Tag
D-Link DWM-222W USB Wi-Fi Adapter Brute-Force Protection Bypass Vulnerability
2 rules 1 CVED-Link DWM-222W USB Wi-Fi Adapter is vulnerable to brute-force attacks due to a protection bypass, allowing unauthenticated adjacent network attackers to gain control over the device by circumventing login attempt limits.
Chamilo LMS REST API Key Brute-Force Vulnerability (CVE-2026-33710)
2 rules 1 TTP 1 CVEChamilo LMS versions prior to 1.11.38 and 2.0.0-RC.3 generate predictable REST API keys, allowing attackers with knowledge of a username and approximate key creation time to brute-force access.
Spike in Successful Logon Events from a Source IP
2 rules 3 TTPsA machine learning job detected a spike in successful authentication events from a source IP address, which can indicate password spraying, user enumeration, or brute force activity, potentially leading to credential access.
OpenClaw Webhook Rate Limit Bypass Vulnerability (CVE-2026-34505)
2 rules 1 TTP 1 CVE 1 IOCOpenClaw before 2026.3.12 applies rate limiting only after successful webhook authentication, allowing attackers to bypass rate limits and brute-force webhook secrets leading to forged webhook submission.
Bitbucket User Login Failure Detection
2 rules 3 TTPsDetection of Bitbucket user login failures, potentially indicating credential access attempts, initial access attempts, or other malicious activity.
Multiple Logon Failure from the Same Source Address
2 rules 2 TTPsDetection of multiple consecutive logon failures from the same source address within a short time interval on Windows systems, indicating potential brute force or password spraying attacks targeting multiple user accounts.
Multiple Logon Failure Followed by Logon Success
2 rules 1 TTPThis rule identifies potential password guessing/brute force activity from a single address, followed by a successful logon, indicating that an attacker may have compromised an account by brute-forcing login attempts across multiple users.
Signal K Server WebSocket Login Brute-Force Vulnerability
1 rule 1 TTPThe Signal K server's WebSocket login endpoint lacks rate limiting, allowing attackers to bypass HTTP rate limiting by opening a WebSocket connection and attempting unlimited password guesses.
Azure AD Failed Authentication Increase
2 rules 1 TTPDetects a significant increase (10% or greater) in failed Azure AD sign-in attempts, potentially indicating brute-force attacks, credential stuffing, or other unauthorized access attempts.
Windows Admin Account Brute Force Detection
2 rules 2 TTPsThis rule identifies potential password guessing/brute force activity from a single source IP targeting multiple Windows accounts with 'admin' in the username, indicating an attempt to compromise privileged accounts.