CVE-2020-0609
published 2020-01-14CVE-2020-0609: A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system…
PriorityP193critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEVRansomware
Exploited in the wild
EPSS
74.90%
99.4th percentile
A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0610.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server_2012 | — | — |
| msrc | windows_server_2012 | — | — |
| msrc | windows_server_2012_r2 | — | — |
| msrc | windows_server_2016 | — | — |
| msrc | windows_server_2019 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated RDP connections to Windows RD Gateway over UDP port 3391 with specially crafted requests — pre-authentication, no user interaction required. ↗
- →Prioritize detection on Windows Server 2012, 2016, and 2019 systems running the Remote Desktop Gateway role, as these are the affected platforms. ↗
- →Alert on exploitation attempts targeting RD Gateway via RDP — the attack vector is the UDP transport layer of RD Gateway, not standard TCP RDP. ↗
- →The public PoC exploit (BlueGate, EDB-47964) uses DTLS over UDP to send crafted packets to the RD Gateway; monitor for anomalous DTLS traffic on UDP/3391. ↗
- ·The vulnerability is specific to the UDP transport of RD Gateway (UDP/3391); TCP-based RDP traffic is not affected by this CVE. ↗
- ·At time of Microsoft's advisory publication, the vulnerability was not yet observed as exploited in the wild, though exploitation was rated 'More Likely' for older software releases. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vulncheck9.8CRITICAL
vendor_msrc9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability
vendor_msrc·2020-01-14·CVSS 9.8
CVE-2020-0609 [CRITICAL] Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability
Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems RD Gateway via RDP.
The update addresses the vulnerability by correcting how RD Gateway ha
GHSA
GHSA-73x6-v3m8-f299: A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target sy
ghsa_unreviewed·2022-05-24·CVSS 9.8
CVE-2020-0609 [CRITICAL] CWE-20 GHSA-73x6-v3m8-f299: A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target sy
A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0610.
GHSA
GHSA-rfqr-xr33-6qpg: A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target sy
ghsa_unreviewed·2022-05-24·CVSS 9.8
CVE-2020-0610 [CRITICAL] CWE-20 GHSA-rfqr-xr33-6qpg: A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target sy
A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0609.
VulnCheck
Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution
vulncheck·2020·CVSS 9.8
CVE-2020-0609 [CRITICAL] Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution
Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution
A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0610.
Affected: Microsoft Windows
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Known Ransomware Campaign Use: Known
Exploitation References: https://cisa.gov/news-events/cybersecurity-advisories/aa20-014a; https://www.niiconsulting.com/Security_Advisories/Security_Advisory_Digest_Feb_2020_Ed
VulnCheck
Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution
vulncheck·2020·CVSS 9.8
CVE-2020-0610 [CRITICAL] Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution
Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution
A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0609.
Affected: Microsoft Windows
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Known Ransomware Campaign Use: Known
Exploitation References: https://cisa.gov/news-events/cybersecurity-advisories/aa20-014a; https://www.niiconsulting.com/Security_Advisories/Security_Advisory_Digest_Feb_2020_Ed
No detection rules found.
Exploit-DB
Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC)
exploitdb·2020-01-23
CVE-2020-0610 Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC)
Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC)
---
#include "BlueGate.h"
/*
EDB Note:
- Download (Binary) ~ https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47964-1.exe
- Download (Source) ~ https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47964-2.zip
*/
void error(const char* msg)
{
printf("ERROR: %s\n", msg);
exit(EXIT_FAILURE);
}
void SOCKInit()
{
WSADATA wsaData;
int res;
res = WSAStartup(MAKEWORD(2, 2), &wsaData);
if (res != 0)
error("WSAStartup failed");
}
void DTLSInit()
{
SSL_library_init();
SSL_load_error_strings();
ERR_load_BIO_strings();
OpenSSL_add_all_algorithms();
}
int OpenUDPConnection(const char* hostname, int port)
{
int sockfd;
sockaddr_in addr;
sockfd = socket(AF_INET, SOCK_DGRAM, 0)
Exploit-DB
Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC)
exploitdb·2020-01-23
CVE-2020-0610 Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC)
Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC)
---
#include "BlueGate.h"
/*
EDB Note:
- Download (Source) ~
- Download (Binary) ~
*/
void error(const char* msg)
{
printf("ERROR: %s\n", msg);
exit(EXIT_FAILURE);
}
void SOCKInit()
{
WSADATA wsaData;
int res;
res = WSAStartup(MAKEWORD(2, 2), &wsaData);
if (res != 0)
error("WSAStartup failed");
}
void DTLSInit()
{
SSL_library_init();
SSL_load_error_strings();
ERR_load_BIO_strings();
OpenSSL_add_all_algorithms();
}
int OpenUDPConnection(const char* hostname, int port)
{
int sockfd;
sockaddr_in addr;
sockfd = socket(AF_INET, SOCK_DGRAM, 0);
if (sockfd \n", argv[0]);
return 0;
}
hostname = argv[1];
SOCKInit();
DTLSInit();
while (i++ > -1) {
ssl = DTLSConnection(hostname);
if (ssl == NULL) {
break;
}
for (int n = 0; n
Trendmicro
Leveraging Data Science to Minimize the Blast Radius of Ransomware Attacks
blogs_trendmicro·2023-03-02
Leveraging Data Science to Minimize the Blast Radius of Ransomware Attacks
Ransomware
# Leveraging Data Science to Minimize the Blast Radius of Ransomware Attacks
In this blog entry, we present a case study that illustrates how data-science techniques can be used to gain valuable insights about ransomware groups' targeting patterns as detailed in our research paper, “What Decision-Makers Need to Know About Ransomware Risk.”
