216.73.217.22

T1557: T1557

View on MITRE ATT&CK The MITRE Corporation · Published 16/12/2025 19:37 · Modified 27/03/2026 01:07

Essential information

MITRE technique ID
T1557
Confidence
100/100
Revoked
No
Published
16/12/2025 19:37
Modified
27/03/2026 01:07
Author / Source
The MITRE Corporation

Aliases

Adversary-in-the-Middle

Platforms

windows macos linux Network Devices

Description

Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.mitre.org/techniques/T1040), [Transmitted Data Manipulation](https://attack.mitre.org/techniques/T1565/002), or replay attacks ([Exploitation for Credential Access](https://attack.mitre.org/techniques/T1212)). By abusing features of common networking protocols that can determine the flow of network traffic (e.g. ARP, DNS, LLMNR, etc.), adversaries may force a device to communicate through an adversary controlled system so they can collect information or perform additional actions.(Citation: Rapid7 MiTM Basics) For example, adversaries may manipulate victim DNS settings to enable other malicious activities such as preventing/redirecting users from accessing legitimate sites and/or pushing additional malware.(Citation: ttint_rat)(Citation: dns_changer_trojans)(Citation: ad_blocker_with_miner) Adversaries may also manipulate DNS and leverage their position in order to intercept user credentials, including access tokens ([Steal Application Access Token](https://attack.mitre.org/techniques/T1528)) and session cookies ([Steal Web Session Cookie](https://attack.mitre.org/techniques/T1539)).(Citation: volexity_0day_sophos_FW)(Citation: Token tactics) [Downgrade Attack](https://attack.mitre.org/techniques/T1562/010)s can also be used to establish an AiTM position, such as by negotiating a less secure, deprecated, or weaker version of communication protocol (SSL/TLS) or encryption algorithm.(Citation: mitm_tls_downgrade_att)(Citation: taxonomy_downgrade_att_tls)(Citation: tlseminar_downgrade_att) Adversaries may also leverage the AiTM position to attempt to monitor and/or modify traffic, such as in [Transmitted Data Manipulation](https://attack.mitre.org/techniques/T1565/002). Adversaries can setup a position similar to AiTM to prevent traffic from flowing to the appropriate destination, potentially to [Impair Defenses](https://attack.mitre.org/techniques/T1562) and/or in support of a [Network Denial of Service](https://attack.mitre.org/techniques/T1498).

Kill chain phases

Kill chainPhase
mitre-attack collection
mitre-attack credential-access

Marking (TLP)

TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references

Related entities

Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.

Intrusion sets (APT) (36)

  • MUSTANG PANDA uses BRONZE PRESIDENTSTATELY TAURUS
    The MITRE Corporation Confidence 100

    [Mustang Panda](https://attack.mitre.org/groups/G0129) is a China-based cyber espionage threat actor that has been conducting operations since at least 2012. [Mustang Panda](https://attack.mitre.org/groups/G0129) has been known to use tailored phishing lures …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 22/05/2026 04:12
  • APT28 uses IRON TWILIGHTSNAKEMACKEREL
    The MITRE Corporation Confidence 100

    [APT28](https://attack.mitre.org/groups/G0007) is a threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165.(Citation: NSA/FBI Drovorub …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 08/04/2026 13:02
  • Storm-1575 uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 08:11 · Modified 21/12/2025 08:11
  • UTA0218 uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 04:18 · Modified 21/12/2025 04:18
  • Socgholish uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 03:07 · Modified 21/12/2025 07:54
  • Blackwood uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 02:55 · Modified 21/12/2025 02:55
  • PhaaS uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 03:30 · Modified 21/12/2025 03:30
  • Russia uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/05/2026 18:50 · Modified 29/05/2026 12:20
  • Turla uses IRON HUNTERGroup 88
    The MITRE Corporation Confidence 100

    [Turla](https://attack.mitre.org/groups/G0010) is a cyber espionage threat group that has been attributed to Russia's Federal Security Service (FSB). They have compromised victims in over 50 countries since at least …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 04/05/2026 16:33
  • Kimsuky uses Black BansheeVelvet Chollima
    The MITRE Corporation Confidence 100

