Source index
Feeds and primary sources we consider worth monitoring for future threat coverage.
High-value RSS / update feeds
- Sonatype Security Research — https://www.sonatype.com/blog/rss.xml (RSS watch; monitor package-registry and ecosystem compromise research such as Atomic Arch AUR orphan-package adoption, malicious npm dependency pivots like
atomic-lockfile/js-digest/lockfile-js, Sonatype vulnerability guide entries, and Shai-Hulud / Miasma supply-chain follow-ups such as Leo Platform / RStreams package clarification,llxlrpackage confirmation, andSonatype-2026-004261-style advisory pivots) - Aikido Security Research — https://www.aikido.dev/blog/index.xml (HTML/RSS watch; monitor developer-machine, AI-toolchain, VS Code / extension, Codex-token, and package supply-chain compromises such as
codexui-androidOpenAI token theft, poisoned extensions, Laravel-Lang, and Mini Shai-Hulud follow-ups) - QiAnXin XLab — https://blog.xlab.qianxin.com/ (HTML watch; monitor large-scale exploitation, botnet, ClickFix/page-poisoning, hosting-control-plane abuse such as Mr_Rot13 cPanel CVE-2026-41940, infrastructure writeups such as Ghost CMS CVE-2026-26980 mass compromise reports, recon/proxy botnets such as AryStinger legacy-router and QNAP Malware Remover exploitation, DDoS botnets such as RustDuck's Loader + Core transition from C to Rust with weak-password / IoT / Web-RCE propagation, and cybercrime-infrastructure / web-supply-chain reports such as Funnull RingH23 / MacCMS poisoning)
- Wiz Research — https://www.wiz.io/blog (HTML watch; prior RSS path returned 404 in current checks; monitor TeamPCP/Mini Shai-Hulud package waves including Miasma /
@redhat-cloud-services, JINX-0164-style cryptocurrency developer targeting with fake meeting flows, macOS malware, GitHub/source-repository abuse, and post-compromise cloud/GitHub abuse reporting such as TruffleHog validation, ECS Exec / SSM execution, mass repository cloning, and workflow-log deletion; also monitor AI coding-assistant trust-boundary research such as Amazon Q Developer CVE-2026-12957 MCP auto-execution through.amazonq/mcp.jsonworkspace configuration) - Socket Security Research — https://socket.dev/api/blog/feed.atom and https://socket.dev/blog (Atom/HTML watch; monitor Shai-Hulud/Mini Shai-Hulud variants, registry-response notices such as npm token invalidation, TeamPCP/copycat reporting, enterprise developer-ecosystem compromises such as SAP CAP / Cloud MTA packages, cross-ecosystem Packagist/Composer and GitHub source-repository compromises, DPRK/Contagious Interview developer-targeting dead-drop campaigns such as StegaBin Pastebin/Vercel payload delivery, Famous Chollima Packagist dev-branch loaders, and PolinRider expansion across npm, Packagist, Go modules, Chrome extensions, fake
.woff2loaders, VS CodefolderOpentasks, Git history rewriting, and blockchain/RPC C2, RubyGems abuse such as GemStuffer or BufferZoneCorp-style RubyGems/Go module CI poisoning, Laravel-Lang-style Composer tag rewrites/backdoors, financial/enterprise SDK impersonation such as Sicoob.Sdk NuGet mTLS certificate theft, high-blast-radius package compromises such as Axios pullingplain-crypto-jsRAT payloads and Mastra@mastra/*packages pullingeasy-day-js, Hades-style PyPI wheel startup-hook branches of Miasma / Mini Shai-Hulud using*-setup.pth, Bun,_index.js,.abi3.sonative extensions, and split loaders such aslangchain-core-mcp, Leo Platform / Miasma follow-ups such asllxlrpackage expansion, Immobiliare Labs Backstage plugin compromise, and Verana Blockchain Go source-repository poisoning through.claude//.vscode/hooks, AI-toolchain supply-chain tradecraft such as MCP/coding-assistant poisoning and TrapDoor-style npm/PyPI/Crates.io credential-stealer campaigns, AI-scanner anti-analysis such as prompt-injection comments, safety-triggering text, context flooding, and payload-after-noise layouts, Open VSX / VS Code extension abuse such as GlassWASM TinyGo/WebAssembly malware with Solana memo C2, and browser-extension abuse such as Chrome Web Store live-wallpaper ad-fraud / traffic-laundering networks and staged VPN/proxy extension clipboard stealers such as VPN Go) - OX Security Research — https://www.ox.security/blog/ (HTML watch; monitor AI-toolchain and software-supply-chain malware such as Malware-Slop /
