“crypto wallets and chromium - family browsers ; steals. npmrc, cloud provider tokens, and shell history ; and runs a native keylogger on windows, macos, and linux with autostart persistence on all three, " safedep said. security is a team sport. we keep seeing the same gaps becau…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
99%
“investigation into the cybersecurity incident has revealed the teampcp attack affecting the trivy scanner is the " likely vector that enabled the attackers to obtain credentials and to gain unauthorized access to our github repositories. " this, in turn, allowed the attackers to …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
97%
“fines to companies in 2025, a total larger than the last five years combined, per gartner. " regulators are also shifting their efforts away from spreading awareness to full - scale enforcement, " the company said. " this is increasingly becoming the standard in 2026 and beyond. …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
96%
“human trafficking and prostitution, kidnapping, armed robbery, and fraudulent spiritual practices, " europol said. - pypi package hijacked via ci exploit in yet another software supply chain attack, unknown threat actors pushed a malicious version of the popular " elementary - da…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1176Software Extensions
94%
“env. production, from developers ' machines at install time, exfiltrating them to an attacker - controlled endpoint, " socket said. the malicious package is maintained by a user named " sh20raj. " versions 2. 0. 4 through 2. 0. 7 are confirmed malicious. update : in a post shared…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1068Exploitation for Privilege Escalation
92%
“26 elections for the tibetan parliament - in - exile with little impact. the operation, part of spamouflage, a long - running influence network linked to beijing, has used a cluster of 90 facebook profiles and 13 instagram profiles to push criticism of the tibetan government - in…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
91%
“a cellular tower to send phishing texts to nearby phones. these tools trick devices into connecting to them by emitting signals that mimic a legitimate tower. " an sms blaster works by mimicking a legitimate cellular tower. when nearby phones connect to it, users receive fraudule…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1585.002Email Accounts
90%
“filters. the emails, which originate from " noreply @ robinhood [. ] com, " warn of suspicious activity tied to their accounts and urge them to click to complete a security check by clicking on a link that directs to a phishing site. " this phishing attempt was made possible by a…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1176.001Browser Extensions
88%
“env. production, from developers ' machines at install time, exfiltrating them to an attacker - controlled endpoint, " socket said. the malicious package is maintained by a user named " sh20raj. " versions 2. 0. 4 through 2. 0. 7 are confirmed malicious. update : in a post shared…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
87%
“##s are exploiting two authentication bypass vulnerabilities in qinglong, an open - source timed task management platform with over 19, 500 github stars, to deploy cryptocurrency miners. the two flaws – cve - 2026 - 3965 and cve - 2026 - 4047 – enable authentication bypass that r…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1587Develop Capabilities
83%
“investigation into the cybersecurity incident has revealed the teampcp attack affecting the trivy scanner is the " likely vector that enabled the attackers to obtain credentials and to gain unauthorized access to our github repositories. " this, in turn, allowed the attackers to …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1552.001Credentials In Files
81%
“credentials exposed kela said it tracked 2. 86 billion compromised credentials in 2025 globally. these included usernames, passwords, session tokens, cookies found in url, login and password ( ulp ) lists, breached email repositories, and cybercrime marketplaces. at least 347 mil…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
73%
“in - the - middle ( aitm ) features by integrating tools like fm scanner for extracting and analyzing mailbox content. " saiga 2fa is an example of how phishing kits are evolving into application - level platforms, " the company said. " unlike traditional phishing kits, saiga int…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1176Software Extensions
71%
“24 media extensions that are installed on 800, 000 users and collect viewing data and demographic information on major streaming platforms such as netflix, hulu, disney +, amazon prime video, hbo, apple tv, and others, " layerx said. " 12 separate ad blockers with a combined inst…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1176.001Browser Extensions
68%
“24 media extensions that are installed on 800, 000 users and collect viewing data and demographic information on major streaming platforms such as netflix, hulu, disney +, amazon prime video, hbo, apple tv, and others, " layerx said. " 12 separate ad blockers with a combined inst…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1657Financial Theft
68%
“dispatch the legitimate publishing pipeline against it – without ever touching the master branch or opening a pull request, " the company said. the developers urged users who installed 0. 23. 3, or pulled and ran its docker image, to assume compromise and rotate any credentials. …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1587Develop Capabilities
59%
“a cellular tower to send phishing texts to nearby phones. these tools trick devices into connecting to them by emitting signals that mimic a legitimate tower. " an sms blaster works by mimicking a legitimate cellular tower. when nearby phones connect to it, users receive fraudule…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1068Exploitation for Privilege Escalation
44%
“attacker with limited local access needs to first compromise a privileged service that runs under the network service identity, deploy a fake rpc server with the same rpc interface uuid and exposed endpoint name ( i. e., termservice ), listen to specific requests, and then impers…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1204.005Malicious Library
39%
“human trafficking and prostitution, kidnapping, armed robbery, and fraudulent spiritual practices, " europol said. - pypi package hijacked via ci exploit in yet another software supply chain attack, unknown threat actors pushed a malicious version of the popular " elementary - da…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1078.001Default Accounts
39%
“servers a new analysis from forescout has found 1. 8 million rdp and 1. 6 million vnc servers are exposed on the internet. " china accounts for 22 % of exposed rdp and 70 % of exposed vnc servers ; the u. s. accounts for 20 % and 7 % ; germany accounts for 8 % and 2 %, " the comp…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.002Compromise Software Supply Chain
39%
“human trafficking and prostitution, kidnapping, armed robbery, and fraudulent spiritual practices, " europol said. - pypi package hijacked via ci exploit in yet another software supply chain attack, unknown threat actors pushed a malicious version of the popular " elementary - da…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1021.001Remote Desktop Protocol
38%
“servers a new analysis from forescout has found 1. 8 million rdp and 1. 6 million vnc servers are exposed on the internet. " china accounts for 22 % of exposed rdp and 70 % of exposed vnc servers ; the u. s. accounts for 20 % and 7 % ; germany accounts for 8 % and 2 %, " the comp…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1176.002IDE Extensions
37%
“env. production, from developers ' machines at install time, exfiltrating them to an attacker - controlled endpoint, " socket said. the malicious package is maintained by a user named " sh20raj. " versions 2. 0. 4 through 2. 0. 7 are confirmed malicious. update : in a post shared…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1657Financial Theft
35%
“account. - social media scams surge the u. s. federal trade commission ( ftc ) warned of a massive increase in losses from social media scams since 2020, exceeding $ 2. 1 billion in 2025, including $ 794 million to scams that started on facebook, more than on any other platform. …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1589.001Credentials
33%
“dispatch the legitimate publishing pipeline against it – without ever touching the master branch or opening a pull request, " the company said. the developers urged users who installed 0. 23. 3, or pulled and ran its docker image, to assume compromise and rotate any credentials. …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
The internet is noisy this week. We are seeing some wild new tactics, like people using fake cell towers to send scam texts, while some developers are accidentally downloading tools that peek into their private files during a simple install. It is definitely a busy time to be online.
Security is always a moving target. Millions of servers are currently sitting online without any passwords, and