Threat Modeling and Security by Design

Threat modeling tooling: Use our tool to start threat modeling within minutes.

Solve your threat modeling problems: We can help you to implement threat modeling and security by design.

Learn about threat modeling: We have lots of content to teach you about threat modeling.

Our Threat Modeling Tool Helps you to Perform Structured Threat Modeling at Scale

It’s easy to get started with threat modeling and gain initial security value from it. However, rolling out structured threat modeling at scale is a different matter. Our threat modeling tool helps you to get the most of threat modeling, in order to apply security by design and default.

  • Powerful assessment engine to understand potential threats and security weakness.
  • Flexible Diagram engine to visualize components and communication flows in play.
  • Clear reporting and metrics for compliance demonstration.

Try our threat modeling tool and get started within minutes!

Methods

Learn about the various threat modeling methods such as STRIDE, PASTA, LINDDUN, and Persona non Grata.

Tooling

We have a full list of threat modeling tools that can help to perform threat modeling. Including our own threat modeling tool.

Templates

Templates can help to kickstart the process. We have lots of free templates available.

Examples

We believe that you learn best from practical and real-world examples. We have lots of example cases and threat models available.

Attack Campaign Alert: Threat Actors Systematically Disabling Microsoft Defender, Sysmon, and WAF Before Mimikatz Credential Dumping

Campaign Advisory — Not a CVE. TTP alert: attackers observed systematically disabling security tooling as a pre-credential-dumping kill chain step. Technique: Defense Suppression → Credential Dumping | Targets: Microsoft Defender, Sysmon, WAF | Tooling: Mimikatz What Is Happening Threat actors have been observed executing a systematic defense suppression chain: after gaining initial access, they disable Microsoft Defender (Windows built-in antivirus), Sysmon (system monitoring), and…

Continue Reading Attack Campaign Alert: Threat Actors Systematically Disabling Microsoft Defender, Sysmon, and WAF Before Mimikatz Credential Dumping

JetBrains Security Advisory: Critical Authentication Bypass and Remote Code Execution Across All IDEs Including IntelliJ, PyCharm, WebStorm

What Is the Vulnerability? JetBrains has patched critical vulnerabilities across its entire IDE ecosystem, including authentication bypass and remote code execution (RCE) flaws. These vulnerabilities affect all JetBrains products: IntelliJ IDEA, PyCharm, WebStorm, GoLand, CLion, Rider, DataGrip, RubyMine, PhpStorm, and others. The authentication bypass can lead to account takeover, while the RCE vulnerability allows arbitrary code execution on the developer’s workstation. A compromised developer…

Continue Reading JetBrains Security Advisory: Critical Authentication Bypass and Remote Code Execution Across All IDEs Including IntelliJ, PyCharm, WebStorm

CVE-2026-45659: Microsoft SharePoint Server Deserialization Remote Code Execution (CISA KEV)

CISA Known Exploited Vulnerability (KEV): Added July 1, 2026. Due July 4, 2026. BOD 26-04 3-day mandate. Patch shipped May 2026 but Microsoft forgot to disclose until May 21. What Is the Vulnerability? CVE-2026-45659 is a deserialization of untrusted data vulnerability in Microsoft SharePoint Server that allows remote code execution (RCE). An authenticated attacker with Site Member permissions — the standard contributor role —…

Continue Reading CVE-2026-45659: Microsoft SharePoint Server Deserialization Remote Code Execution (CISA KEV)

Vulnerability Intelligence Report — July 2, 2026

Vulnerability Intelligence Report — July 2, 2026 Coverage: July 1–2, 2026 | New CISA KEV: 1 (Microsoft SharePoint CVE-2026-45659, due July 4) | KEV deadline TODAY: SimpleHelp (CVSS 10.0, MSP supply chain, TaskWeaver loader) | Active KEV deadlines: 2 (SimpleHelp today, SharePoint July 4) | 28 overdue KEVs carry over from June Previous report: July 1, 2026 Thursday, July 2, 2026 — the SimpleHelp…

Continue Reading Vulnerability Intelligence Report — July 2, 2026

Vulnerability Intelligence Report — July 1, 2026

Vulnerability Intelligence Report — July 1, 2026 Coverage: July 1, 2026 | CISA KEV additions: 0 (period: SimpleHelp CVE-2026-48558, due July 2) | KEV deadline TOMORROW: SimpleHelp (CVSS 10.0, MSP supply chain, TaskWeaver loader) | Chrome: 382 vulnerabilities patched — 15 critical | Adobe ColdFusion: 11 critical — 6 with CVSS 10.0 | Microsoft Defender: second 0-day this week (“RoguePlanet”) Previous report: June 30,…

Continue Reading Vulnerability Intelligence Report — July 1, 2026

NTLM Reflection Bypass Proof-of-Concept Enables SYSTEM Access on Windows Server

CVE: CVE-2026-XXXXX (reservation expected) | Vendor: Microsoft | Product: Windows Server (all supported versions), Windows 11 What Is the Vulnerability A proof-of-concept has been released demonstrating a bypass of Microsoft’s long-standing NTLM reflection attack mitigations, enabling an attacker to escalate privileges to SYSTEM on Windows Server and Windows 11 machines. NTLM reflection attacks exploit the design of the NT LAN Manager authentication protocol: an…

Continue Reading NTLM Reflection Bypass Proof-of-Concept Enables SYSTEM Access on Windows Server