threat.wiki

Threat intelligence notes, group profiles, named-person records, and defensive guidance.

Recent entries

• Browser-based developer IDE OAuth token theft
• Agent skill marketplace poisoning
• jqwik maintainer prompt-injection supply-chain pattern
• MCP stdio command-execution boundary
• Gamaredon GammaPhish / GammaWorm / GammaSteel chain
• Android Framework CVE-2025-48595 exploitation
• Linux Kernel CVE-2022-0492 cgroup release_agent exploitation
• Operation XENOFISCAL SideCopy XenoRAT campaign
• Operation FlutterBridge FlutterShell macOS malvertising
• WP Maps Pro CVE-2026-8732 exploitation

Sections

• Ops — campaign timelines, compromise chains, and sequencing
• Tools — malware, payloads, implants, and attacker infrastructure
• Groups — crews, cluster names, and shared operational personas
• People — publicly identified individuals or project personas when public sourcing supports it
• Patterns — reusable defender heuristics
• Notes — taxonomy, usage, and editorial guidance