By: Vladimir Kropotov, Robert McArdle, Fyodor Yarochkin, Shingo Matsugaya
2023/03/02
Read time: ( words)
Save to Folio
In partnership with: Erin Burns, Eireann Leverett of Waratah Analytics
As ransomware groups continue to build on their arsenal of tactics, techniques, and procedures (TTPs), it's essential for cybersecurity professionals to assess the levels of risk to their organizations using multiple sources of information for a comp
Sentinelone
Egregor
blogs_sentinelone·2022-11-30
Egregor
How It Works The Singularity XDR Difference
Singularity Marketplace One-Click Integrations to Unlock the Power of XDR
Pricing & Packaging Comparisons and Guidance at a Glance
Purple AI Accelerate SecOps with Generative AI
Singularity Hyperautomation Easily Automate Security Processes
AI-SIEM The AI SIEM for the Autonomous SOC
Singularity Data Lake AI-Powered, Unified Data Lake
Singularity Data Lake for Log Analytics Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
Singularity Endpoint Autonomous Prevention, Detection, and Response
Singularity XDR Native & Open Protection, Detection, and Response
Singularity RemoteOps Forensics Orchestrate Forensics at Scale
Singularity
Threat Intelligence Comprehensive Adversary Intelligence
Singularity Vulnerability Management
Tenable
ContiLeaks: Chats Reveal Over 30 Vulnerabilities Used by Conti Ransomware – How Tenable Can Help
blogs_tenable·2022-03-24
ContiLeaks: Chats Reveal Over 30 Vulnerabilities Used by Conti Ransomware – How Tenable Can Help
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Securelist
Kaspersky Security Bulletin 2020-2021. EU statistics
blogs_securelist·2021-05-26
Kaspersky Security Bulletin 2020-2021. EU statistics
Table of Contents
- Main figures
- Financial threats
- Ransomware programs
- Miners
- Vulnerable applications used by cybercriminals
- Attacks on macOS
- IoT attacks
- Attacks via web resources
- Local threats
- Phishing in the EU
Authors
- Kaspersky
All statistics in this report are from the global cloud service Kaspersky Security Network (KSN), which receives information from components in our security solutions. The data was obtained from users who have given their consent to it being sent to KSN. Millions of Kaspersky users around the globe assist us in this endeavor to collect information about malicious activity. The statistics in this report cover the period from May 2020 to April 2021, inclusive.
## Main figures
- 70% of Internet user computers in the EU experienced at least
Securelist
Kaspersky Security Bulletin 2020-2021. EU statistics
blogs_securelist·2021-05-26
Kaspersky Security Bulletin 2020-2021. EU statistics
Table of Contents
Main figures
Financial threats
Number of users attacked by banking malware
Threat geography
Ransomware programs
Number of users attacked by ransomware Trojans
Threat geography
Top 10 most common families of ransomware Trojans
Miners
Number of users attacked by miners in the EU
Threat geography
Vulnerable applications used by cybercriminals
Attacks on macOS
Threat geography
IoT attacks
IoT threat statistics
Malware loaded into honeypots
Attacks via web resources
Countries that are sources of web-based attacks
Countries where users faced the greatest risk of online infection
Top 20 malicious programs most actively used in online attacks
Local threats
Countries where users faced the highest risk of local infection
Top 20 malicious objects detected on
Trendmicro
January Patch Tuesday: IE, RDP, Crypto Bugs Updates
blogs_trendmicro·2020-01-15·CVSS 9.8
[CRITICAL] January Patch Tuesday: IE, RDP, Crypto Bugs Updates
## January Patch Tuesday: IE, RDP, Crypto Bugs Updates
Microsoft released 49 patches in this cycle, eight of which are classifed Critical and the remaining 41 as Important. The fixes address a range of products, including RDP Gateway servers, Internet Explorer, CryptoAPI, Office, and OneDrive.
