exploitable and allow an attacker to get complete control over the system. Attackers…
Beyond “Is Your SOC AI Ready?” Plan the Journey!

Jan 9, 2026 10:01 PM

Tags: access, ai, api, automation, breach, business, ciso, compliance, control, data, detection, framework, guide, metric, mitre, siem, soar, soc, software, strategy, technology, threat, tool, training, update

You read the “AI-ready SOC pillars” blog, but you still see a lot of this: Bungled AI SOC transition How do we do better? Let’s go through all 5 pillars aka readiness dimensions and see what we can actually do to make your SOC AI-ready. #1 SOC Data Foundations As I said before, this one is my…
INFORM 2026: MITRE’s Updated Threat-Informed Defense Maturity Model Explained

Jan 9, 2026 6:01 PM

Tags: defense, mitre, threat, update

On January 8th, MITRE’s Center for Threat-Informed Defense (CTID) published a significant update to INFORM, its threat-informed defense maturity model. This update reflects the joint efforts of MITRE researchers, AttackIQ, and several CTID members to enhance INFORM based on two years of operational use and broad security community feedback. First seen on securityboulevard.com Jump to…
Top cyber threats to your AI systems and infrastructure

Jan 8, 2026 9:01 AM

Tags: ai, api, attack, best-practice, business, chatgpt, ciso, cloud, cyber, cybersecurity, data, defense, detection, exploit, framework, governance, hacker, infrastructure, injection, intelligence, LLM, malicious, mitre, monitoring, open-source, RedTeam, risk, sans, service, skills, software, strategy, supply-chain, tactics, theft, threat, tool, training, unauthorized, usa, vulnerability

Data poisoning Data poisoning is a type of attack in which bad actorsmanipulate, tamper with, and pollute the data used to develop or train AI systems, including machine learning models. By corrupting the data or introducing faulty data, attackers can alter, bias, or otherwise render inaccurate a model’s performance.Imagine an attack that tells a model…
CrowdStrike erzielt 100 % Erkennung und 100 % Schutz in den bislang anspruchsvollsten MITRE ATTCK Enterprise Evaluations

Jan 8, 2026 6:01 AM

Tags: crowdstrike, mitre

CrowdStrike nahm an der ersten realistischen domänenübergreifenden Angriffssimulation von MITRE teil und erzielte perfekte Ergebnisse ohne »False Positives«. CrowdStrike erzielte in den 2025 MITRE ATT&CK Enterprise Evaluations den technisch anspruchsvollsten in der Geschichte des Programms eine Erkennungsrate von 100 % und einen Schutz von 100 % ohne False Positives [1]. Durch die… First seen on…
Seceon Launches aiBAS360: AI-Powered Breach Attack Simulation Platform Enables Organizations to Test Defenses Against Real-World APTs and Threat Actors

Jan 7, 2026 5:52 AM

Tags: ai, apt, attack, breach, cybersecurity, defense, framework, mitre, mssp, threat

New Platform Features MITRE ATT&CK Framework Mapping and is Now Available Within OTM Platform as well as in aiSIEM-CGuard 2.0; Global Webinar Series Underway to Showcase Capabilities to MSSP Partners Worldwide WESTFORD, Mass., Jan. 6, 2026 /PRNewswire/, Seceon Inc., a global leader in AI/ML-driven cybersecurity solutions, today announced the general availability of aiBAS360, its innovative Breach First…