The Containment Era is here. →Explore

aviatrix logoAviatrix
Under Active Attack
Industry Category

Design

Breach intelligence, attack campaigns, and threat reports targeting the Design sector.

3 threat reports
Page 1 of 1

Explore Other Sectors

Accounting
Aerospace/Aviation
Agriculture
Airlines/Aviation
Animation
Apparel/Fashion
Architecture/Planning
Artificial Intelligence
Artificial Intelligence/Machine Learning
Arts/Crafts
Automotive
Aviation/Aerospace
Banking/Mortgage
Biotechnology/Greentech
Blockchain/Cryptocurrency
Broadcast Media
Broadcasting Media
Broadcasting/Media
Building Materials
Business Supplies/Equipment
Capital Markets/Hedge Fund/Private Equity
Chemical
Chemicals
Civic/Social Organization
Civil Engineering
Cloud Computing
Cloud Computing/SaaS
Cloud Services
Commercial Facilities
Commercial Real Estate
Computer Games
Computer Hardware
Computer Networking
Computer Software/Engineering
Computer/Network Security
Construction
Consulting
Consumer Electronics
Consumer Goods
Consumer Services
Cosmetics
Cosmetics
Critical Manufacturing
Cryptocurrencies
Customer Services
Cybersecurity
Dairy
Dating/Personal Services
Defense/Space
Design
E-Learning
Education Management
Electrical/Electronic Manufacturing
Emergency Services
Energy
Energy/Oil/Solar/Greentech
Entertainment/Movie Production
Environmental Services
Events Services
Facilities Services
Farming
Fashion/Apparel
Financial Services
Fine Art
Fishery
Food Production
Food/Beverages
Fortune 500 companies
Franchising
Fundraising
Gambling/Casinos
Gaming
Gaming/Casinos
Government Administration
Government Facilities
Government Relations
Graphic Design/Web Design
Health Care / Life Sciences
Higher Education/Acadamia
Hospitality
Human Resources/HR
Import/Export
Individual/Family Services
Industrial Automation
Information Services
Information Technology/IT
Insurance
International Affairs
International Trade/Development
Internet
Investment Banking/Venture
Investment Management/Hedge Fund/Private Equity
Judiciary
Law Enforcement
Law Practice/Law Firms
Legal Services
Legislative Office
Leisure/Travel
Logistics/Procurement
Luxury Goods/Jewelry
Machinery
Management Consulting
Manufacturing
Maritime
Marketing/Advertising/Sales
Mechanical or Industrial Engineering
Media Production
Medical Equipment
Medical Practice
Military Industry
Mining/Metals
Mobile
Museums/Institutions
Music
Newspapers/Journalism
Non-Profit/Volunteering
Oil/Energy/Solar/Greentech
Online Publishing
Outsourcing/Offshoring
Package/Freight Delivery
Parking
Pharmaceuticals
Philanthropy
Photography
Plastics
Political Organization
Primary/Secondary Education
Professional Training
Public Relations/PR
Public Safety
Publishing Industry
Railroad Manufacture
Real Estate/Mortgage
Recreational Facilities/Services
Religious Institutions
Renewables/Environment
Research Industry
Restaurants
Retail Industry
Robotics
Rural Healthcare
Security/Investigations
Semiconductors
Sporting Goods
Sports
Staffing/Recruiting
Supermarkets
Technology
Technology/IT
Telecommunications
Think Tanks
Toys and Games
Transportation
Travel/Tourism
Trucking/Freight
Utilities
Venture Capital/VC
Warehousing
Water and Wastewater
Water and Wastewater Systems
Water and Wastewater Treatment
Water, Waste, Steam, and Air Conditioning Services
Water/Wastewater Management
Water/Wastewater/Utilities
Wholesale
Wireless

Design Threat Reports

Showing 13 / 3 reports
ComfyUI Cryptomining Botnet Attack 2026
Impact· HIGH
Computer Software/Engineering

