threat.wiki

Threat intelligence notes, group profiles, named-person records, and defensive guidance.

Recent entries

• Sentry MCP Agentjacking
• LangGraph checkpointer injection and unsafe deserialization
• Solana FakeFix npm / PyPI developer stealer
• Oracle PeopleSoft CVE-2026-35273 ShinyHunters exploitation
• ShinyHunters
• Ivanti Sentry CVE-2026-10520 exploitation
• GitHub Actions OIDC subject-claim collisions
• OceanLotus
• JDY SOHO / IoT reconnaissance botnet
• PAN-OS GlobalProtect CVE-2026-0257 exploitation
• SHADOW-AETHER AI-augmented Latin America intrusions

Sections

• Ops — campaign timelines, compromise chains, and sequencing
• Tools — malware, payloads, implants, and attacker infrastructure
• Groups — crews, cluster names, and shared operational personas
• People — publicly identified individuals or project personas when public sourcing supports it
• Patterns — reusable defender heuristics
• Notes — taxonomy, usage, and editorial guidance