{"id":25201,"date":"2019-02-12T17:37:55","date_gmt":"2019-02-12T17:37:55","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/29815\/Researchers-Hide-Malware-In-Intel-SGX-Enclaves.html"},"modified":"2019-02-12T17:37:55","modified_gmt":"2019-02-12T17:37:55","slug":"researchers-hide-malware-in-intel-sgx-enclaves","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/researchers-hide-malware-in-intel-sgx-enclaves\/","title":{"rendered":"Researchers Hide Malware In Intel SGX Enclaves"},"content":{"rendered":"<p><span class=\"img aspect-set\"><img decoding=\"async\" src=\"https:\/\/zdnet1.cbsistatic.com\/hub\/i\/2019\/02\/12\/c46abe6a-1a68-4029-9424-9f318b67e367\/e08a3129c61292966e8ec48257dfcad2\/intel.jpg\" class=\"\" alt=\"Intel CPU\"\/><\/span><\/p>\n<p>A team of academics has found a way to abuse Intel SGX enclaves to hide malicious code from security software and to allow the creation of what researchers are calling &#8220;super-malware.&#8221;<\/p>\n<p><a href=\"https:\/\/software.intel.com\/en-us\/sgx\" target=\"_blank\" rel=\"noopener noreferrer\">Intel Software Guard eXtensions (SGX)<\/a> is a feature found in all modern Intel CPUs that allow developers to isolate applications in secure &#8220;enclaves.&#8221;<\/p>\n<p>The enclaves work in a hardware-isolated section of the CPU&#8217;s processing memory where applications can run operations that deal with extremely sensitive details, such as encryption keys, passwords, user data, and more.<\/p>\n<p>Until today, the only known vulnerabilities impacting SGX enclaves had been side-channel attacks that leaked the data being processed inside an enclave, revealing an app&#8217;s secrets.<\/p>\n<p>But in a research paper published today, security researchers showed that SGX enclaves could be used as a place to hide undetectable malware.<\/p>\n<p>This never-before-seen concept relies on attackers being able to install or trick a user into installing an app that sets up a malicious enclave.<\/p>\n<p>Creating and loading a malicious enclave isn&#8217;t as easy as it sounds because Intel&#8217;s SGX technology only accepts and launches enclaves that have been signed with a signature key found on an internal whitelist of approved keys. These keys are usually handed out to approved developers.<\/p>\n<section class=\"sharethrough-top\" data-component=\"medusaContentRecommendation\" data-medusa-content-recommendation-options=\"{&quot;promo&quot;:&quot;promo_ZD_recommendation_sharethrough_top_in_article_desktop&quot;,&quot;spot&quot;:&quot;dfp-in-article&quot;}\">\n<\/section>\n<p>But the research team says there are at least four methods in which a threat actor could get his hands on a signature key, and sign a malicious enclave.<\/p>\n<p>&#8220;In fact, we have a report from a student who independently of us found that it is easy to go through Intel&#8217;s process to obtain such signing keys,&#8221; researchers said. [We will not list all four methods, but they can be found on page two of the researchers&#8217; paper.]<\/p>\n<p>However, even if attackers manage to sign, implant, and then run a malicious enclave, that still doesn&#8217;t mean the system has been infected because SGX enclaves also don&#8217;t have full access to the same type of operations that the local OS has, being restricted to a few commands.<\/p>\n<p>But in their research paper, the academics went around this limitation by using an exploitation technique known as <a href=\"https:\/\/en.wikipedia.org\/wiki\/Return-oriented_programming\" target=\"_blank\" rel=\"noopener noreferrer\">return-oriented programming (ROP)<\/a> to piggy-back on <a href=\"https:\/\/en.wikipedia.org\/wiki\/Transactional_Synchronization_Extensions\" target=\"_blank\" rel=\"noopener noreferrer\">Intel Transactional Synchronization eXtensions (TSX)<\/a> to allow the malicious enclave access to a wider set of commands that it is normally entitled to.<\/p>\n<p>&#8220;Our SGX-ROP attack uses new TSX-based memory-disclosure primitive and a write-anything-anywhere primitive to construct a code-reuse attack from within an enclave which is then inadvertently executed by the host application,&#8221; said the research team.<\/p>\n<p>&#8220;With SGX-ROP, we bypass ASLR, stack canaries, and address sanitizer,&#8221; they added. &#8220;We demonstrate that instead of protecting users from harm, SGX currently poses a security threat, facilitating so-called super-malware with ready-to-hit exploits.&#8221;<\/p>\n<p>The research team has published <a href=\"https:\/\/github.com\/sgxrop\/sgxrop\" target=\"_blank\" rel=\"noopener noreferrer\">proof-of-concept code<\/a> showing that attacks using enclave malware are now possible at a practical level.<\/p>\n<p>Since SGX enclaves are meant to work separately and be out of reach of the main operating system, any malicious enclave is theoretically impossible to detect by security products, and is the equivalent of a rootkit on steroids.<\/p>\n<p>&#8220;Intel is aware of this research which is based upon assumptions that are outside the threat model for Intel\u00ae SGX. The value of Intel SGX is to execute code in a protected enclave; however, Intel SGX does not guarantee that the code executed in the enclave is from a trusted source,&#8221; an Intel spokesperson told us via email. &#8220;In all cases, we recommend utilizing programs, files, apps, and plugins from trusted sources. Protecting customers continues to be a critical priority for us and we would like to thank Michael Schwarz, Samuel Weiser, and Daniel Grus for their ongoing research and for working with Intel on coordinated vulnerability disclosure.&#8221;<\/p>\n<p>More details are available in the research paper titled &#8220;Practical Enclave Malware with Intel SGX,&#8221; available as a PDF download from <a href=\"https:\/\/arxiv.org\/pdf\/1902.03256.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>.<\/p>\n<p>This research is also not the first of its kind. A week before the publication of this paper, Intel security researcher Marion Marschalek also showed how malicious code could abuse SGX enclaves to infect systems. Video below.<\/p>\n<section class=\"shortcode media-source\">\n<\/section>\n<p><em>Article updated with Intel statement and video of second research on SGX enclave malware.<\/em><\/p>\n<h3>Related security coverage:<\/h3>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/29815\/Researchers-Hide-Malware-In-Intel-SGX-Enclaves.