mouse5212-super-formatter, Claude/mnt/user-datatheft, GitHub Contents API exfiltration, leaked actor tokens, Shai-Hulud source-leak copycats such aschalk-tempalte/axois-utils/color-style-utils, TeamPCP follow-ons such as the Telnyx PyPI compromise after LiteLLM, Miasma /@redhat-cloud-servicesimpact notes such as stolen-repository counts, earliest observed infection timing, six-stage loader loops, alternateMiasma : The Spreading Blightspacing, andfiredalazerGitHub commit-search C2, MCP / AI-agent supply-chain trust-boundary research such as stdio command-execution configuration exposure, and AI-generated commodity npm malware tradecraft) - CrowdStrike Counter Adversary Operations — https://www.crowdstrike.com/en-us/blog/ (HTML watch; monitor developer-targeting botnet and supply-chain disruption reporting such as Glassworm, C2 takedowns, package/extension compromise, endpoint remediation guidance, and Windows execution/persistence research such as ClickOnce
.application/.appref-msabuse and HKCU COM hijacking) - Akamai Security Research — https://www.akamai.com/blog/security-research (HTML watch; RSS blocked/unavailable in current checks; monitor active-exploitation and edge/WAF telemetry writeups such as Drupal CVE-2026-9082, exposed-AI-service abuse such as Ollama P2P cryptominer/RAT campaigns, APT exploit-chain analysis such as APT28 LNK / SmartScreen bypass / authentication-coercion findings, and infrastructure/botnet disruption notes)
- SafeDep Research — https://safedep.io/blog (HTML watch; monitor CI/CD, GitHub repository backdooring, package-registry compromise, Megalodon-style workflow backdoors, crypto/AI-tooling package malware such as Polymarket-themed wallet-drainer npm packages, actively maintained developer-targeting npm RATs such as forge-jsxy, MicrosoftSystem64 / js-logger-pack, and MYRA /
apintergrationpost, Hugging Face / Discord exfiltration, typosquat infostealer campaigns such asfaster-axios/turbo-axiosEpsilon Stealer, AI-brand scope-squatting credential harvesters such as@withgoogle/stitch-sdk, targeted dependency-confusion environment stealers such as theoob.moika.techcampaign and follow-on@marketfront/@tqm-mfepackage waves withInternal package — Platform Engineering TeamREADME markers,X-Secretexfil headers, RC4/XOR-hidden C2 configuration, and private-registry fallback targeting, build-config PR injection such asastro.config.mjsblockchain-C2 loaders and horizontal-whitespace diff hiding, Mastra /easy-day-js-style stale npm maintainer scope takeovers with provenance dropped and Hostwinds raw-IP RAT infrastructure, split-package Windows npm droppers such asprocwire/routecraftwith helper-package XOR C2 reconstruction andfiles.catbox.moepayload staging, multi-scope disposable-email npm infostealer campaigns such as thewshu.netpackage set with scrubbed latest tags, runtime execution, Rust stealers, user-level systemd persistence, and Telegram C2, and Mini Shai-Hulud / AntV / Miasma-style detection pivots such as payload hashes, orphan GitHub commit delivery, two-wave trusted-publishing abuse, live-latest malicious releases,kitty-monitor,gh-token-monitor, AI-assistant persistence, and source-repository auto-execution through Claude Code / GeminiSessionStart, CursoralwaysApply, VS CodefolderOpen, andnpm testlaunchers) - Lumen Black Lotus Labs — https://www.lumen.com/blog/en-us/ (HTML watch; filter for Black Lotus Labs posts covering telecom, routing, botnet, and nation-state infrastructure research such as JDY / KV-botnet SOHO and IoT reconnaissance networks)
- Snyk Blog / Security Research — https://snyk.io/blog/feed/ (watch Mini Shai-Hulud/TeamPCP follow-ups, registry-scale advisories, package-level vulnerability records, stale-maintainer npm scope compromises such as Mastra /
