- Exploit
Tactic or Technique: Exploit
Exploit-based attacks take advantage of software vulnerabilities to compromise your system, often without you needing to click a link or enter credentials. Instead of stealing passwords, attackers use specially crafted files that run malicious code when you open or preview an attachment.
You might see a booby-trapped Office document, PDF, or media file that targets a flaw in your browser or document viewer. Once the file is opened, the attacker can install malware, steal data, or get long-term access to your device without any obvious signs.
These attacks are dangerous because they don’t rely on tricking you with a fake login or link. A file might look completely normal, but opening it is enough. Exploits like this are often used as the first step in ransomware attacks, data theft, or more targeted intrusions.
The best defense is keeping your software up to date. Most of these attacks rely on known vulnerabilities that already have fixes available, as long as you've applied them.
Attack Types (4):
Detection Methods (12):
Rule Name & Severity | Last Updated | Author | Types, Tactics & Capabilities | |
|---|---|---|---|---|
Attachment: Archive containing HTML file with file scheme link | 2d ago Jul 16th, 2025 UTC | Sublime Security | /feeds/core/detection-rules/attachment-archive-containing-html-file-with-file-scheme-link-edf6d0d9 | |
Callback Phishing via Xodo Sign comment | 2d ago Jul 16th, 2025 UTC | Sublime Security | /feeds/core/detection-rules/callback-phishing-via-xodo-sign-comment-6f722c5d | |
Mass campaign: Cross Site Scripting (XSS) attempt | 2d ago Jul 16th, 2025 UTC | Sublime Security | /feeds/core/detection-rules/mass-campaign-cross-site-scripting-xss-attempt-6cbb7124 | |
Open redirect: City of Calgary | 1mo ago May 23rd, 2025 UTC | Sublime Security | /feeds/core/detection-rules/open-redirect-city-of-calgary-00321858 | |
Attachment: CVE-2025-24071 - Microsoft Windows File Explorer Spoofing Vulnerability | 3mo ago Mar 21st, 2025 UTC | Sublime Security | /feeds/core/detection-rules/attachment-cve-2025-24071-microsoft-windows-file-explorer-spoofing-vulnerability-2e69fa0b | |
CVE-2023-5631 - Roundcube Webmail XSS via crafted SVG | 1y ago Feb 23rd, 2024 UTC | Sublime Security | /feeds/core/detection-rules/cve-2023-5631-roundcube-webmail-xss-via-crafted-svg-8405d61b | |
Link: CVE-2024-21413 Microsoft Outlook Remote Code Execution Vulnerability | 1y ago Feb 15th, 2024 UTC | Sublime Security | /feeds/core/detection-rules/link-cve-2024-21413-microsoft-outlook-remote-code-execution-vulnerability-e8151426 | |
Attachment: Archive contains DLL-loading macro | 2y ago Dec 28th, 2023 UTC | Sublime Security | /feeds/core/detection-rules/attachment-archive-contains-dll-loading-macro-3a193f5f | |
Attachment: CVE-2023-21716 - Microsoft Office Remote Code Execution Vulnerability | 2y ago Dec 19th, 2023 UTC | Sublime Security | /feeds/core/detection-rules/attachment-cve-2023-21716-microsoft-office-remote-code-execution-vulnerability-23714cca | |
Attachment: CVE-2021-40444 - MSHTML Remote Code Execution Vulnerability | 2y ago Dec 19th, 2023 UTC | Sublime Security | /feeds/core/detection-rules/attachment-cve-2021-40444-mshtml-remote-code-execution-vulnerability-8cefcf7f | |
Outlook hyperlink bypass: left-to-right mark (LRM) in base HTML tag | 2y ago Aug 21st, 2023 UTC | Sublime Security | /feeds/core/detection-rules/outlook-hyperlink-bypass-left-to-right-mark-lrm-in-base-html-tag-160cc681 | |
Attachment: LNK with embedded content | 2y ago Aug 21st, 2023 UTC | @ajpc500 | /feeds/core/detection-rules/attachment-lnk-with-embedded-content-41452f7a |