Product
low
advisory
Suspicious Command Execution via Busybox Proxy on Linux
1 rule 3 TTPsThis brief details the detection of a defense evasion technique where adversaries leverage Busybox on Linux systems to execute commands capable of spawning shells or establishing network connections, thereby attempting to bypass endpoint security controls.
Elastic Defend +4
linux
execution
defense-evasion
command-and-control
endpoint
1r
3t
high
advisory
Multiple Vulnerabilities in Elastic Kibana
2 rules 3 TTPs 5 CVEsMultiple vulnerabilities in Elastic Kibana allow for privilege escalation, remote denial of service, data breach, server-side request forgery (SSRF), and cross-site scripting (XSS).
Kibana +2
vulnerability
privilege escalation
denial of service
data breach
SSRF
XSS
2r
3t
5c
high
advisory
Kibana Fleet API Authorization Bypass (CVE-2026-33461)
2 rules 2 TTPs 1 CVEKibana is vulnerable to an authorization bypass (CVE-2026-33461) where users with limited Fleet privileges can access sensitive configuration data, including private keys and authentication tokens, via an internal API endpoint.
Kibana
authorization-bypass
privilege-escalation
2r
2t
1c