Threat Modeling and Security by Design

Threat modeling tooling: Use our tool to start threat modeling within minutes.

Solve your threat modeling problems: We can help you to implement threat modeling and security by design.

Learn about threat modeling: We have lots of content to teach you about threat modeling.

Our Threat Modeling Tool Helps you to Perform Structured Threat Modeling at Scale

It’s easy to get started with threat modeling and gain initial security value from it. However, rolling out structured threat modeling at scale is a different matter. Our threat modeling tool helps you to get the most of threat modeling, in order to apply security by design and default.

  • Powerful assessment engine to understand potential threats and security weakness.
  • Flexible Diagram engine to visualize components and communication flows in play.
  • Clear reporting and metrics for compliance demonstration.

Try our threat modeling tool and get started within minutes!

Methods

Learn about the various threat modeling methods such as STRIDE, PASTA, LINDDUN, and Persona non Grata.

Tooling

We have a full list of threat modeling tools that can help to perform threat modeling. Including our own threat modeling tool.

Templates

Templates can help to kickstart the process. We have lots of free templates available.

Examples

We believe that you learn best from practical and real-world examples. We have lots of example cases and threat models available.

Opera GX Critical Flaw: Malicious Websites Could Auto-Install Mods to Steal Data From Visited Pages — Patched in v130.0.5847.89

TTP Advisory: Opera GX Browser Flaw | No CVE | Severity: Critical (P1, $5,000 bug bounty) | Vendor: Opera | Product: Opera GX Browser | Fixed in: v130.0.5847.89 What Is the Vulnerability A critical flaw in Opera GX, the gaming-focused version of the Opera browser, allowed malicious websites to silently install a browser add-on (GX Mod) without any user approval or click. The installed…

Continue Reading Opera GX Critical Flaw: Malicious Websites Could Auto-Install Mods to Steal Data From Visited Pages — Patched in v130.0.5847.89

Cisco Catalyst SD-WAN: CVE-2026-20262 and CVE-2026-20245 — CISA Warns of Escalating Attacks Against SD-WAN Infrastructure

CISA Known Exploited Vulnerability (KEV): CVE-2026-20262 added June 15 (deadline June 29 — now 7 days overdue). CVE-2026-20245 added June 9 (deadline June 23 — now 13 days overdue). BOD 26-04 applies — both deadlines have passed. CVE: CVE-2026-20262, CVE-2026-20245 | CVSS 3.1: Various (High) | Vendor: Cisco | Product: Catalyst SD-WAN (Manager, Controller, Validator) | Affected: SD-WAN Manager (vManage), SD-WAN Controller (vSmart), SD-WAN…

Continue Reading Cisco Catalyst SD-WAN: CVE-2026-20262 and CVE-2026-20245 — CISA Warns of Escalating Attacks Against SD-WAN Infrastructure

North Korean PolinRider Campaign: 108 Malicious Packages Across npm, Packagist, Go, and Chrome — Active Supply Chain Attack

Supply Chain Advisory: PolinRider Campaign | No CVE | Threat Actor: North Korean (Contagious Interview group) | Targets: npm, Packagist, Go modules, Chrome extensions | Status: Active What Happened North Korean threat actors linked to the Contagious Interview campaign have published 108 unique malicious packages and browser extensions across four ecosystems: 19 npm libraries, 10 Composer (Packagist) packages, 61 Go modules, and one Google…

Continue Reading North Korean PolinRider Campaign: 108 Malicious Packages Across npm, Packagist, Go, and Chrome — Active Supply Chain Attack

Vulnerability Intelligence Report — July 6, 2026

Vulnerability Intelligence Report — July 6, 2026 New CISA KEV: 0 | KEV calendar still clear | FortiBleed traced to INC and Lynx ransomware | Cisco confirms Unified CM exploitation | Opera GX critical flaw auto-installs malicious mods | North Korean PolinRider: 108 malicious packages | AI-driven ransomware: JadePuffer automates attacks | Oracle EBS Payments under active exploitation Previous reports: July 5, 2026 |…

Continue Reading Vulnerability Intelligence Report — July 6, 2026

Fortinet FortiSandbox: CVE-2026-25089 and CVE-2026-26083 — Two Critical CVSS 9.8 Vulnerabilities Under Active Exploitation

CVE: CVE-2026-25089, CVE-2026-26083 | CVSS 3.1: 9.8 (Critical) | Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | CWE: CWE-78 (OS Command Injection), CWE-862 (Missing Authorization) | Vendor: Fortinet | Product: FortiSandbox | Affected versions: 5.0.0–5.0.5, 4.4.0–4.4.8, 4.2 all, FortiSandbox Cloud 5.0.4–5.0.5, FortiSandbox PaaS 23.4–22.2 What Is the Vulnerability CVE-2026-25089 is an OS command injection vulnerability in Fortinet FortiSandbox that allows an unauthenticated attacker to execute arbitrary commands via specially…

Continue Reading Fortinet FortiSandbox: CVE-2026-25089 and CVE-2026-26083 — Two Critical CVSS 9.8 Vulnerabilities Under Active Exploitation

WinRAR Code Execution Vulnerability via Malformed Recovery Volumes — Update to Version 7.23

What Is the Vulnerability A vulnerability in WinRAR’s handling of recovery volumes (REV files) allows attackers to execute arbitrary code on the user’s system. When a WinRAR user opens a maliciously crafted RAR archive containing a malformed recovery volume, the flawed parsing logic triggers code execution. The flaw was previously partially addressed for the RAR3 format but also affects the RAR5 format. WinRAR lacks…

Continue Reading WinRAR Code Execution Vulnerability via Malformed Recovery Volumes — Update to Version 7.23