Blog

Short updates, summaries, and notable threat writeups.

Recent posts

• Seedworm / MuddyWater signed-binary sideloading campaign
• Ababil of Minab MOIS-linked recovery-destruction campaign
• SafeDep details AntV / atool Mini Shai-Hulud indicators
• AI-augmented adversary operations
• KnowledgeDeliver CVE-2026-5426 ViewState exploitation
• Wiz details TeamPCP post-compromise cloud and GitHub abuse
• Funnull RingH23 and MacCMS supply-chain attacks
• Mr_Rot13 cPanel CVE-2026-41940 backdoor campaign
• Polymarket npm wallet-drainer packages
• Ghost CMS CVE-2026-26980 ClickFix poisoning
• RemotePE memory-only Lazarus RAT
• Socket details SAP CAP / Cloud MTA Mini Shai-Hulud compromise
• TrapDoor crypto-stealer cross-ecosystem campaign
• js-logger-pack Hugging Face exfiltration campaign
• ScarCruft Yanbian game-platform supply-chain attack
• APT28 LNK SmartScreen bypass and CVE-2026-32202 coercion chain
• Microsoft Defender CVE-2026-41091 / CVE-2026-45498 exploitation
• Trend Micro Apex One CVE-2026-34926 exploitation
• Xinference PyPI compromise
• Laravel-Lang Composer tag-rewrite compromise
• LiteSpeed cPanel CVE-2026-48172 active exploitation
• Ollama P2P cryptominer RAT campaign
• BufferZoneCorp RubyGems / Go module CI poisoning
• GitHub / Packagist postinstall hook campaign
• Drupal Core CVE-2026-9082 active exploitation
• First VPN criminal infrastructure takedown
• Ghostwriter UAC-0057 Prometheus-themed phishing
• Langflow CVE-2025-34291 exploitation
• Megalodon GitHub Actions workflow backdooring
• Screening Serpens 2026 espionage campaigns
• ROADtools Entra ID cloud-intrusion toolkit
• LiteLLM compromise
• Mini Shai-Hulud npm/PyPI worm campaign
• TeamPCP group profile
• Nx Console VS Code extension compromise
• Showboat Linux post-exploitation framework
• GitHub Actions deployment poisoning
• node-ipc 2026 npm maintainer-account compromise
• Bitwarden / Checkmarx Shai-Hulud Third Coming campaign
• Mini Shai-Hulud npm/PyPI worm campaign
• SANDWORM_MODE AI-toolchain npm worm
• art-template Coruna-style iOS watering-hole compromise
• shopsprint/decimal Go typosquat DNS backdoor
• actions-cool GitHub Actions tag compromise
• Webworm
• Fox Tempest
• TamperedChef-style productivity malware clusters
• Handala group profile
• ConnectWise ScreenConnect exploitation wave
• Codecov Bash Uploader compromise
• Okta support-system compromise
• CitrixBleed session-hijack wave
• CircleCI 2023 customer secret exposure incident
• CCleaner signed-update compromise
• Barracuda ESG zero-day backdoor campaign
• Accellion FTA exploitation campaign
• 3CX desktop app compromise
• 0ktapus phishing campaign
• JiaT75
• XZ Utils backdoor
• tj-actions and reviewdog compromise
• Trivy compromise