Threat Modeling and Security by Design

Threat modeling tooling: Use our tool to start threat modeling within minutes.

Solve your threat modeling problems: We can help you to implement threat modeling and security by design.

Learn about threat modeling: We have lots of content to teach you about threat modeling.

Our Threat Modeling Tool Helps you to Perform Structured Threat Modeling at Scale

It’s easy to get started with threat modeling and gain initial security value from it. However, rolling out structured threat modeling at scale is a different matter. Our threat modeling tool helps you to get the most of threat modeling, in order to apply security by design and default.

  • Powerful assessment engine to understand potential threats and security weakness.
  • Flexible Diagram engine to visualize components and communication flows in play.
  • Clear reporting and metrics for compliance demonstration.

Try our threat modeling tool and get started within minutes!

Methods

Learn about the various threat modeling methods such as STRIDE, PASTA, LINDDUN, and Persona non Grata.

Tooling

We have a full list of threat modeling tools that can help to perform threat modeling. Including our own threat modeling tool.

Templates

Templates can help to kickstart the process. We have lots of free templates available.

Examples

We believe that you learn best from practical and real-world examples. We have lots of example cases and threat models available.

RedWing Android Banking Malware-as-a-Service: New Rent-a-Malware Operation on Telegram Targets Banking Credentials and OTP Codes

TTP Advisory: RedWing Android Malware | No CVE | Threat Type: Malware-as-a-Service (MaaS) | Target: Android banking credentials, OTP codes | Platform: Telegram | Price: $300/month | Discovered by: Zimperium zLabs What Happened Zimperium zLabs has discovered a new Android malware operation called RedWing being rented out on Telegram as a ready-made bank-fraud service. RedWing is a variant of the Oblivion rent-a-malware tool, documented…

Continue Reading RedWing Android Banking Malware-as-a-Service: New Rent-a-Malware Operation on Telegram Targets Banking Credentials and OTP Codes

Ubiquiti UniFi OS: 11 Critical Vulnerabilities Patched — Multiple CVSS 9.9 Command Injection, Path Traversal, SQL Injection

CVE: Multiple — see references | CVSS Range: 7.5 – 9.9 (Critical) | Vendor: Ubiquiti | Product: UniFi OS | Key CVEs: CVE-2026-47369 (CVSS 9.9, command injection), CVE-2026-47370 (CVSS 9.9, command injection), CVE-2026-54402 (CVSS 9.9, command injection), CVE-2026-47368 (CVSS 8.6, path traversal), CVE-2026-54403 (CVSS 8.6, path traversal → auth bypass), CVE-2026-54404 (CVSS 8.8, SQL injection), plus SSRF, CORS misconfiguration, access control vulnerabilities What Is…

Continue Reading Ubiquiti UniFi OS: 11 Critical Vulnerabilities Patched — Multiple CVSS 9.9 Command Injection, Path Traversal, SQL Injection

Writer AI “WriteOut” Vulnerability: Agent Preview Session Token Leak Could Enable Cross-Tenant Account Takeover

TTP Advisory: WriteOut (Writer AI) | No CVE | Severity: Critical (Cross-Tenant Compromise) | Vendor: Writer | Product: Writer Enterprise AI Platform | Discovered by: Sand Security Research | Status: Patched server-side What Is the Vulnerability Sand Security Research discovered a critical session isolation vulnerability in Writer’s enterprise AI platform, dubbed ‘WriteOut’. The flaw existed in Writer’s agent preview feature, where sandbox previews could…

Continue Reading Writer AI “WriteOut” Vulnerability: Agent Preview Session Token Leak Could Enable Cross-Tenant Account Takeover

CVE-2026-43499 “GhostLock”: 15-Year-Old Linux Kernel Flaw Gives Local Users Root Access and Container Escape — Public PoC Released

CVE: CVE-2026-43499 | CVSS 3.1: 7.8 (High) | Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | CWE: CWE-416 (Use After Free) | Vendor: Linux Kernel | Product: rt_mutex/futex | Affected: Most Linux distributions since 2011 | Discovered by: Nebula Security (2,337 via Google kernelCTF) What Is the Vulnerability CVE-2026-43499, dubbed GhostLock, is a 15-year-old use-after-free vulnerability in the Linux kernel rt_mutex code, triggered via the futex subsystem. The vulnerable…

Continue Reading CVE-2026-43499 “GhostLock”: 15-Year-Old Linux Kernel Flaw Gives Local Users Root Access and Container Escape — Public PoC Released

CVE-2026-48908 and CVE-2026-56290: Two Joomla Page Builder CVSS 10.0 Vulnerabilities Added to CISA KEV — Deadline Friday July 10

CISA Known Exploited Vulnerability (KEV): Both CVEs added to the CISA KEV Catalog on July 7, 2026. Action due July 10, 2026 (Friday). Both are CVSS 10.0. BOD 26-04 applies — federal agencies must patch by Friday. CVE: CVE-2026-48908 (SP Page Builder), CVE-2026-56290 (Page Builder CK) | CVSS 3.1: 10.0 (Critical) both | Vendor: JoomShaper / Joomlack | Product: SP Page Builder for Joomla…

Continue Reading CVE-2026-48908 and CVE-2026-56290: Two Joomla Page Builder CVSS 10.0 Vulnerabilities Added to CISA KEV — Deadline Friday July 10

CVE-2026-55255: Langflow IDOR Vulnerability Added to CISA KEV — Authenticated Users Can Execute Any AI Workflow — Deadline Friday

CISA Known Exploited Vulnerability (KEV): Added to the CISA KEV Catalog on July 7, 2026. Action due July 10, 2026 (Friday). BOD 26-04 applies. CVE: CVE-2026-55255 | CVSS 3.1: 8.4 (High) | Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L | CWE: CWE-639 (Authorization Bypass Through User-Controlled Key) | Vendor: Langflow | Product: Langflow (AI agent/bot building platform) | Affected versions: Prior to 1.9.1 What Is the Vulnerability CVE-2026-55255 is…

Continue Reading CVE-2026-55255: Langflow IDOR Vulnerability Added to CISA KEV — Authenticated Users Can Execute Any AI Workflow — Deadline Friday