threat.wiki

Threat intelligence notes, group profiles, named-person records, and defensive guidance.

Recent entries

• UNC6508
• SprySOCKS Windows backdoor variants
• FishMonger
• ClickOnce COM hijacking abuse
• Agent localhost control-plane RCE: AutoJack PyPI pre-release caveat
• @withgoogle/stitch-sdk scope squat
• Malicious infrastructure provider concentration
• Gravity SMTP CVE-2026-4020 exploitation
• Operation Endgame SocGholish disruption
• FortiBleed Fortinet credential exposure: Arctic Wolf impact-count update

Sections

• Ops — campaign timelines, compromise chains, and sequencing
• Tools — malware, payloads, implants, and attacker infrastructure
• Groups — crews, cluster names, and shared operational personas
• People — publicly identified individuals or project personas when public sourcing supports it
• Patterns — reusable defender heuristics
• Notes — taxonomy, usage, and editorial guidance