threat.wiki

Threat intelligence notes, group profiles, named-person records, and defensive guidance.

Recent entries

• Amazon Q CVE-2026-12957 MCP auto-execution
• Linux pedit COW CVE-2026-46331 local privilege escalation
• Linux DirtyClone CVE-2026-43503 local privilege escalation
• Turla STOCKSTAY backdoor operations
• Photo ZIP hospitality Node.js implant campaign
• Malicious infrastructure provider concentration: Hunt.io Eastern Europe C2 sprawl update
• CL-STA-1062 Southeast Asia government and energy intrusions
• Leo Platform npm Miasma-style compromise: Sonatype affected-package clarification
• PTC Windchill / FlexPLM CVE-2026-12569 exploitation
• Leo Platform npm Miasma-style compromise: Socket Go/source-repository expansion
• Adblock for YouTube BadBlocker remote-script injection risk
• Backdoor.Mistic / KongTuke ModeloRAT activity

Sections

• Ops — campaign timelines, compromise chains, and sequencing
• Tools — malware, payloads, implants, and attacker infrastructure
• Groups — crews, cluster names, and shared operational personas
• People — publicly identified individuals or project personas when public sourcing supports it
• Patterns — reusable defender heuristics
• Notes — taxonomy, usage, and editorial guidance