threat.wiki

Threat intelligence notes, group profiles, named-person records, and defensive guidance.

Recent entries

• UNC3753
• TeamPCP
• Cisco Catalyst SD-WAN Manager CVE-2026-20245 exploitation
• SolarWinds Serv-U CVE-2026-28318 exploitation
• Claude Code GitHub Action prompt-injection boundary
• binding.gyp npm CI/CD worm
• PAN-OS GlobalProtect CVE-2026-0257 exploitation
• OP-512
• Everest Forms Pro CVE-2026-3300 exploitation
• PCPJack cloud SMTP relay network

Sections

• Ops — campaign timelines, compromise chains, and sequencing
• Tools — malware, payloads, implants, and attacker infrastructure
• Groups — crews, cluster names, and shared operational personas
• People — publicly identified individuals or project personas when public sourcing supports it
• Patterns — reusable defender heuristics
• Notes — taxonomy, usage, and editorial guidance