threat.wiki

Threat intelligence notes, group profiles, named-person records, and defensive guidance.

Recent entries

• Check Point VPN CVE-2026-50751 exploitation
• UNK_DeadDrop developer repository phishing
• VerdantBamboo appliance BRICKSTORM operation
• VerdantBamboo
• Hades graph-ML PyPI import-hook wave in the Miasma / Mini Shai-Hulud campaign
• Hades PyPI wheel wave in the Miasma / Mini Shai-Hulud campaign
• Hunt.io global smishing infrastructure campaign
• Oman government Iranian-nexus webshell C2
• MiniPlasma Windows Cloud Filter LPE exploitation
• Telnyx PyPI TeamPCP compromise

Sections

• Ops — campaign timelines, compromise chains, and sequencing
• Tools — malware, payloads, implants, and attacker infrastructure
• Groups — crews, cluster names, and shared operational personas
• People — publicly identified individuals or project personas when public sourcing supports it
• Patterns — reusable defender heuristics
• Notes — taxonomy, usage, and editorial guidance