    [Kimsuky](https://attack.mitre.org/groups/G0094) is a North Korea-based cyber espionage group that has been active since at least 2012. The group initially targeted South Korean government agencies, think tanks, and subject-matter …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 04/05/2026 16:33
  • VexTrio uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 02:40 · Modified 21/12/2025 02:54
  • Knownsec uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 12/01/2026 13:14 · Modified 12/01/2026 13:14
  • NullBulge uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 05:59 · Modified 21/12/2025 05:59
  • Cosmic Leopard uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 04:47 · Modified 21/12/2025 04:47
  • ALPHV Blackcat uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 03:30 · Modified 21/12/2025 03:30
  • INC uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 17/06/2026 22:24 · Modified 17/06/2026 22:24
  • Hummer uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 03:35 · Modified 21/12/2025 03:35
  • Tycoon Group uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 02:53 · Modified 21/12/2025 02:53
  • Lazarus, APT38, Bluenoroff, or Stardust Chollima uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 07:11 · Modified 21/12/2025 07:11
  • Trident Ursa uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 23:08 · Modified 20/12/2025 23:08
  • Storm-3075 uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 09/06/2026 10:57 · Modified 09/06/2026 10:57
  • Chinese cybercriminal groups uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 13:02 · Modified 21/12/2025 13:02
  • UNC5337 uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 08:44 · Modified 21/12/2025 08:44
  • MRxC0DER uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 05:45 · Modified 21/12/2025 05:45
  • Fog ransomware group uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 13:54 · Modified 21/12/2025 13:54
  • Sandworm uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 23:15 · Modified 20/12/2025 23:15
  • ShinyHunters uses
    AlienVault Confidence 100

    No description available

    First seen 01/01/1970 · Last seen 16/11/5138 Published 02/02/2026 12:05 · Modified 20/03/2026 09:17
  • Water Curse uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 14:16 · Modified 21/12/2025 14:16
  • ScamClub uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 03:13 · Modified 21/12/2025 03:13
  • Zloader uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 03:56 · Modified 21/12/2025 03:56
  • UNC6040, UNC6240 uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 17:00 · Modified 21/12/2025 17:00
  • Sea Turtle uses Teal KurmaCosmic Wolf
    The MITRE Corporation Confidence 100

    [Sea Turtle](https://attack.mitre.org/groups/G1041) is a Türkiye-linked threat actor active since at least 2017 performing espionage and service provider compromise operations against victims in Asia, Europe, and North America. [Sea …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:14
  • COLDWASTREL uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 05:58 · Modified 21/12/2025 05:58
  • BlindEagle uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 06:53 · Modified 27/05/2026 15:52
  • UAT-5394 uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 06:38 · Modified 21/12/2025 06:38
  • China-nexus threat actors uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 14:55 · Modified 21/12/2025 14:55

Malware (92)

