threat.wiki

Threat intelligence notes, group profiles, named-person records, and defensive guidance.

Recent entries

• Splunk Enterprise CVE-2026-20253 pre-auth file write / RCE
• Operation Highland Velvet Ant authentication-stack backdoors
• Velvet Ant
• Chrome live-wallpaper extension ad-fraud network
• Atomic Arch AUR package hijack
• PAN-OS GlobalProtect CVE-2026-0257 exploitation
• Astro config blockchain C2 PR injection
• Void Dokkaebi
• Sentry MCP Agentjacking
• LangGraph checkpointer injection and unsafe deserialization
• Solana FakeFix npm / PyPI developer stealer

Sections

• Ops — campaign timelines, compromise chains, and sequencing
• Tools — malware, payloads, implants, and attacker infrastructure
• Groups — crews, cluster names, and shared operational personas
• People — publicly identified individuals or project personas when public sourcing supports it
• Patterns — reusable defender heuristics
• Notes — taxonomy, usage, and editorial guidance