threat.wiki

Threat intelligence notes, group profiles, named-person records, and defensive guidance.

Recent entries

• Malicious infrastructure provider concentration
• Gravity SMTP CVE-2026-4020 exploitation
• Operation Endgame SocGholish disruption
• FortiBleed Fortinet credential exposure: Unit 42 cross-service password-spray update
• The Gentlemen ransomware: GentleKiller EDR-killer framework update
• JetBrains AI plugin API-key theft
• Ababil of Minab MOIS-linked recovery-destruction campaign: Hunt.io exposed-staging follow-up
• Klue Salesforce OAuth token abuse
• npm install explicit-trust controls: developer package-config drift update
• Agent localhost control-plane RCE

Sections

• Ops — campaign timelines, compromise chains, and sequencing
• Tools — malware, payloads, implants, and attacker infrastructure
• Groups — crews, cluster names, and shared operational personas
• People — publicly identified individuals or project personas when public sourcing supports it
• Patterns — reusable defender heuristics
• Notes — taxonomy, usage, and editorial guidance