TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

F5 Labs

Weekly Threat Bulletin – March 4th, 2026

2026-03-03 · Read original ↗

ATT&CK techniques detected

9 predictions
T1055.012Process Hollowing
99%
". new dohdoor malware campaign targets education and health care a malicious campaign, active since december 2025, by threat actor uat - 10027, targets education and healthcare sectors in the united states with a previously undisclosed backdoor named dohdoor. this multi - stage a…"
T1055.012Process Hollowing
98%
"strike beacon ) into legitimate windows processes like openwith. exe or imagingdevices. exe, and implements an edr bypass technique by unhooking system calls in ntdll. dll. technical characteristics, including the decryption method, ntdll unhooking, doh implementation, process ho…"
T1190Exploit Public-Facing Application
93%
". critical trend micro apex one vulnerabilities allow remote malicious code execution trend micro has disclosed eight security vulnerabilities impacting its apex one endpoint protection platform, as well as worry - free business security and worry - free business security service…"
T1190Exploit Public-Facing Application
91%
"rce vulnerability. - review servicenow application and system logs for any unusual or anomalous activity related to the ai platform or sandbox environment, particularly around the time the vulnerability was disclosed. compliance best practices - establish or improve a comprehensi…"
T1071.001Web Protocols
65%
". new dohdoor malware campaign targets education and health care a malicious campaign, active since december 2025, by threat actor uat - 10027, targets education and healthcare sectors in the united states with a previously undisclosed backdoor named dohdoor. this multi - stage a…"
T1190Exploit Public-Facing Application
55%
"mode, enabling an attacker to achieve approval - free execution of paths that are explicitly designed to require security approval. the root cause lies in openclaw ' s incomplete interpretation of gnu long - option abbreviations, where the validation routine fails to recognize fu…"
T1071Application Layer Protocol
52%
". new dohdoor malware campaign targets education and health care a malicious campaign, active since december 2025, by threat actor uat - 10027, targets education and healthcare sectors in the united states with a previously undisclosed backdoor named dohdoor. this multi - stage a…"
T1190Exploit Public-Facing Application
35%
"processes, such as anomalous child process creation or network connections to untrusted destinations. https : / / cyberpress. org / critical - trend - micro - apex - one - flaws / https : / / cyberveille. esante. gouv. fr / alertes / trend - micro - cve - 2025 - 71210 - 2026 - 02…"
T1190Exploit Public-Facing Application
31%
"weekly threat bulletin – march 4th, 2026 critical claude code vulnerabilities allowed rce and api key theft across developer workstations check point researchers identified three critical vulnerabilities in claude code, an ai coding tool, stemming from its use of project - level …"

Summary

These are the top threats you should know about this week.