threat.wiki

Threat intelligence notes, group profiles, named-person records, and defensive guidance.

Recent entries

• wshu.net npm credential-stealer campaign
• Agent skill marketplace poisoning
• Langflow CVE-2026-33017 cryptominer SSH worm
• Fake-reputation crypto clipboard hijacker
• Cloud bucket namespace hijacking
• AI-agent memory poisoning
• Storm-2603 parallel SharePoint ransomware intrusion
• postcss-minify-selector-parser npm RAT
• FFmpeg PixelSmash CVE-2026-8461 media-file RCE
• AryStinger legacy-router recon proxy network

Sections

• Ops — campaign timelines, compromise chains, and sequencing
• Tools — malware, payloads, implants, and attacker infrastructure
• Groups — crews, cluster names, and shared operational personas
• People — publicly identified individuals or project personas when public sourcing supports it
• Patterns — reusable defender heuristics
• Notes — taxonomy, usage, and editorial guidance