Insecure Direct Object Reference - MITRE ATT&CK

Threat entity extracted from intelligence sources

Frequency
4
occurrences
First Seen
November 19, 2025
Last Seen
February 25, 2026

Insecure Direct Object Reference is a mitre_attack tracked across 5 threat clusters and 4 intelligence report mentions on ThreatCluster. First observed November 19, 2025; most recent activity February 25, 2026.

Related Threat Clusters

  • Spain Ministry of Science Cyberattack Causes IT System Shutdown

    A cyberattack on Spain's Ministry of Science has led to a partial shutdown of its IT systems, affecting services utilized by researchers, universities, students, and businesses. The breach involves potentially sensitive…

    3 articles · Updated February 6, 2026
  • Critical Vulnerabilities in SolarWinds Serv-U Software Patched

    SolarWinds has issued security updates for four critical remote code execution vulnerabilities in its Serv-U software, which could allow attackers to gain root access to unpatched servers. The affected software is used…

    19 articles · Updated February 24, 2026
  • Ravenna Hub Fixes Vulnerability Exposing Student Data

    Ravenna Hub, a student admissions website, fixed a vulnerability that exposed personal information of children and their families. The issue allowed any logged-in user to access sensitive data associated with other…

    2 articles · Updated February 21, 2026
  • Vibe Coding's Rise and Associated Hacking Risks

    Vibe coding, named Collins Dictionary's Word of the Year 2025, allows developers to write code using natural language prompts, facilitated by AI tools. While this method enhances accessibility and speeds up development,…

    1 article · Updated November 19, 2025
  • Vibe Coding: Security Risks Emerge as AI Transforms Software Development

    Vibe coding, named Collins Dictionary's Word of the Year 2025, refers to using AI to generate code from natural language prompts. While this innovation enhances accessibility and speed in software development, it also…

    3 articles · Updated November 19, 2025

Recent Intelligence Reports

  • Solarwinds Serv-U: Update patches four critical security vulnerabilities — Heise.De · February 25, 2026
  • Bug in student admissions website exposed children’s personal information — Techcrunch · February 19, 2026
  • Spanish Ministry of Science partially shuts down IT systems amid suspected data breach — Scworld · February 6, 2026
  • Vibe Coding's Dark Side: Hacking Risks in AI-Powered Software — Webpronews · November 19, 2025

CVSS v3.1 Breakdown