Incidents

Axios supply chain attack

Apifox supply chain attack

BuddyBoss supply chain attack

LiteLLM supply chain attack

KICS supply chain attack

Exploitation of S1ngularity-exposed cloud keys for lateral movement

xygeni-action repository hijack

PolinRider supply chain attack

LexisNexis breach

Trivy supply chain attack

SANDWORM_MODE: Typosquatted npm Packages Used to Hijack CI Workflows

SSHStalker Linux Botnet campaign

TeamPCP Cloud-Native Campaign Targeting Exposed Control Planes

Supply-Chain Hijacking of Notepad++ Updates via Hosting Provider Compromise

Supply-Chain Attack via Force Pushes on Plone GitHub Repositories

Operation Bizarre Bazaar: Commercialized LLMjacking

Cloud-Native Phishing Infrastructure via Abused AWS WorkMail

Canonical Snap Store Hijacking Campaign

VoidLink: A Cloud-Native Linux Malware Framework

GeoServer RCE Exploited in CoinMiner Campaigns

Amadey Loader Abuses Compromised Self-Hosted GitLab to Deliver StealC Infostealer

China-nexus Campaign Exploits CVE-2025-20393 in Cisco Email Security Devices

Shai-Hulud 2.0 Supply Chain Attack

Cryptomining Campaign Exploiting Exposed Ray AI Infrastructure

Cisco ISE Vulnerability Exploited as 0day by APT

Unauthenticated Remote Access via Triofox Vulnerability Exploited by UNC6485

Gambling Network Exploits Abandoned Subdomains

China-Linked Actors Target U.S. Policy-Oriented Non-Profit Organisations

TruffleNet Campaign Exploits AWS SES for Large-Scale Cloud Abuse and BEC Fraud

Tata Motors Hardcoded AWS Keys and API Tokens Exposed

IIS Backdoor Exploiting Exposed ASP.NET Machine Keys

PassiveNeuron Campaign: Espionage Campaign Targeting Windows Server Environments

F5 incident

eBPF Rootkit Targeting AWS and Linux Environments

Supply Chain Risk in Axis Autodesk Revit Plugin Due to Exposed Azure Storage Credentials

“Crimson Collective” Claims Theft of Customer Data from Red Hat

Cl0p Extortion Campaign Claims Theft via Oracle E-Business Suite

Renewed "ArcaneDoor" Campaign Targeting 0-day Vulnerabilities in Cisco ASA

BRICKSTORM Espionage Backdoor Targeting U.S. Tech and Legal Sectors

SonicWall MySonicWall Cloud Backup File Security Incident

Shai-Hulud: Ongoing Package Supply Chain Compromise Delivering Data-Stealing Malware

Qix npm package supply chain compromise

GhostAction campaign

Compromised Salesloft Drift Tokens Enable Data Theft Across Integrations

Storm-0501 Deploys Cloud-Based Ransomware

Nx Package Supply Chain Compromise Delivers Data-Stealing Malware

GENESIS PANDA's Cloud Intrusions: Persistent Control Plane Exploitation and Access Brokerage

Silk Typhoon Exploiting Trusted Relationships for Cloud Environments Compromise

Salesloft Drift supply chain compromise

Warlock Ransomware Exploiting Sharepoint Vulnerabilities

DripDropper Malware Exploits Patched Apache ActiveMQ for Persistence on Cloud Linux Systems

UAT-7237 Targets Taiwanese Web Infrastructure Using Customized Open-Source Tools

Akira Ransomware Targeting Critical Vulnerability in SonicWall SSLVPN

Plague PAM-Based Backdoor for Linux

Auto-Color Malware Exploits SAP Vulnerability for Linux Backdoor

AWS CodeBuild Vulnerability Allows Build Process Secrets Extraction

Soco404 Cryptomining Campaign Exploits PostgreSQL and Cloud Misconfigurations

Mimo Targets Magento, Docker, and Cloud Environments

Supply Chain Attack on npm Packages via Maintainer Phishing

0day Vulnerability in Microsoft Sharepoint Exploited in-the-Wild

Linuxsys Cryptominer Campaign

AWS Network Exploitation and Ransomware Detonation

AWS Data Exfiltration and Attempted Ransomware

Azure Account Hijack via Stolen Tokens

In-Memory IIS Attacks via View State Deserialization

UNC5174 Exploits Ivanti CSA Zero-Days in “Houken” Campaign

JDWP Exploited in the Wild

Linux SSH Servers Compromised to Deploy Proxies

Attacks on Korean IIS & Linux Servers

Langflow Vulnerability Exploited to Deliver Flodrix Botnet

JSFireTruck: Malicious JavaScript Campaign Using Obfuscation

TeamFiltration Account Takeover Campaign

NPM Supply Chain Attack Compromises 16 Popular React Native and GlueStack Packages

