threat.wiki

Threat intelligence notes, group profiles, named-person records, and defensive guidance.

Recent entries

• Adblock for YouTube BadBlocker remote-script injection risk
• Backdoor.Mistic / KongTuke ModeloRAT activity
• macOS.Gaslight Rust backdoor
• Leo Platform npm Miasma-style compromise
• simonecorsi/mawesome GitHub Action compromise
• StrikeShark SharkLoader / Cobalt Strike campaign
• GitHub Actions deployment poisoning: Cordyceps CI/CD composition flaws
• codfish semantic-release-action tag compromise
• html-to-gutenberg / fetch-page-assets VS Code blockchain stealer
• StealC / Amadey infrastructure disruption

Sections

• Ops — campaign timelines, compromise chains, and sequencing
• Tools — malware, payloads, implants, and attacker infrastructure
• Groups — crews, cluster names, and shared operational personas
• People — publicly identified individuals or project personas when public sourcing supports it
• Patterns — reusable defender heuristics
• Notes — taxonomy, usage, and editorial guidance