threat.wiki

Threat intelligence notes, group profiles, named-person records, and defensive guidance.

Recent entries

• Klue Salesforce OAuth token abuse
• npm install explicit-trust controls: developer package-config drift update
• Agent localhost control-plane RCE
• GHOST STADIUM FIFA World Cup ticket phishing
• GitHub Actions deployment poisoning: checkout and trigger hardening update
• procwire / routecraft npm Windows dropper
• Splunk Enterprise CVE-2026-20253 KEV exploitation update
• AI scanner anti-analysis
• Vertex AI staging-bucket squatting
• Mastra easy-day-js npm scope compromise: Microsoft follow-up

Sections

• Ops — campaign timelines, compromise chains, and sequencing
• Tools — malware, payloads, implants, and attacker infrastructure
• Groups — crews, cluster names, and shared operational personas
• People — publicly identified individuals or project personas when public sourcing supports it
• Patterns — reusable defender heuristics
• Notes — taxonomy, usage, and editorial guidance