  • Lumma Stealer uses
    Family
    Published 08/06/2026 19:36 · Modified 08/06/2026 19:36
  • SPAWNMOLE uses
    Family
    Published 17/01/2025 17:17 · Modified 17/01/2025 17:17
  • LianSpy uses
    Family
    Published 06/08/2024 10:03 · Modified 06/08/2024 10:03
  • WarzoneRAT
  • AveMaria uses
    Family
    Published 26/11/2025 14:09 · Modified 26/11/2025 14:09
  • SPAWNSNAIL uses
    Family
    Published 17/01/2025 17:17 · Modified 17/01/2025 17:17
  • Zloader uses
    Family
    Published 22/09/2025 19:40 · Modified 22/09/2025 19:40
  • Mamba 2FA uses
    Family
    Published 07/10/2024 20:04 · Modified 07/10/2024 20:04
  • Lumma uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 23:50 · Modified 21/12/2025 16:13
  • BlackCat
  • GOVERSHELL uses
    Family
    Published 28/04/2026 07:09 · Modified 28/04/2026 07:09
  • UPSTYLE
  • Trojan.GenericKD.33515991 uses
    Family
    Published 28/03/2025 00:35 · Modified 28/03/2025 00:35
  • XenoRAT uses
    Family
    Published 29/05/2026 10:49 · Modified 29/05/2026 10:49
  • Track2NFC uses
    Family
    Published 23/04/2025 19:45 · Modified 23/04/2025 19:45
  • Stuxnet - S0603 uses
    Family
    Published 21/05/2026 08:39 · Modified 21/05/2026 08:39
  • Remcos uses
    Family
    Published 05/05/2026 18:45 · Modified 05/05/2026 18:45
  • FASTCash uses
    Family
    Published 17/10/2024 09:57 · Modified 17/10/2024 09:57
  • Third Eye Remote Control
  • Z-NFC uses
    Family
    Published 23/04/2025 19:45 · Modified 23/04/2025 19:45
  • Atomic macOS Stealer uses
    Family
    Published 18/05/2026 17:52 · Modified 18/05/2026 17:52
  • SPAWNANT uses
    Family
    Published 09/01/2025 08:56 · Modified 09/01/2025 08:56
  • AI Photo and Video Editor uses
    Family
    Published 30/04/2026 23:40 · Modified 30/04/2026 23:40
  • DarkCloud uses
    Family
    Published 29/09/2025 09:34 · Modified 29/09/2025 09:34
  • Chrome MCP Server uses
    Family
    Published 30/04/2026 23:40 · Modified 30/04/2026 23:40
  • Caffeine uses
    Family
    Published 02/07/2024 15:45 · Modified 02/07/2024 15:45
  • Evilginx2
  • HrServ
  • XWorm uses
    Family
    Published 27/03/2026 08:45 · Modified 27/03/2026 08:45
  • Passive Radar uses
    Family
    Published 10/01/2026 13:29 · Modified 10/01/2026 13:29
  • MoonPeak uses
    Family
    Published 20/05/2026 11:12 · Modified 20/05/2026 11:12
  • HeavyLift uses
    Family
    Published 14/06/2024 08:31 · Modified 14/06/2024 08:31
  • DRYHOOK uses
    Family
    Published 09/01/2025 08:56 · Modified 09/01/2025 08:56
  • information stealer
  • GhostSocks uses
    Family
    Published 08/06/2026 19:36 · Modified 08/06/2026 19:36
  • King NFC uses
    Family
    Published 23/04/2025 19:45 · Modified 23/04/2025 19:45
  • Win.Dropper.Scar
  • Tycoon2FA uses
    Family
    Published 04/03/2026 19:42 · Modified 04/03/2026 19:42
  • Fog ransomware uses
    Family
    Published 28/04/2025 04:42 · Modified 28/04/2025 04:42
  • HealthKick uses
    Family
    Published 28/04/2026 07:09 · Modified 28/04/2026 07:09
  • Cobalt Strike - S0154 uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 19:39 · Modified 27/05/2026 21:40
  • Hummer
  • NGate uses
    Family
    Published 21/04/2026 16:32 · Modified 21/04/2026 16:32
  • Sinobi uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 17/06/2026 22:24 · Modified 17/06/2026 22:24
  • Evilginx uses
    Family
    Published 03/12/2025 17:58 · Modified 03/12/2025 17:58
  • GOST
  • Sliver uses
    Family
    Published 12/06/2026 21:29 · Modified 12/06/2026 21:29
  • Backdoor.JS.DULLRAT uses
    Family
    Published 16/06/2025 13:03 · Modified 16/06/2025 13:03
  • Win.Worm.Coinminer
  • Vidar uses
    Family
    Published 16/06/2026 09:50 · Modified 16/06/2026 09:50
  • WarzoneRAT - S0670 uses
    Family
    Published 26/11/2025 14:09 · Modified 26/11/2025 14:09
  • Rhadamanthys Stealer uses
    Family
    Published 26/08/2025 16:14 · Modified 26/08/2025 16:14
  • Huiyi uses
    Family
    Published 30/04/2026 23:40 · Modified 30/04/2026 23:40
  • ShadowPad - S0596 uses
    Family
    Published 30/04/2026 19:11 · Modified 30/04/2026 19:11
  • Dok
  • W32.Stuxnet uses
    Family
    Published 21/05/2026 08:39 · Modified 21/05/2026 08:39
  • Reverse Recruiting uses
    Family
    Published 30/04/2026 23:40 · Modified 30/04/2026 23:40
  • SPAWNSLOTH uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 08:44 · Modified 21/12/2025 08:44
  • Lynx uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 10:04 · Modified 21/12/2025 10:04
  • LockBit uses
    Family
    Published 06/05/2026 10:26 · Modified 06/05/2026 10:26
  • LightSpy uses
    Family
    Published 21/02/2025 15:28 · Modified 21/02/2025 15:28
  • WizardNet uses
    Family
    Published 05/02/2026 20:16 · Modified 05/02/2026 20:16
  • Oyster uses
    Family
    Published 08/06/2026 19:36 · Modified 08/06/2026 19:36
  • Brave Prince - S0252 uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 06:47 · Modified 21/12/2025 06:47
  • Salty2FA uses
    Family
    Published 02/12/2025 21:13 · Modified 02/12/2025 21:13
  • Line Runner
  • Infamouse Chisel
  • Fast16 uses
    Family
    Published 21/05/2026 08:39 · Modified 21/05/2026 08:39
  • HeadLace uses
    Family
    Published 05/08/2024 08:30 · Modified 05/08/2024 08:30
  • gh0st RAT - S0032 uses
    Family
    Published 17/04/2026 23:18 · Modified 17/04/2026 23:18
  • Un-Mail uses
    Family
    Published 10/01/2026 13:29 · Modified 10/01/2026 13:29
  • ApolloShadow
  • Endpoint-Collector
  • CastleRAT uses
    Family
    Published 23/04/2026 14:16 · Modified 23/04/2026 14:16
  • Remcos RAT uses
    Family
    Published 17/06/2026 18:20 · Modified 17/06/2026 18:20
  • HackTool:Linux/Kerbrute uses
    Family
    Published 22/05/2026 17:38 · Modified 22/05/2026 17:38
  • GravityRAT - S0237 uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 19:44 · Modified 21/12/2025 04:47
  • Supersonic AI uses
    Family
    Published 30/04/2026 23:40 · Modified 30/04/2026 23:40
  • Chat AI for Chrome uses
    Family
    Published 30/04/2026 23:40 · Modified 30/04/2026 23:40
  • DarkNimbus uses
    Family
    Published 05/02/2026 20:16 · Modified 05/02/2026 20:16
  • Hijack Loader uses
    Family
    Published 08/06/2026 19:36 · Modified 08/06/2026 19:36
  • PhantomCore uses
    Family
    Published 23/01/2026 10:12 · Modified 23/01/2026 10:12
  • Amadey - S1025 uses
    Family
    Published 29/09/2025 08:06 · Modified 29/09/2025 08:06
  • HackTool:Linux/MalPack.B uses
    Family
    Published 22/05/2026 17:38 · Modified 22/05/2026 17:38
  • QuasarRAT uses
    Family
    Published 25/02/2026 11:35 · Modified 25/02/2026 11:35
  • NetSupport uses
    Family
    Published 03/11/2025 14:28 · Modified 03/11/2025 14:28
  • Mydoor uses
    Family
    Published 17/04/2026 23:18 · Modified 17/04/2026 23:18
  • Async RAT uses
    Family
    Published 01/03/2026 05:26 · Modified 01/03/2026 05:26
  • POISONPLUG.SHADOW uses
    Family
    Published 30/04/2026 19:11 · Modified 30/04/2026 19:11
  • PHASEJAM uses
    Family
    Published 09/01/2025 08:56 · Modified 09/01/2025 08:56
  • GhostX uses
    Family
    Published 10/01/2026 13:29 · Modified 10/01/2026 13:29
  • AMOS uses
    Family
    Published 18/05/2026 17:52 · Modified 18/05/2026 17:52

