MITRE ATT&CK Mapping

HackRead Data Breach Mar 24

OVHcloud Founder Denies Massive 590TB Data Breach Claims

OVHcloud denies breach after hacker claims 600TB data theft affecting millions of sites, with experts doubting authenticity due to weak proof

T1041

HackRead →

BleepingComputer Data Breach Mar 24

Infinite Campus warns of breach after ShinyHunters claims data theft

Infinite Campus, a widely used K-12 student information system, is warning customers of a data breach following an extortion attempt by a threat actor. [.

T1041

BleepingComputer →

Krebs on Security Malware Mar 23

‘CanisterWorm’ Springs Wiper Attack Targeting Iran

A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secure...

T1041 T1529

Krebs on Security →

Check Point Research Data Breach Check Point Intel Mar 23

23rd March – Threat Intelligence Report

For the latest discoveries in cyber research for the week of 23rd March, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Navia Ben...

T1041

Check Point Research →

The Hacker News Malware Mar 19

Speagle Malware Hijacks Cobra DocGuard to Steal Data via Compromised Servers

Cybersecurity researchers have flagged a new malware dubbed Speagle that hijacks the functionality and infrastructure of a legitimate program called Cobra Do...

T1041

The Hacker News →

The Hacker News Vulnerability Disclosure Amazon Intel Mar 17

AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE

Cybersecurity researchers have disclosed details of a new method for exfiltrating sensitive data from artificial intelligence (AI) code execution environment...

T1041

The Hacker News →

Rapid7 Blog Vulnerability Disclosure Microsoft Rapid7 Mar 16

Rapid7 Guidance on Observed Microsoft Teams Phishing Campaigns

The Rapid7 MDR team is currently monitoring an increase in phishing campaigns where threat actors (TAs) impersonate internal IT departments via Microsoft Tea...

T1566 T1204 T1021 +1

Rapid7 Blog →

Infosecurity Magazine General Amazon Mar 16

Security Flaw in AWS Bedrock Code Interpreter Raises Alarms

DNS-based attack in AWS Bedrock AgentCore lets AI sandboxes exfiltrate cloud data

T1041

Infosecurity Magazine →

Rapid7 Blog Phishing Mar 11

Iran’s Cyber Playbook in the Escalating Regional Conflict

Following our recent published advisories, this publication is intended to outline a summary of the cyber activities associated with the tension. Based on th...

T1566 T1041

Rapid7 Blog →

SentinelOne Blog General Amazon Fortinet Mar 10

FortiGate Edge Intrusions | Stolen Service Accounts Lead to Rogue Workstations and Deep AD Compromise

FortiGate SSO flaws allows attackers to steal configs, abuse AD creds, deploy RMM tools, and exfiltrate NTDS files.

T1041

SentinelOne Blog →

Rapid7 Blog Campaigns Microsoft Cloudflare Rapid7 WordPress Mar 10

When Trusted Websites Turn Malicious: WordPress Compromises Advance Global Stealer Operation

Overview Rapid7 Labs has identified and analyzed an ongoing, widespread compromise of legitimate, potentially highly trusted WordPress websites, misused by a...

T1078 T1041

Rapid7 Blog →

Infosecurity Magazine Vulnerability Disclosure Apple Mar 5

Coruna Exploit Kit Targets Older iPhones in Multi-Stage Campaigns

Exploit kit "Coruna" targets iPhones running iOS 13.0 to 17.

T1041 T1588

Infosecurity Magazine →

Check Point Research CVE Check Point Feb 25

Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files | CVE-2025-59536 | CVE-2026-21852

By Aviv Donenfeld and Oded Vanunu Executive Summary Check Point Research has discovered critical vulnerabilities in Anthropic’s Claude Code that allow attack...

T1190 T1041 2 IOCs

Check Point Research →

Infosecurity Magazine General Feb 24

AI Accelerates Attacker Breakout Time to Just Four Minutes

ReliaQuest claims AI has reduced breakout and exfiltration time to under 10 minutes

T1041

Infosecurity Magazine →

Infosecurity Magazine General Microsoft Amazon Feb 19

Flaws in Popular Software Development App Extensions Allow Data Exfiltration

Four serious new vulnerabilities affect Microsoft Visual Studio Code, Cursor and Windsurf extensions, three of which remain unpatched

T1041

Infosecurity Magazine →

Infosecurity Magazine TTPs Linux Feb 9

VoidLink Malware Exhibits Multi-Cloud Capabilities and AI Code

VoidLink, a Linux-based C2 framework, facilitates credential theft, data exfiltration across clouds

T1078 T1041

Infosecurity Magazine →

Infosecurity Magazine Vulnerability Disclosure Docker Feb 3

DockerDash Exposes AI Supply Chain Weakness In Docker's Ask Gordon

DockerDash vulnerability allows RCE and data exfiltration via unverified metadata in Ask Gordon

T1041

Infosecurity Magazine →

Mandiant Blog TTPs Jan 30

Vishing for Access: Tracking the Expansion of ShinyHunters-Branded SaaS Data Theft

Introduction Mandiant has identified an expansion in threat activity that uses tactics, techniques, and procedures (TTPs) consistent with prior ShinyHunters-...

T1566 T1041

Mandiant Blog →

Mandiant Blog Phishing Jan 30

Guidance from the Frontlines: Proactive Defense Against ShinyHunters-Branded Data Theft Targeting SaaS

Introduction Mandiant is tracking a significant expansion and escalation in the operations of threat clusters associated with ShinyHunters-branded extortion.

T1566 T1041

Mandiant Blog →

Infosecurity Magazine Ransomware Jan 15

Hackers Increasingly Shun Encryption in Favour of Pure Data Theft and Extortion

While ‘traditional’ ransomware attacks remain stable, some gangs are shifting towards exploiting zero-days and supply chains to go straight to stealing data

T1041

Infosecurity Magazine →