Product

Confluence Data Center

4 briefs RSS

Kubernetes and Cloud Credential Path Access via Process Arguments

This rule detects Linux process executions that access high-value Kubernetes service-account material, kubeconfig or node PKI paths, or common cloud files, potentially indicating credential theft within in-cluster and hybrid environments.

Amazon EKS +6 credential-access threat-detection kubernetes cloud linux

3r 2t 2w ago

medium advisory

GenAI Process Connection to Unusual Domain on macOS

2 rules 1 TTP

This rule detects GenAI tools on macOS connecting to unusual domains, potentially indicating command and control activity, data exfiltration, or malicious payload retrieval following compromise via prompt injection, malicious MCP servers, or poisoned plugins.

Copilot +22 genai command and control macos network connection

2r 1t May 2, 2024

high threat

Lazarus Group's Dacls RAT Targets macOS

3 rules 3 TTPs 1 CVE 2 IOCs

The Lazarus Group is distributing a new variant of the Dacls RAT targeting macOS systems via a trojanized application, installing a hidden executable and attempting persistence.

TinkaOTP.app +1 Lazarus Group +4 macos rat

3r 3t 1c 2i Jan 23, 2024

critical advisory

Metasploit Exploitation via Malicious Confluence Plugin

2 rules 3 TTPs

A Metasploit module exploits Atlassian Confluence servers by deploying a malicious Java plugin that downloads Meterpreter, granting the attacker full control over the compromised system.

Confluence Data Center +4 confluence metasploit meterpreter plugin exploitation attack

2r 3t Jan 3, 2024