ATTACK 2025 2024 2023 2022 2021 2020 Other
HOME CATEGORIE -
DATE |
NAME |
INFO |
CATEGORY |
SUBCATEGORIES |
|
25.12.25 |
GhostPairing Attacks: from phone number to full access in WhatsApp |
|||
| 14.12.25 | ConsentFix attack | ConsentFix: Analysing a browser-native ClickFix-style attack that hijacks OAuth consent grants | ATTACK | WEB |
| 6.12.25 | HashJack Attack | HashJack Attack Targets AI Browsers and Agentic AI Systems | ATTACK | AI |
| 25.11.25 | "JackFix" attack | Fake adult websites pop realistic Windows Update screen to deliver stealers via ClickFix | ATTACK | ATTACK |
| 29.10.25 | AI-targeted Cloaking Attack | OpenAI’s new browser Atlas falls for AI-targeted Cloaking Attack | ATTACK | AI |
| 29.10.25 |
TEE.fail: Breaking
Trusted Execution Environments via DDR5 Memory Bus Interpositi |
Trusted execution environments (TEEs) aim to offer strong privacy and integrity guarantees even in the presence of root level attackers capable of arbitrarily modifying the system’s software. | ATTACK | RAM |
| 16.10.25 | RMPocalypse | How a Catch-22 Breaks AMD SEV-SNP (ACM CCS 2025) | ATTACK | CPU |
| 16.10.25 | Pixnapping Attack | Pixnapping is a new class of attacks that allows a malicious Android app to stealthily leak information displayed by other Android apps or arbitrary websites. | ATTACK | Android |
|
11.10.25 |
Mousejacking | What Are Mousejacking Attacks, and How to Defend Against Them | ATTACK | ATTACK |
|
11.10.25 |
Cloud Jacking | With the widespread adoption of cloud infrastructure, cybercriminals have evolved their tactics to exploit new opportunities for access. One growing threat is cloud jacking, or cloud account hijacking, where an attacker takes control of a cloud account. | ATTACK | ATTACK |
| 31.8.25 | Design Patterns for Securing LLM Agents against Prompt Injections | Large Language Models (LLMs) are becoming integral components of complex software systems, where they serve as intelligent agents that can interpret natural language instructions, make plans, and execute actions through external tools and APIs | ATTACK | AI |
| 27.8.25 | Sni5Gect | A 5G Sniffer and Downlink Injector on steroids... And yes, Wireshark supported!!! Supports DCI Sniffing, MAC-NR Downlink/Uplink message sniffing and MAC-NR Downlink message injection | ATTACK | 5G |
| 21.8.25 | SYNful Knock | SYNful Knock: Detecting and Mitigating Cisco IOS Software Attacks | ATTACK | DDoS |
| 19.8.25 | Preventing Domain Resurrection Attacks |
PyPI now checks for
expired domains to prevent domain resurrection attacks, a type of supply-chain
attack where someone buys an expired domain and uses it to take over
PyPI accounts through password resets. |
ATTACK | ATTACK |
| 17.8.25 | GPUHammer | GPUHammer: Rowhammer Attacks on GPU Memories are Practical | ATTACK | GPU |
| 16.7.25 | Hyper-Volumetric DDoS Attacks | Hyper-volumetric DDoS attacks skyrocket: Cloudflare’s 2025 Q2 DDoS threat report | ATTACK | ATTACK |
| 12.7.25 | GPUHammer | GPUHammer: Rowhammer Attacks on GPU Memories are Practical# | ATTACK | GPU |
| 11.7.25 | PerfektBlue | PerfektBlue is the industry-wide critical over-the-air attack chain affecting millions of devices in automotive and other industries. | ATTACK | bluetooth |
| 10.7.25 | AMD Transient Scheduler Attacks | AMD discovered several transient scheduler attacks related to the execution timing of instructions under specific microarchitectural conditions while investigating a Microsoft® report titled “Enter, Exit, Page Fault, Leak: Testing Isolation Boundaries for Microarchitectural Leaks”. | ATTACK | CPU |
| 5.7.25 | FileFix (Part 2) | Last week I released the FileFix attack blog post which is an alternative to the traditional ClickFix attack. This blog post explores another variation to the original FileFix attack. | ATTACK | ATTACK |
| 24.6.25 | Context Poisoning Jailbreak | Echo Chamber: A Context-Poisoning Jailbreak That Bypasses LLM Guardrails | ATTACK | AI |
