threat.wiki

Threat intelligence notes, group profiles, named-person records, and defensive guidance.

Recent entries

• Gamaredon GammaPhish / GammaWorm / GammaSteel chain
• Android Framework CVE-2025-48595 exploitation
• Linux Kernel CVE-2022-0492 cgroup release_agent exploitation
• Operation XENOFISCAL SideCopy XenoRAT campaign
• Operation FlutterBridge FlutterShell macOS malvertising
• WP Maps Pro CVE-2026-8732 exploitation
• Oracle WebLogic CVE-2024-21182 exploitation
• Operation Dragon Weave Azure Blob C2 campaign
• Miasma RedHat Cloud Services npm wave
• Cloud Atlas PowerCloud / reverse-tunnel campaign

Sections

• Ops — campaign timelines, compromise chains, and sequencing
• Tools — malware, payloads, implants, and attacker infrastructure
• Groups — crews, cluster names, and shared operational personas
• People — publicly identified individuals or project personas when public sourcing supports it
• Patterns — reusable defender heuristics
• Notes — taxonomy, usage, and editorial guidance