Tag

Exploitation

3 briefs RSS

Democratization of Business Email Compromise (BEC) Attacks

Attackers are leveraging AI to rapidly reconnoiter and tailor content for smaller organizations, making it easier to execute business email compromise (BEC) scams and scam smaller sums from many victims, as demonstrated by a recent attack targeting a small community organization.

business-email-compromise bec ai social-engineering credential-harvesting exploitation

2r 2t 1c 6i Apr 3, 2026

high threat

Potential JAVA/JNDI Exploitation Attempt

2 rules 5 TTPs 1 CVE

This rule detects a potential JAVA/JNDI exploitation attempt by identifying outbound network connections by JAVA to LDAP, RMI, or DNS standard ports followed by suspicious JAVA child processes such as shell interpreters and scripting languages, which may indicate a Java Naming and Directory Interface (JNDI) injection vulnerability exploitation attempt.

exploited jndi java log4shell rce exploitation

2r 5t 1c Apr 1, 2026

critical advisory

Ongoing Exploitation of Cisco SD-WAN Systems

3 rules 4 TTPs

Malicious actors are actively exploiting CVE-2026-20127 for initial access and CVE-2022-20775 for privilege escalation and persistence on Cisco SD-WAN systems globally.

cisco-sdwan vulnerability exploitation network

3r 4t Feb 25, 2026