threat.wiki

Threat intelligence notes, group profiles, named-person records, and defensive guidance.

Recent entries

• StealC / Amadey infrastructure disruption
• Cisco Unified CM CVE-2026-20230 file-write exploitation
• Thailand healthcare RAR / Python stealer campaign
• xlabs_v1 DDoS-for-hire IoT botnet
• WhatsApp VBScript ManageEngine RMM campaign
• Agent skill marketplace poisoning
• Ubiquiti UniFi OS CVE-2026-34908 / CVE-2026-34909 / CVE-2026-34910 exploitation
• Lantronix EDS5000 CVE-2025-67038 exploitation
• wshu.net npm credential-stealer campaign
• Langflow CVE-2026-33017 cryptominer SSH worm

Sections

• Ops — campaign timelines, compromise chains, and sequencing
• Tools — malware, payloads, implants, and attacker infrastructure
• Groups — crews, cluster names, and shared operational personas
• People — publicly identified individuals or project personas when public sourcing supports it
• Patterns — reusable defender heuristics
• Notes — taxonomy, usage, and editorial guidance