threat.wiki

Threat intelligence notes, group profiles, named-person records, and defensive guidance.

Recent entries

• Chrome V8 CVE-2026-11645 exploitation
• UAC-0226 / SHADOW-EARTH-066
• Gamaredon GammaPhish / GammaWorm / GammaSteel chain
• AI-brand impersonation phishing and malvertising
• Linux nftables CVE-2026-23111 public LPE exploits
• Microsoft Teams external-chat phishing
• gpt-pilot force-push attempt in the Miasma / Mini Shai-Hulud campaign
• LiteLLM CVE-2026-42271 MCP stdio command injection
• Quest KACE SMA CVE-2025-32975 exploitation
• Check Point VPN CVE-2026-50751 exploitation

Sections

• Ops — campaign timelines, compromise chains, and sequencing
• Tools — malware, payloads, implants, and attacker infrastructure
• Groups — crews, cluster names, and shared operational personas
• People — publicly identified individuals or project personas when public sourcing supports it
• Patterns — reusable defender heuristics
• Notes — taxonomy, usage, and editorial guidance