threat.wiki

Threat intelligence notes, group profiles, named-person records, and defensive guidance.

Recent entries

• SHADOW-AETHER AI-augmented Latin America intrusions
• ServiceNow instance unauthenticated table-query exploitation
• Cloud logging control-plane tampering
• Arista EOS CVE-2026-7473 tunnel decapsulation exploitation
• Chrome V8 CVE-2026-11645 exploitation
• UAC-0226 / SHADOW-EARTH-066
• Gamaredon GammaPhish / GammaWorm / GammaSteel chain
• AI-brand impersonation phishing and malvertising
• Linux nftables CVE-2026-23111 public LPE exploits
• Microsoft Teams external-chat phishing

Sections

• Ops — campaign timelines, compromise chains, and sequencing
• Tools — malware, payloads, implants, and attacker infrastructure
• Groups — crews, cluster names, and shared operational personas
• People — publicly identified individuals or project personas when public sourcing supports it
• Patterns — reusable defender heuristics
• Notes — taxonomy, usage, and editorial guidance