CybersecurityBoard.com brings together vulnerability intelligence, security news, MITRE ATT&CK group profiles, cyber events, certifications, training, products, companies and service providers.
CVE-2021-26855 is a critical vulnerability in Microsoft Exchange Server that allows remote code execution. It was exploited in the StrikeShark campaign to gain initial access to a diplomatic organization in Indonesia.
CVE-2023-32315 is a path traversal vulnerability in Openfire, an XMPP server. It was exploited in the StrikeShark campaign to target Taiwanese software…
CVE-2024-36401 is a critical remote code execution vulnerability in GeoServer. It was used in the StrikeShark campaign to target a Colombian organization.
CVE-2016-4437 is a vulnerability in Apache Shiro that allows remote code execution. It was listed among the flaws exploited in the StrikeShark…
CVE-2021-27076 is a remote code execution vulnerability in Microsoft SharePoint. In StrikeShark, it was used to trigger a DLL side-loading chain to…
CVE-2022-27925 is a vulnerability in Zimbra Collaboration Suite that allows remote code execution. It was used in the StrikeShark campaign.
AI agents are increasingly deployed in enterprise environments, inheriting permissions and executing tasks autonomously, often bypassing traditional identity governance controls. This article…
Russian authorities used Cellebrite's UFED forensic tools to break into the iPhone of detained opposition activist Andrey Pivovarov in June 2021, three…
On June 9, Anthropic released Claude Fable 5, its most capable AI model, alongside a restricted version, Claude Mythos 5, designed for…
GitHub has announced significant security changes for npm version 12, set to release next month, aimed at mitigating software supply chain attacks.…
Two security teams have demonstrated that OpenClaw, a popular self-hosted AI agent, can be tricked into executing attacker-controlled code or leaking sensitive…
Europol, in coordination with international law enforcement, has disrupted AudiA6, a cryptocurrency laundering service that facilitated the washing of over €336 million…
The StrikeShark campaign is attributed to a Chinese-speaking threat actor based on the use of open-source tools like FScan and Pillager commonly…
A Chinese-speaking advanced persistent threat (APT) actor has been linked to a new custom backdoor called TinyRCT as part of cyber attacks…
CL-STA-1062 is a Chinese-speaking advanced persistent threat actor linked to cyber attacks on government entities and critical infrastructure in Southeast Asia. It…
UAT-7237 is a hacking group first flagged by Cisco Talos in August 2025 for campaigns against web infrastructure entities in Taiwan. It…
Pillager was identified as a relevant cybersecurity entity in recently ingested reporting. This profile is generated so related cyber news, CVEs, malware,…
Searchall was identified as a relevant cybersecurity entity in recently ingested reporting. This profile is generated so related cyber news, CVEs, malware,…
A newly identified cyber attack campaign, tracked as StrikeShark by Kaspersky, is deploying a previously undocumented malware family called SharkLoader to deliver…
SharkLoader is a previously undocumented malware family used as a loader to deploy Cobalt Strike Beacon. It employs Perfect DLL Hijacking to…
Project Glasswing is an Anthropic initiative that provided vetted partners with access to Claude Mythos Preview. It resulted in the discovery of…
Automated penetration testing is a staple of security validation, but a clean report may create a false sense of security. This article,…
PCI DSS v4.0.1 introduced requirements 6.4.3 and 11.6.1, mandating that merchants inventory, authorize, and verify the integrity of all scripts on payment…
SANS San Antonio 2026 was identified as a relevant cybersecurity entity in recently ingested reporting. This profile is generated so related cyber…
Agentic AI represents a paradigm shift in offensive cybersecurity, where AI tools no longer require human operators to execute attacks. Unlike previous…
Cisco AnyConnect was identified as a relevant cybersecurity entity in recently ingested reporting. This profile is generated so related cyber news, CVEs,…
Exchange Server was identified as a relevant cybersecurity entity in recently ingested reporting. This profile is generated so related cyber news, CVEs,…
Openfire was identified as a relevant cybersecurity entity in recently ingested reporting. This profile is generated so related cyber news, CVEs, malware,…
GeoServer was identified as a relevant cybersecurity entity in recently ingested reporting. This profile is generated so related cyber news, CVEs, malware,…
Zimbra was identified as a relevant cybersecurity entity in recently ingested reporting. This profile is generated so related cyber news, CVEs, malware,…
Openfire was identified as a relevant cybersecurity entity in recently ingested reporting. This profile is generated so related cyber news, CVEs, malware,…
GeoServer was identified as a relevant cybersecurity entity in recently ingested reporting. This profile is generated so related cyber news, CVEs, malware,…
Cisco Talos is a leading threat intelligence organization that first identified the UAT-7237 hacking group in August 2025.
Cato CTRL was identified as a relevant cybersecurity entity in recently ingested reporting. This profile is generated so related cyber news, CVEs,…
Cato Networks provides cybersecurity services including threat research and analysis, as demonstrated by the Cato CTRL team's report on the Poisson intrusion.
DuckDNS offers free dynamic DNS services, which were exploited by the attacker for C2 communication.
Backblaze B2 provides cloud storage services, used by the attacker for storing tools and data.