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":25202,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[5811],"class_list":["post-25201","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackermalwareintel"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Researchers Hide Malware In Intel SGX Enclaves 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/researchers-hide-malware-in-intel-sgx-enclaves\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Researchers Hide Malware In Intel SGX Enclaves 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/researchers-hide-malware-in-intel-sgx-enclaves\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2019-02-12T17:37:55+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/02\/researchers-hide-malware-in-intel-sgx-enclaves.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"430\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/researchers-hide-malware-in-intel-sgx-enclaves\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/researchers-hide-malware-in-intel-sgx-enclaves\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Researchers Hide Malware In Intel SGX Enclaves\",\"datePublished\":\"2019-02-12T17:37:55+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/researchers-hide-malware-in-intel-sgx-enclaves\/\"},\"wordCount\":704,\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/researchers-hide-malware-in-intel-sgx-enclaves\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/02\/researchers-hide-malware-in-intel-sgx-enclaves.jpg\",\"keywords\":[\"headline,hacker,malware,intel\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/researchers-hide-malware-in-intel-sgx-enclaves\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/researchers-hide-malware-in-intel-sgx-enclaves\/\",\"name\":\"Researchers Hide Malware In Intel SGX Enclaves 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/researchers-hide-malware-in-intel-sgx-enclaves\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/researchers-hide-malware-in-intel-sgx-enclaves\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/02\/researchers-hide-malware-in-intel-sgx-enclaves.jpg\",\"datePublished\":\"2019-02-12T17:37:55+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/researchers-hide-malware-in-intel-sgx-enclaves\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.threatshub.org\/blog\/researchers-hide-malware-in-intel-sgx-enclaves\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/researchers-hide-malware-in-intel-sgx-enclaves\/#primaryimage\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/02\/researchers-hide-malware-in-intel-sgx-enclaves.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/02\/researchers-hide-malware-in-intel-sgx-enclaves.jpg\",\"width\":1000,\"height\":430},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/researchers-hide-malware-in-intel-sgx-enclaves\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.threatshub.org\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,malware,intel\",\"item\":\"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackermalwareintel\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Researchers Hide Malware In Intel SGX Enclaves\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Researchers Hide Malware In Intel SGX Enclaves 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/researchers-hide-malware-in-intel-sgx-enclaves\/","og_locale":"en_US","og_type":"article","og_title":"Researchers Hide Malware In Intel SGX Enclaves 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/researchers-hide-malware-in-intel-sgx-enclaves\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2019-02-12T17:37:55+00:00","og_image":[{"width":1000,"height":430,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/02\/researchers-hide-malware-in-intel-sgx-enclaves.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/researchers-hide-malware-in-intel-sgx-enclaves\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/researchers-hide-malware-in-intel-sgx-enclaves\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Researchers Hide Malware In Intel SGX Enclaves","datePublished":"2019-02-12T17:37:55+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/researchers-hide-malware-in-intel-sgx-enclaves\/"},"wordCount":704,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/researchers-hide-malware-in-intel-sgx-enclaves\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/02\/researchers-hide-malware-in-intel-sgx-enclaves.jpg","keywords":["headline,hacker,malware,intel"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/researchers-hide-malware-in-intel-sgx-enclaves\/","url":"https:\/\/www.threatshub.org\/blog\/researchers-hide-malware-in-intel-sgx-enclaves\/","name":"Researchers Hide Malware In Intel SGX Enclaves 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/researchers-hide-malware-in-intel-sgx-enclaves\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/researchers-hide-malware-in-intel-sgx-enclaves\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/02\/researchers-hide-malware-in-intel-sgx-enclaves.jpg","datePublished":"2019-02-12T17:37:55+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/researchers-hide-malware-in-intel-sgx-enclaves\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/researchers-hide-malware-in-intel-sgx-enclaves\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/researchers-hide-malware-in-intel-sgx-enclaves\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/02\/researchers-hide-malware-in-intel-sgx-enclaves.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/02\/researchers-hide-malware-in-intel-sgx-enclaves.jpg","width":1000,"height":430},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/researchers-hide-malware-in-intel-sgx-enclaves\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,malware,intel","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackermalwareintel\/"},{"@type":"ListItem","position":3,"name":"Researchers Hide Malware In Intel SGX Enclaves"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/25201","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=25201"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/25201\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/25202"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=25201"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=25201"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=25201"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}