“security systems, deploy powershell in constrained language mode. - use a tool like windows defender application control ( wdac ) or applocker to create and enforce policies that restrict the execution of script files, such as vbscript (. vbs ), for standard users. - use group po…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.001PowerShell
99%
“signed powershell execution policies, and monitoring for anomalous browser debugging activities. severity : critical threat details and iocs mitigation advice - block the domains ` tebi [. ] io ` and ` accurate - sprout - porpoise [. ] glitch [. ] me ` in your web proxy, dns sink…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.001PowerShell
99%
“your edr or siem to generate a high - priority alert for any process creation event where the windows script host ( ` wscript. exe ` or ` cscript. exe ` ) is the parent process of a powershell ( ` powershell. exe ` ) process. - in your network detection and response ( ndr ) or si…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
98%
“day vulnerability, cve - 2025 - 54236, identified as " sessionreaper, " is being actively exploited across magento e - commerce platforms, enabling attackers to bypass authentication and achieve full server compromise. this flaw facilitates session hijacking and remote code execu…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1071.001Web Protocols
98%
“##82b6e8acb3977497c59c3ac79f973f96c395e7f0ca97f8 ` ), utilizes aes - encrypted payloads with the key ` t2r0y1m1e1n1o0w1 ` and establishes c2 communication via telegram bots, discord, and https to domains such as ` accurate - sprout - porpoise [. ] glitch [. ] me ` and cloudflare …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
97%
“2026 - 1340, in ivanti endpoint manager mobile ( epmm ), both actively exploited and rated with a cvss score of 9. 8. these code injection flaws enable unauthenticated remote code execution, allowing attackers to execute arbitrary commands, access sensitive data, and achieve pers…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
87%
“the same ip, or other anomalous session - related activities. compliance best practices - review and harden your platform ' s session management policies by enforcing strict session invalidation on logout, reducing session timeout periods, and implementing token binding to user i…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
86%
“and implementing web application firewall ( waf ) rules to block exploitation patterns. severity : critical threat details and iocs mitigation advice - apply the security patch for cve - 2025 - 54236 to all magento commerce instances immediately using the composer update process …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
78%
“##hackernews. com / 2026 / 01 / two - ivanti - epmm - zero - day - rce - flaws. html https : / / www. hendryadrian. com / ivanti - warns - of - two - epmm - flaws - exploited - in - zero - day - attacks / https : / / www. thehackerwire. com / ivanti - emm - unauthenticated - rce …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
68%
“- 2025 - 15467 - openssl - pre - auth - rce / https : / / research. jfrog. com / post / potential - rce - vulnerabilityin - openssl - cve - 2025 - 15467 / https : / / socprime. com / blog / cve - 2025 - 15467 - vulnerability / https : / / sploitus. com / exploit? id = 11a67196 - …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1555.003Credentials from Web Browsers
68%
“over post requests with a custom ` content - dpr ` header. credential theft is achieved by suspending chrome processes using pssuspend and leveraging browser debugging protocols ( e. g., ` - - remote - debugging - port = 9222 ` ) to dump saved logins without disk writes, creating…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1003OS Credential Dumping
56%
“over post requests with a custom ` content - dpr ` header. credential theft is achieved by suspending chrome processes using pssuspend and leveraging browser debugging protocols ( e. g., ` - - remote - debugging - port = 9222 ` ) to dump saved logins without disk writes, creating…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1595.002Vulnerability Scanning
48%
“parsing external cms or pkcs # 7 content, including s / mime email processing and applications utilizing the affected apis. discovered by aisle using ai - driven vulnerability discovery and reported on december 14, 2025, this issue is one of 12 vulnerabilities found by the organi…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1071.001Web Protocols
42%
“over post requests with a custom ` content - dpr ` header. credential theft is achieved by suspending chrome processes using pssuspend and leveraging browser debugging protocols ( e. g., ` - - remote - debugging - port = 9222 ` ) to dump saved logins without disk writes, creating…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
39%
“: d +. * $ ). *? / mifs / c / ( aft | app ) store / fob /. *? 404 `, and by monitoring for unusual administrator account activity, authentication setting changes, unexpected application pushes, network configuration alterations, or abnormal outbound network traffic. remediation i…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
36%
“critical internal networks. restrict outbound connections from the appliance to only known - required destinations to prevent lateral movement. - review and test the backup and recovery procedures for critical appliances like ivanti epmm to ensure you can restore the system from …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
35%
“0 - 3. 0. 18, 3. 3. 0 - 3. 3. 5, 3. 4. 0 - 3. 4. 3, 3. 5. 0 - 3. 5. 4, and 3. 6. 0, with fixes available in 3. 0. 19, 3. 3. 6, 3. 4. 4, 3. 5. 5, and 3. 6. 1, respectively ; openssl 1. 1. 1, 1. 0. 2, and fips modules are not affected. this stack buffer overflow occurs in the cms m…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
34%
“potential exploitation attempts. - audit all ivanti epmm appliances for any newly created or modified administrator accounts and review for unexpected changes to sso, ldap, or authentication settings. - review ivanti epmm configurations for any unexpected pushed applications, pol…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1555.003Credentials from Web Browsers
33%
“weekly threat bulletin – february 4th, 2026 tamecat powershell backdoor targets edge and chrome : login credentials at risk tamecat is a sophisticated powershell - based backdoor attributed to apt42, an iranian state - sponsored hacking group, designed to steal login credentials …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.001PowerShell
32%
“weekly threat bulletin – february 4th, 2026 tamecat powershell backdoor targets edge and chrome : login credentials at risk tamecat is a sophisticated powershell - based backdoor attributed to apt42, an iranian state - sponsored hacking group, designed to steal login credentials …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1547.001Registry Run Keys / Startup Folder
30%
“over post requests with a custom ` content - dpr ` header. credential theft is achieved by suspending chrome processes using pssuspend and leveraging browser debugging protocols ( e. g., ` - - remote - debugging - port = 9222 ` ) to dump saved logins without disk writes, creating…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
These are the top threats you should know about this week.