easy-day-js, Composer/Packagist incident-response updates such as Laravel-Lang all-version compromise advisories, and AI-agent supply-chain boundary cases such as jqwik 1.10.0 maintainer prompt injection through build/test output, developer-environment MCP / skill inventory risk, and ToxicSkills-style public skill measurements) - JFrog Security Research — https://research.jfrog.com/ (HTML watch; monitor TeamPCP/Mini Shai-Hulud follow-ups, PyPI import-time compromises such as Xinference and durabletask, optional-dependency GitHub-commit delivery, cloud/Kubernetes lateral-movement payload evolution, malicious developer/AI packages abusing platforms such as Hugging Face for CDN/exfiltration or prompt theft, cryptocurrency-developer package lures such as Solana FakeFix npm/PyPI patched-SDK packages, GitHub issue spam, Telegram C2, fake MEV private-key prompts, and Deno loader persistence, PostCSS-themed npm impersonation such as
postcss-minify-selector-parser/aes-decode-runner-proleading to PowerShell and Nuitka Windows RATs, Rollup polyfill masquerading packages such asrollup-packages-polyfill-core/rollup-runtime-polyfill-corewith JSONKeeper staging, browser/wallet theft, and Socket.IO / node-pty remote access, package-directory editor-task execution such ashtml-to-gutenberg/fetch-page-assetshiding VS CodefolderOpentasks behind fake font assets and blockchain dead drops, Miasma /@redhat-cloud-servicesfollow-up indicators such as type-only package install hooks, GitHub commit-search C2, camouflage exfil destinations, and AI-scanner prompt-injection / refusal-evasion samples, plus IronWorm-style native Rust npm infostealers with eBPF rootkits, Tor C2, backdated GitHub commits, and trusted-publishing propagation; also monitor high-signal Linux/container-host vulnerability research such as DirtyClone / CVE-2026-43503 DirtyFrag-family local privilege escalation) and JFrog Blog RSS https://jfrog.com/blog/feed/ (watch npm v12 explicit-trust install controls such asallowScripts,--allow-git, and--allow-remote, broad dependency RCE research such as FFmpeg PixelSmash / CVE-2026-8461 media-file processing exposure, and agent-plugin repository governance where MCP definitions, hooks, slash commands, subagents, and skills are treated as executable supply-chain artifacts rather than settings) - Unit 42 Research — https://unit42.paloaltonetworks.com/feed/ (watch recurring npm threat-landscape updates for Shai-Hulud/Mini Shai-Hulud wave metrics, SLSA/OIDC findings, containment-order warnings, cloud-identity tradecraft such as ROADtools / Entra ID abuse, cloud-control-plane defense-evasion research such as AWS CloudTrail / Google Cloud Logging route, destination, and KMS tampering, cross-cloud storage namespace risks such as bucket hijacking through deleted/recreated object-storage destinations, high-signal actor updates such as Screening Serpens / MiniUpdate / MiniJunk and CL-STA-1062 / UAT-7237 Southeast Asia government and critical-energy intrusions with TinyRCT, collaboration-tool phishing / identity guidance such as Microsoft Teams external-chat abuse and federation hardening, large-scale credential campaigns such as FortiBleed cross-service password spraying against Fortinet / Sophos / MSSQL and configuration-theft feedback loops, cybercrime-economy updates that add durable TeamPCP / TGR-CRI-1135 monetization context such as LAPSUS$ / Vect extortion partnerships or public Shai-Hulud tooling claims, AI-agent skill supply-chain research such as Behavioral Integrity Verification for OpenClaw registry skills and ClawHub follow-ups covering unblocked macOS infostealer skills, scanner file-padding evasion, runtime affiliate injection, and agentic front-running, AI-hallucination supply-chain research such as Phantom Squatting where models invent domains that adversaries can pre-register for phishing, API/documentation poisoning, and autonomous-agent traffic capture, cloud-AI model lifecycle flaws such as Vertex AI default staging-bucket squatting / Pickle in the Middle, and macOS malvertising/backdoor evolution such as CL-CRI-1089 Operation FlutterBridge / FlutterShell)
