threat.wiki

Threat intelligence notes, group profiles, named-person records, and defensive guidance.

Recent entries

• Claude Code GitHub Action prompt-injection boundary
• Stock exchange executive mailbox espionage
• Operation GriefLure Southeast Asia LNK dropper
• binding.gyp npm CI/CD worm
• UNC6692 SNOW malware social-engineering campaign
• faster-axios / turbo-axios Epsilon Stealer npm campaign
• IronWorm npm Rust infostealer campaign
• Mirasvit Cache Warmer CVE-2026-45247 exploitation
• Browser-based developer IDE OAuth token theft
• Agent skill marketplace poisoning

Sections

• Ops — campaign timelines, compromise chains, and sequencing
• Tools — malware, payloads, implants, and attacker infrastructure
• Groups — crews, cluster names, and shared operational personas
• People — publicly identified individuals or project personas when public sourcing supports it
• Patterns — reusable defender heuristics
• Notes — taxonomy, usage, and editorial guidance