By: Trend Micro 2020/01/15 Read time: ( words)
Save to Folio
2020 starts off with a relatively heavy list of patches for Microsoft users. January is typically a light month for fixes, but Microsoft released patches for 49 vulnerabilities (eight of which are Critical and all the remaining classified as Important) in this cycle. None of these vulnerabilities are known to be under attack at this time.
The listed vulnerabilities covered a range of Microsoft products including Windows RDP Gateway ser
Trendmicro
January Patch Tuesday: IE, RDP, Crypto Bugs Updates
blogs_trendmicro·2020-01-15·CVSS 9.8
[CRITICAL] January Patch Tuesday: IE, RDP, Crypto Bugs Updates
## January Patch Tuesday: IE, RDP, Crypto Bugs Updates
Microsoft released 49 patches in this cycle, eight of which are classifed Critical and the remaining 41 as Important. The fixes address a range of products, including RDP Gateway servers, Internet Explorer, CryptoAPI, Office, and OneDrive.
By: Trend Micro Jan 15, 2020 Read time: ( words)
Save to Folio
2020 starts off with a relatively heavy list of patches for Microsoft users. January is typically a light month for fixes, but Microsoft released patches for 49 vulnerabilities (eight of which are Critical and all the remaining classified as Important) in this cycle. None of these vulnerabilities are known to be under attack at this time.
The listed vulnerabilities covered a range of Microsoft products including Windows RDP Gateway s
Trendmicro
January Patch Tuesday: IE, RDP, Crypto Bugs Updates
blogs_trendmicro·2020-01-15·CVSS 9.8
[CRITICAL] January Patch Tuesday: IE, RDP, Crypto Bugs Updates
# January Patch Tuesday: IE, RDP, Crypto Bugs Updates
Microsoft released 49 patches in this cycle, eight of which are classifed Critical and the remaining 41 as Important. The fixes address a range of products, including RDP Gateway servers, Internet Explorer, CryptoAPI, Office, and OneDrive.
By: Trend Micro
2020/01/15
Read time: ( words)
Save to Folio
2020 starts off with a relatively heavy list of patches for Microsoft users. January is typically a light month for fixes, but Microsoft released patches for 49 vulnerabilities (eight of which are Critical and all the remaining classified as Important) in this cycle. None of these vulnerabilities are known to be under attack at this time.
The listed vulnerabilities covered a range of Microsoft products including Windows RDP Gateway ser
Talos
Microsoft Patch Tuesday — Jan. 2020: Vulnerability disclosures and Snort coverage
blogs_talos·2020-01-14·CVSS 8.1
CVE-2020-0601 [HIGH] Microsoft Patch Tuesday — Jan. 2020: Vulnerability disclosures and Snort coverage
## Microsoft Patch Tuesday — Jan. 2020: Vulnerability disclosures and Snort coverage
By Jon Munshaw. Updated January 15th: Added an Advanced Custom Detection (ACD) signature for AMP that can be used to detect exploitation of CVE-2020-0601 by spoofing certificates masquerading as a Microsoft ECC Code Signing Certificate Authority.
Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 49 vulnerabilities, eight of which are considered critical.
This month's security update is particularly important for its disclosure of two vulnerabilities related to a core cryptographic component in all versions of Windows. CVE-2020-0601 could allow an attacker to use cryptography
Zscaler
Critical Windows Update-CryptoAPI Spoofing | Blog
blogs_zscaler·2020-01-14
Critical Windows Update-CryptoAPI Spoofing | Blog
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Tenable
Microsoft’s January 2020 Patch Tuesday Kicks Off the New Year with 49 New CVEs
blogs_tenable·2020-01-14
Microsoft’s January 2020 Patch Tuesday Kicks Off the New Year with 49 New CVEs
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Talos
Microsoft Patch Tuesday — Jan. 2020: Vulnerability disclosures and Snort coverage
blogs_talos·2020-01-14·CVSS 8.1
CVE-2020-0601 [HIGH] Microsoft Patch Tuesday — Jan. 2020: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Updated January 15th: Added an Advanced Custom Detection (ACD) signature for AMP that can be used to detect exploitation of CVE-2020-0601 by spoofing certificates masquerading as a Microsoft ECC Code Signing Certificate Authority.
Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 49 vulnerabilities, eight of which are considered critical.
This month's security update is particularly important for its disclosure of two vulnerabilities related to a core cryptographic component in all versions of Windows. CVE-2020-0601 could allow an attacker to use cryptography to sign a malicious executable, making the file appear as if it was from a trusted sou
Qualys
January 2020 Patch Tuesday – 50 Vulns, 8 Critical, Adobe Vulns | Qualys
blogs_qualys·2020-01-14·CVSS 8.1
CVE-2020-0601 [HIGH] January 2020 Patch Tuesday – 50 Vulns, 8 Critical, Adobe Vulns | Qualys
This month’s Microsoft Patch Tuesday addresses 50 vulnerabilities with only 8 of them labeled as Critical. Of the 8 Critical vulns, one is for browser and scripting engines, 3 are for .NET Framework and one for ASP.NET. In addition, Microsoft has patched 3 critical RCEs in Remote Desktop Gateway and Remote Desktop Client. Adobe issued patches today for Illustrator CC and Experience Manager.
### CryptoAPI Spoofing
A spoofing vulnerability (CVE-2020-0601) has been patched in Windows CryptoAPI (Crypt32.dll). An attacker can perform man-in-the-middle attacks and decrypt confidential information on user connections to the affected software by using a spoofed code-signing certificate. Although Microsoft rated this as Important, NSA privately disclosed this vulnerability to Microsoft and should
Qualys
January 2020 Patch Tuesday – 50 Vulns, 8 Critical, Adobe Vulns
blogs_qualys·2020-01-14·CVSS 8.1
CVE-2020-0601 [HIGH] January 2020 Patch Tuesday – 50 Vulns, 8 Critical, Adobe Vulns
This month’s Microsoft Patch Tuesday addresses 50 vulnerabilities with only 8 of them labeled as Critical. Of the 8 Critical vulns, one is for browser and scripting engines, 3 are for .NET Framework and one for ASP.NET. In addition, Microsoft has patched 3 critical RCEs in Remote Desktop Gateway and Remote Desktop Client. Adobe issued patches today for Illustrator CC and Experience Manager.
## CryptoAPI Spoofing
A spoofing vulnerability ( CVE-2020-0601 ) has been patched in Windows CryptoAPI (Crypt32.dll). An attacker can perform man-in-the-middle attacks and decrypt confidential information on user connections to the affected software by using a spoofed code-signing certificate. Although Microsoft rated this as Important, NSA privately disclosed this vulnerability to Microsoft and shoul
Sentinelone
Egregor
blogs_sentinelone
Egregor
# Egregor Ransomware: In-Depth Analysis, Detection, and Mitigation
## What Is Egregor Ransomware?
Egregor ransomware is part of the Sekhmet malware family that has been active since mid-September 2020. The ransomware operates by hacking into organizations, stealing sensitive user documents, encrypting data, and demanding a ransom to exchange encrypted documents. The Egregor ransomware has been used in several attacks against large organizations, including the French media company Le Monde and the Canadian government.
## What Does Egregor Ransomware Target?
Egregor ransomware targets organizations across all industries, with focus on healthcare, education, financial services, manufacturing and retail industries. Egregor is known to heavily target school districts and higher education in
Crowdstrike
Vulnerability Roundup: 10 Critical CVEs of 2020
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] Vulnerability Roundup: 10 Critical CVEs of 2020
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
arXiv
CyLens: Towards Reinventing Cyber Threat Intelligence in the Paradigm of Agentic Large Language Models
arxiv_fulltext·2025-04-16
CyLens: Towards Reinventing Cyber Threat Intelligence in the Paradigm of Agentic Large Language Models
: Towards Reinventing Cyber Threat Intelligence in the Paradigm of Agentic Large Language Models
Xiaoqun Liu
Stony Brook University
Stony Brook, NY, USA
[email protected]
Jiacheng Liang*
* Xiaoqun Liu and Jiacheng Liang contributed equally to this work.
Stony Brook University
Stony Brook, NY, USA
[email protected]
Qiben Yan
Michigan State University
East Lansing, MI, USA
[email protected]
Jiyong Jang
IBM Research
Yorktown Heights, NY, USA
[email protected]
Sicheng Mao
Google
New York City, NY, USA
[email protected]
Muchao Ye
The University of Iowa
Iowa City, IA, USA
[email protected]
Jinyuan Jia
Pennsylvania State University
State College, PA, USA
[email protected]
Zhaohan Xi
Binghamton University
Vestal, NY, USA
[email protected]
## Abstract
The exponential g
2020-01-14
Published
Exploited in the wild