threat.wiki

Threat intelligence notes, group profiles, named-person records, and defensive guidance.

Recent entries

• Vertex AI staging-bucket squatting
• Mastra easy-day-js npm scope compromise: Microsoft follow-up
• LiteSpeed cPanel Plugin CVE-2026-54420 exploitation
• Joomla JCE CVE-2026-48907 exploitation
• Glassworm developer supply-chain botnet
• Crypto Clipper Tor / USB worm
• Mastra easy-day-js npm scope compromise
• Crypto supply-chain path to transaction authority
• Mr_Rot13 cPanel CVE-2026-41940 backdoor campaign
• Outsider Enterprise smishing PhaaS

Sections

• Ops — campaign timelines, compromise chains, and sequencing
• Tools — malware, payloads, implants, and attacker infrastructure
• Groups — crews, cluster names, and shared operational personas
• People — publicly identified individuals or project personas when public sourcing supports it
• Patterns — reusable defender heuristics
• Notes — taxonomy, usage, and editorial guidance