| 13.6.25 | TokenBreak Attack | Manipulating tokens to get past the security guard | ATTACK | ATTACK |
| 8.6.25 | AS-REP Roasting Attack Explained | In the MITRE ATT&CK Framework, the AS-REP Roasting attack is categorized as T1558.004 under the 'Steal or Forge Kerberos Tickets' attack technique. | ATTACK | ATTACK |
| 22.5.25 | Kerberoasting | Kerberoasting is a cyberattack that targets the Kerberos authentication protocol with the intent to steal AD credentials. | ATTACK | Windows |
| 16.5.24 | Spectre-v2 Attacks UPDATE | On the Limitations of Domain Isolation Against Spectre-v2 Attacks | ATTACK | CPU |
| 1.5.24 | MCP Prompt Injection | MCP Prompt Injection: Not Just For Evil | ATTACK | AI |
| 30.4.25 | SLAAC Snooping | NDP messages are unsecured, which makes SLAAC susceptible to attacks that involve the spoofing (or forging) of link-layer addresses. You must configure SLAAC snooping to validate IPv6 clients using SLAAC before allowing them to access the network. | ATTACK | IPv6 |
| 30.4.25 | Context Compliance Attack | (CCA), a jailbreak technique that involves the adversary injecting a "simple assistant response into the conversation history" about a potentially sensitive topic that expresses readiness to provide additional information | ATTACK | AI |
| 30.4.25 | Policy Puppetry Attack | a prompt injection technique that crafts malicious instructions to look like a policy file, such as XML, INI, or JSON, and then passes it as input to the large language model (LLMs) to bypass safety alignments and extract the system prompt | ATTACK | AI |
| 30.4.25 | Memory INJection Attack | (MINJA), which involves injecting malicious records into a memory bank by interacting with an LLM agent via queries and output observations and leads the agent to perform an undesirable action | ATTACK | AI |
| 27.4.25 | Password Spraying | The basics of a password spraying attack involve a threat actor using a single common password against multiple accounts on the same application. This avoids the account lockouts that typically occur when an attacker uses a brute force attack on a single account by trying many passwords. | ATTACK | Password |
| 25.4.25 | Cookie-Bite attack | Cookie-Bite: How Your Digital Crumbs Let Threat Actors Bypass MFA and Maintain Access to Cloud Environments | ATTACK | COOKIES |
| 23.4.25 | XRP supply chain attack | XRP supply chain attack: Official NPM package infected with crypto stealing backdoor | ATTACK | Crypto |
| 22.4.25 | DKIM Replay Phishing Attack | Google Spoofed Via DKIM Replay Attack: A Technical Breakdown | ATTACK | PHISHING |
| 16.4.25 | Multi-Stage Phishing Attack Exploits Gamma | Attackers exploit Gamma in a multi-stage phishing attack using Cloudflare Turnstile and AiTM tactics to evade detection and steal Microsoft credentials. | ATTACK | AI |
|
21.3.25 |
Trusted relationship attacks | Trusted relationship attacks: trust, but verify | ATTACK |
ATTACK |
|
19.3.25 |
Rules File Backdoor | New Vulnerability in GitHub Copilot and Cursor: How Hackers Can Weaponize Code Agents | ATTACK | AI |
|
16.3.25 |
VPN brute-force attacks | Inside BRUTED: Black Basta (RaaS) Members Used Automated Brute Forcing Framework to Target Edge Network Devices | ATTACK | VPN |
| 7.3.25 | JavaScript Backdoors Enabling Persistent Attacker Access | Thousands of websites hit by four backdoors in 3rd party JavaScript attack | ATTACK | JavaScript |
| 15.2.25 | whoAMI Attack | whoAMI: A cloud image name confusion attack | ATTACK | Cloud |
| 5.2.25 | Memcached DDoS attack | Memcached can speed up websites, but a memcached server can also be exploited to perform a DDoS attack. | ATTACK | DDoS |
|
1.1.25 | DoubleClickjacking | is a new variation on this classic theme: instead of relying on a single click, it takes advantage of a double-click sequence. | ATTACK | Web |