Open WebUI Misconfiguration Exploited for Cryptojacking

Cryptojacking Campaign Targets Misconfigured DevOps Tools

Earth Lamia Custom Toolkit Targets Multiple Sectors via Web Vulnerabilities

DragonForce Exploits SimpleHelp Vulnerabilities in Ransomware Campaign

Coordinated One-Day Cloud Scanning Operation Targets 75 Exposure Points

Mimo Exploits Craft CMS RCE to Deploy Cryptominer and Proxyware in Coordinated Campaign

Ivanti EPMM RCE Vulnerability Chain Exploited in the Wild

UTG-Q-015 Exploits 0-Days for Espionage in Asia

From stolen cloud key to persistence-as-a-service

RedisRaider Linux Cryptojacking Campaign Targets Redis Servers

ComfyUI exploitation campaign

Supply Chain Compromise of rand-user-agent: Obfuscated RAT with C2 Communication and File Exfiltration

xAI leaked API key

Larva-25003: IIS Native Module Malware Used in Targeted Web Server Attacks

Node.js repository CI/CD vulnerable to RCE

Grafana GitHub Action attempted supply chain attack

Sysrv Apache Druid cryptojacking

Compromised cloud keys exfiltrated to bucket

Lucifer Apache Druid cryptojacking

Password spray attack leads to containers being used for cryptomining

SAP NetWeaver Visual Composer exploitation campaign

Multi-Layered Cryptojacking via Docker

Rspack supply chain attack

UNC5174 Linux Espionage Campaign

CrazyHunter Ransomware Group Targets Critical Sectors in Taiwan

AWS Breach at a SaaS Company

BPFDoor’s Hidden Controller Targets AMEA Sectors

Atlas Lion Campaign Exploits Device Enrollment and MFA for Persistence

Long-Term Email Breach at OCC Exposes Sensitive Bank Oversight Data

Europecar Gitlab Breach

Critical Ivanti Connect Secure Vulnerability Exploited by China-linked Actor

Weaver Ant data exfiltration campaign

Albabat Ransomware Targets Windows, Linux, and macOS Using GitHub Infrastructure

Oracle Cloud Potential Supply Chain Breach

Exposed Jupyter Notebooks Targeted for Cryptomining

tj-actions/changed-files supply chain attack

CDC dangling domain hijack

PHP-CGI Vulnerability Exploited in Attacks Targeting Japan

Silk Typhoon Targeting IT and Cloud Applications

Zapier data breach

JavaGhost SES abuse

CPU_HU: Malicious Campaign Targeting Misconfigured PostgreSQL Servers for Cryptomining

ByBit hack

Krpano XSS exploitation campaign

Teammate App exposed MongoDB

RevivalStone Campaign by Winnti

Earth Preta’s Campaign Abusing MAVInject to Bypass Detection

Seashell Blizzard Subgroup's Campaign Exploiting Vulnerabilities for Data Exfiltration

Code Injection Attacks Exploiting Publicly Disclosed ASP.NET Keys

Black Basta Exploiting Vulnerabilities in Multiple Products

Malicious AI Models Bypass Picklescan Detection

From social engineering to Lambda modification

USAID cryptojacking incident

DogWifTool supply chain attack

Operation LongFang

MasterCard Fixes Five-Year-Old DNS Typo Misconfiguration

TRIPLESTRENGTH: Cloud Account Hijacking and Cryptocurrency Mining via Stolen Credentials

UNC2165 Targets Hybrid Environments with Ransomware

Otelier data breach

Bapak Exploiting Stolen Cloud Access Keys

Codefinger Ransomware Campaign Targeting S3 Buckets

Exploitation in the wild of Aviatrix Controller RCE

Campaign targeting exposed FortiGate firewall management interfaces

Gravy Analytics data breach

Kong image compromise

US Treasury breach via BeyondTrust supply chain attack

Volkswagen data leak through Spring Boot Actuator misconfiguration

EC2 Grouper campaign

ZAGG customer data compromised via hijacked FreshClicks BigCommerce app

Phishing campaign leading to Azure account takeover

Diicot Campaign Targeting Linux Environments

RCE Vulnerability in Apache Struts Targeted by Attackers

PHP Targeted with Glutton backdoor

LLM Hijacking Targeting AWS

Cleo Vulnerabilities Targeted by Cl0p Ransomware

Byte Federal Data Breach via Gitlab Vulnerability

Attack abusing Amazon SES

State-Sponsored APT Abuse Visual Studio Code in Attacks

Ultralytics compromise

Solana web3.js Supply Chain Attack

Gafgyt Malware Targeting Misconfigured Docker Servers

Mauri Ransomware Exploiting Apache ActiveMQ

Gelsemium’s Shift to Linux Malware with WolfsBane and FireWood

Sports Piracy Exploiting Misconfigured Jupyter Servers

Earth Kasha’s Campaign Exploiting Fortinet Vulnerability

BrazenBamboo Weaponizes FortiClient Vulnerability to Steal Credentials

RCE Vulnerability in PAN-OS Exploited in-the-Wild

Silent Skimmer Attacks Exploiting Telerik UI to Steal Payment Data

Mozi Botnet Using AndroxGh0st Toolkit to Target Cloud Environments

Supply Chain Attack on lottie-player

Cyberoam breach (2018)