ComfyUI Cryptomining Botnet Attack 2026

In April 2026, over 1,000 internet-exposed instances of ComfyUI, a popular stable diffusion platform, were targeted in a sophisticated cryptomining botnet campaign. Attackers utilized a custom Python scanner to identify vulnerable ComfyUI deployments, exploiting misconfigurations that allowed remote code execution via custom nodes. Upon successful exploitation, compromised hosts were enlisted into a botnet mining Monero and Conflux cryptocurrencies, managed through a Flask-based command-and-control dashboard. The campaign also employed persistence mechanisms to maintain control over infected systems. This incident underscores the critical need for securing internet-facing applications and services, as attackers continue to exploit misconfigurations and vulnerabilities to deploy cryptomining operations. Organizations must prioritize regular security assessments, implement robust authentication mechanisms, and monitor for unauthorized activities to mitigate such threats.

2 months ago

Kill Chain

IC
Initial Compromise(high)
PE
Privilege Escalation(high)
LM
Lateral Movement(medium)
C&C
Command & Control(high)
E
Exfiltration(low)
I
Impact(high)
Read Report
Russian Threat Actors Weaponize Blender Files to Deliver StealC Malware in 2024
Impact· medium
Computer Games

Russian Threat Actors Weaponize Blender Files to Deliver StealC Malware in 2024

In early 2024, a sophisticated cyber campaign was identified where Russian-linked threat actors distributed the StealC V2 infostealing malware using malicious Blender 3D model files uploaded to popular 3D asset marketplaces such as CGTrader. Unsuspecting users who downloaded and opened these Blender files inadvertently executed trojanized Python scripts embedded within, enabling attackers to exfiltrate sensitive information including credentials, browser data, and cryptocurrency wallets. The campaign leveraged trusted platforms to evade detection and maximize potential victims among creative professionals and digital artists worldwide. This incident highlights the growing trend of weaponizing legitimate digital content and developer platforms to deliver sophisticated malware and infostealers. As attackers exploit emerging marketplaces and supply chains, businesses and individuals face increased risk of credential theft and data compromise, driving renewed urgency for Zero Trust security approaches and robust supply chain vetting.

5 months ago

Kill Chain

IC
Initial Compromise(high)
PE
Privilege Escalation(medium)
LM
Lateral Movement(low)
C&C
Command & Control(medium)
E
Exfiltration(high)
I
Impact(medium)
Read Report
How a Vulnerable AI Plugin in Figma MCP Opened the Door for Remote Code Attacks
Impact· low
Computer Software/Engineering

How a Vulnerable AI Plugin in Figma MCP Opened the Door for Remote Code Attacks

In early 2025, a critical vulnerability (CVE-2025-53967) was discovered in a third-party connector integrating agentic AI capabilities with Figma’s Multi-Cloud Platform (MCP) server. This supply-chain flaw enabled remote code execution (RCE), allowing attackers to exploit the connection to infiltrate organizational environments using the affected plugin. Threat actors leveraged the unsanctioned plugin to gain unauthorized access to internal systems, potentially exposing sensitive design data, intellectual property, and user information. The compromise highlighted risks associated with insufficient east-west security controls, lack of zero trust segmentation, and inadequate traffic visibility, ultimately impacting business continuity and trust in the collaboration platform. This incident exemplifies the growing threat of supply-chain vulnerabilities targeting enterprise SaaS applications, amid increasing adoption of AI integrations. Organizations are re-evaluating their third-party risk, agentic AI governance, and internal segmentation postures as regulatory scrutiny and attacker sophistication intensify.

5 months ago

Kill Chain

IC
Initial Compromise(high)
PE
Privilege Escalation(medium)
LM
Lateral Movement(medium)
C&C
Command & Control(medium)
E
Exfiltration(medium)
I
Impact(low)
Read Report
[ INCIDENT RESPONSE // UNDER ATTACK? ]

Stop Active Cloud Data Exfiltration

Aviatrix Breach Lock helps teams instantly identify what data is leaving the environment, from which workload, and where it’s going — during an active breach.

Under Attack

Looking for threats in a different sector?

Browse All Threat Reports