Reports (46)

Vulnerabilities (CVE) (30)

CVE-2020-1472 KEV
5.5 Medium

Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a …

Attack vector
Local
Published
03/11/2021
Modified
27/05/2026
CVE-2024-2012
9.1 Critical

vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code …

Published
11/06/2024
Modified
11/06/2024
Received
CVE-2025-32756 KEV
9.8 Critical

Fortinet FortiFone, FortiVoice, FortiNDR and FortiMail contain a stack-based overflow vulnerability that may allow a remote unauthenticated attacker to execute arbitrary code …

Attack vector
Network
Published
14/05/2025
Modified
14/01/2026
CVE-2023-3519 KEV
9.8 Critical

Citrix NetScaler ADC and NetScaler Gateway contains a code injection vulnerability that allows for unauthenticated remote code execution.

Attack vector
Network
Published
19/07/2023
Modified
27/05/2026
CVE-2025-31199
5.5 Medium

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, …

Attack vector
Local
Complexity
Low
Published
30/05/2025
Modified
02/04/2026
CVE-2025-53521 KEV
8.7 High

When a BIG-IP APM Access Policy is configured on a virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions …

Attack vector
Network
Complexity
Low
Published
15/10/2025
Modified
04/04/2026
CVE-2025-5777 KEV
9.3 Critical

Citrix NetScaler ADC and Gateway contain an out-of-bounds read vulnerability due to insufficient input validation. This vulnerability can lead to memory overread …

Attack vector
Network
Published
10/07/2025
Modified
21/12/2025
Received
CVE-2023-23397 KEV
9.8 Critical

Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the …

Attack vector
Network
Published
14/03/2023
Modified
21/12/2025
CVE-2025-24071
6.5 Medium

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.

Attack vector
Network
Published
11/03/2025
Modified
27/05/2026
Awaiting Analysis
CVE-2024-21887 KEV
9.1 Critical

Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web …

Attack vector
Network
Published
10/01/2024
Modified
27/05/2026
CVE-2025-29927
9.1 Critical

Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and …

Attack vector
NETWORK
Published
21/03/2025
Modified
21/12/2025
Received
CVE-2023-50224 KEV
6.5 Medium

TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link …

Published
03/09/2025
Modified
08/04/2026
Awaiting Analysis
CVE-2021-42287 KEV

Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.