SharePoint Vulnerability Exploited in-the-Wild

EMERALDWHALE Attacks Targeting Exposed Git Config Files

Amazon DB exposed with Prime Video viewing habits

TeamTNT’s Docker Gatling Gun Campaign

UNC5820 exploiting FortiManager flaw

Prometei campaign

Triad Nexus: Funnull malicious campaign

perfctl campaign targeting Docker API

EA cross-user access via API

Earth Simnavaz (APT34) Targeting UAE and Gulf Regions

Game Freak data leak

APT29 Targeting Zimbra and TeamCity Servers

Veeam Vulnerability Exploited by Akira and Fog Ransomware

LLMJacking for Roleplaying Campaign

perfctl Malware Targeting Linux

Rackspace incident (2024)

REF6138 campaign

Storm-0501 Targeting Hybrid Environments with Ransomware

Storm-0501 attacking hybrid environments with ransomware

Docker Swarm and K8s cryptojacking campaign

UNC1860 Attacks Targeting the Middle East

Scattered Spider targeting GCP environment

Scattered Spider targeting Azure environment

GitHub PAT leakage leading to RDS Database exfiltration

Fortinet Sharepoint data leak

Campaign targeting Selenium Grid for cryptomining

Hadooken Malware Targeting Weblogic Servers

DragonRank Targeting IIS Web Servers

Godzilla Backdoor Exploiting Confluence Vulnerability

Confluence exploited for cryptojacking

ShinyHunters Ransomware Targeting Cloud Environments

PG_MEM Malware Exploiting Misconfigured PostreSQL Instances

Msupedge Backdoor Targeting Taiwanese University

Extortion Campaign Exploiting Exposed Environment Variable

Gafgyt Malware Targeting Cloud Environments

Horde Panda targeting South Asian telecommunications provider

Scattered Spider Abuses Cloud Management Agent

Earth Baku campaign

Panamorfi campaign

Mirai Botnet Exploiting Apache OFBiz Vulnerability

Ransomware operators exploit ESXi vulnerability

BORN Group supply chain attack

SeleniumGreed: Threat actors exploit exposed Selenium Grid services for Cryptomining

Disney Slack breach

CRYSTALRAY: threat actors exploiting OSS tools

Python infrastructure leaked access token

Misconfigured Jenkins Servers Used for Cryptomining

8220 Gang Exploiting WebLogic Vulnerabilities for Cryptojacking

Funnull Polyfill supply chain attack

Rabbit AI exposed keys in code

RedJuliett Exploiting VPN and Firewall Vulnerabilities

Boolka campaign

Scattered Spider SaaS targeting (2024)

NCS mass server deletion

RCE Vulnerability in PHP CGI Exploited by TellYouThePass

NYT source code theft

DERO cryptojacking campaign (2024)

Scylla LLMJacking campaign

Gitloker campaign

Club Penguin data theft via Confluence

Dama webshell deployment via ThinkPHP exploitation

Operation Veles

Muhstik campaign

ByteDance Rspack GitHub misconfiguration

RedTail Cryptomining campaign

Snowflake compromised creds abuse campaign

Kinsing targeting cloud servers

Mirai campaign targeting Ivanti products

Atlas Lion phishing campaign

LLMjacking via Laravel exploitation

Utah “Bathroom Bill” open database

TargetCompany Abusing MSSQL Servers for Ransomware

ArcaneDoor Campaign Targeting Cisco Adaptive Security Appliance 0day

APT28 Targeting Print Spooler Vulnerability for GooseEgg Deployment

MITRE breach via Ivanti Connect Secure

K8s targeted via OpenMetadata exploitation

Delinea breach

Abusing management tooling for cloud access

Sisense breach

From password reset to data exfiltration

Smishing into Entra onto VMWare ransomware

Third party to cloud compromise

Personal local drive to AWS ransomware

RUBYCARP: Botnet Exploiting Vulnerabilities for Crypto

Microsoft exposed storage with credentials

Muddled Libra campaigns (2024)

Hugging Face cross-tenant access

Affirmed Networks breach

XZ Utils backdoor incident

Agenda Ransomware Targets ESXi and vCenter Servers

Compromise of Top.gg repo

UNC5174 ScreenConnect and F5 BIG-IP exploitation

Fujitsu exposed bucket

Widespread TeamCity exploitation (March ‘24)

ShadowSyndicate aiohttp exploitation

Meson Network cryptojacking campaign

From writable bucket to credential theft

Magnet Goblin campaign (2024)

Redis, Hadoop, and Docker exploitation

z0Miner targeting WebLogic servers

From social engineering to cryptocurrency theft

Cutout.Pro Breach

Pure Incubation (DemandScience) Breach

From refresh token theft to global admin

Lucifer Botnet targeting Hadoop

US DOI PII exfiltration pentest

S3 ransomware scam

Migo cryptominer targeting Redis

SSH-Snake Confluence targeting campaign

WinStar exposed app database

Sliver deployment via Confluence vulnerability

BMW exposed cloud storage

U.S. Internet exposed email server