threat.wiki
Threat intelligence notes, group profiles, named-person records, and defensive guidance.
Recent entries
- Suspected Chinese operators use Claude Code and DeepSeek in government intrusions
- AsyncAPI Miasma: Microsoft pwn-request root-cause and Defender detection update
- AsyncAPI Miasma
miasma-train-p1: Unit 42 AI/editor-driven execution and canary-propagation update - OkoBot cryptocurrency-wallet malware framework
- KNX Protocol CVE-2023-4346 KEV exploitation
- Oracle E-Business Suite CVE-2026-46817 exploitation: CISA KEV update
- Cursor Windows workspace-path binary hijack
- TuxBot v3 Evolution IoT botnet framework
- Patriot Bait AI-assisted C2 botnet
- NuGet game-cheat DotnetTool pepesoft campaign
Sections
- Ops — campaign timelines, compromise chains, and sequencing
- Tools — malware, payloads, implants, and attacker infrastructure
- Groups — crews, cluster names, and shared operational personas
- People — publicly identified individuals or project personas when public sourcing supports it
- Patterns — reusable defender heuristics
- Notes — taxonomy, usage, and editorial guidance