Published
11/04/2022
Modified
20/12/2025
CVE-2023-48788 KEV
9.8 Critical

Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests.

Attack vector
Network
Published
25/03/2024
Modified
21/12/2025
CVE-2026-31431 KEV
7.8 High

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 …

Attack vector
LOCAL
Complexity
LOW
EPSS
0.0001 (P0.6%)
Published
22/04/2026
Modified
23/05/2026
CVE-2024-43451 KEV
6.5 Medium

Microsoft Windows contains an NTLMv2 hash spoofing vulnerability that could result in disclosing a user's NTLMv2 hash to an attacker via a …

Attack vector
Network
Published
12/11/2024
Modified
27/05/2026
Analyzed
CVE-2024-3400 KEV
10.0 Critical

Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges …

Attack vector
Network
Published
12/04/2024
Modified
21/12/2025
CVE-2024-3094
10.0 Critical

Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma …

Attack vector
NETWORK
Published
29/03/2024
Modified
21/12/2025
CVE-2025-20333 KEV
9.9 Critical

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense …

Attack vector
Network
Published
25/09/2025
Modified
21/12/2025
Analyzed
CVE-2025-33073 KEV
8.8 High

Microsoft Windows SMB Client contains an improper access control vulnerability that could allow for privilege escalation. An attacker could execute a specially …

Attack vector
Network
Published
20/10/2025
Modified
27/05/2026
Received
CVE-2025-0283
7.0 High

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA …

Attack vector
LOCAL
Published
09/01/2025
Modified
21/12/2025
Analyzed
CVE-2025-0282 KEV
9.0 Critical

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA …

Attack vector
Network
Published
08/01/2025
Modified
21/12/2025
Analyzed
CVE-2023-38831 KEV
7.8 High

RARLAB WinRAR contains an unspecified vulnerability that allows an attacker to execute code when a user attempts to view a benign file …

Attack vector
Local
Published
24/08/2023
Modified
27/05/2026
CVE-2024-57727 KEV
7.5 High

SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary …

Attack vector
Network
Published
13/02/2025
Modified
21/12/2025
Modified
CVE-2025-20362 KEV
6.5 Medium

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense …

Attack vector
Network
Published
25/09/2025
Modified
21/12/2025
Analyzed
CVE-2023-46805 KEV
8.2 High

Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the …

Attack vector
Network
Published
10/01/2024
Modified
27/05/2026
CVE-2025-24054 KEV
6.5 Medium

Microsoft Windows NTLM contains an external control of file name or path vulnerability that allows an unauthorized attacker to perform spoofing over …

Attack vector
Network
Published
17/04/2025
Modified
27/05/2026
Awaiting Analysis
CVE-2025-55182 KEV
10.0 Critical

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, …

Attack vector
Network
Published
05/12/2025
Modified
29/05/2026
Analyzed
CVE-2021-42278 KEV

Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.

Published
11/04/2022
Modified
20/12/2025
CVE-2023-36025 KEV
8.8 High

Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to bypass Windows Defender SmartScreen checks and their …

Attack vector
Network
Published
14/11/2023
Modified
21/12/2025

Attack patterns (MITRE) (4)

Course Of Action (7)

  • Network Intrusion Prevention mitigates
  • Limit Access to Resource Over Network mitigates
  • User Training mitigates
  • Filter Network Traffic mitigates
  • Encrypt Sensitive Information mitigates
  • Disable or Remove Feature or Program mitigates
  • Network Segmentation mitigates

Tool (2)

  • NPPSPY uses
    The MITRE Corporation Confidence 100

    NPPSPY is an implementation of a theoretical mechanism first presented in 2004 for capturing credentials submitted to a Windows system via a rogue Network Provider API item. NPPSPY …

    Published 16/12/2025 19:37 · Modified 27/03/2026 01:07
  • evilginx2 uses
    The MITRE Corporation Confidence 75

    [evilginx2](https://attack.mitre.org/software/S9003) is an open-source adversary-in-the-middle (AiTM) attack framework based on the open-source nginx web server. [evilginx2](https://attack.mitre.org/software/S9003) can be used as a reverse proxy between victims and legitimate web …

    Published 30/01/2026 21:15 · Modified 04/05/2026 16:31

Campaign (1)

  • ArcaneDoor uses