- Trend Micro Research — https://www.trendmicro.com/en_us/research.html (HTML watch; monitor active-exploitation, AI-augmented intrusion, developer-targeting malware, banking malware, and Ukraine/Russia-aligned updates such as Void Dokkaebi / Famous Chollima Cython-compiled InvisibleFerret and BeaverTail evolution, WinRAR CVE-2025-8088 reuse by Earth Dahu / Gamaredon and UAC-0226 / SHADOW-EARTH-066, GIFTEDCROOK evolution, managed-software patch blind spots, SHADOW-AETHER agentic-AI tunneling / lateral-movement campaigns in Latin America, PeopleSoft / PeopleTools exploitation chain analysis such as PSIGW-to-PSEMHUB SSRF, XMLDecoder restart-triggered execution, and in-JVM observability gaps, exposed-AI-application exploitation such as Langflow CVE-2026-33017 cryptominer / SSH-worm delivery, Banana RAT / SHADOW-WATER-063 Brazilian banking-fraud tooling with Pix QR interception and polymorphic PowerShell builds, and distinct post-exploitation chains sharing a common exploit entry point)
- ESET WeLiveSecurity / ESET Research — https://www.welivesecurity.com/en/eset-research/ (HTML/RSS watch; monitor actor campaigns, supply-chain attacks against regional software ecosystems, and new malware/tooling such as OceanLotus / APT32 FireAnt MetaKit supply-chain delivery of SPECTRALVIPER, FishMonger / SprySOCKS Windows variants with kernel-driver stealth, ScarCruft BirdCall Android, FrostyNeighbor/Ghostwriter PicassoLoader chains, GopherWhisper Go tooling, mobile MaaS/RAT reporting such as BTMOB, ransomware defense-impairment tooling such as The Gentlemen / GentleKiller EDR-killer framework and rapid BYOVD PoC adoption, and Ukraine/Russia espionage retrospectives such as Gamaredon 2025 tunnel/worker/dead-drop/cloud-storage exfiltration tradecraft and Gamaredon / Turla collaboration caveats)
- Sekoia.io Threat Research — https://blog.sekoia.io/ (HTML watch; monitor Russia-linked espionage, Gamaredon/UAC-0010 malware chains, dead-drop resolver tradecraft, USB/network-share propagation, and durable malware-family taxonomy such as GammaPhish, GammaLoad, GammaWorm, and GammaSteel; also monitor joint YesWeHack / Sekoia vulnerability-researcher supply-chain reporting such as ChocoPoC fake PoC repositories, PyPI dependency trojanization, native-extension loaders, Python
.pthpersistence, and Mapbox dead-drop resolvers) - Seqrite Labs / APT Team — https://www.seqrite.com/blog/ (HTML watch; monitor targeted espionage and sector-focused malware writeups with concrete malware chains and infrastructure such as Operation DragonReturn India tax-season Ministry of Finance / Income Tax Department impersonation, DcRAT-style multi-stage loaders,
MixedSvcWindows service persistence,background.jpgpayload containers, China-nexus attribution caveats, Operation Dragon Weave, RUSTCLOAK, AZUREVEIL, Adaptix C2, Azure Blob Storage dead-drop C2, Czech Republic / Taiwan lures, Operation XENOFISCAL / SideCopy XenoRAT chains, Operation GriefLure Southeast Asia LNK / ftp.exe droppers, Thailand healthcare RAR / Rouki-obfuscated batch / Python-stealer campaigns, and attribution-confidence caveats) - Acronis Threat Research Unit — https://www.acronis.com/en/tru/posts/ (HTML watch; monitor actor/campaign/tool reporting with concrete malware chains and SaaS-abuse pivots, such as Mustang Panda India government / hydropower targeting with SHARDLOADER, MINIRECON, ZOHOMURK, Solid PDF Creator DLL sideloading, Zoho WorkDrive C2 and exfiltration, and CERT-In coordination)
- Microsoft Security Blog — https://www.microsoft.com/en-us/security/blog/ and https://www.microsoft.com/en-us/security/blog/feed/ (HTML/RSS watch; monitor actor/campaign/tool reporting such as AI-chatbot/search-poisoned utility downloads, AI-brand impersonation phishing and malvertising, AI-branded browser-extension search interception such as Perplexity AI-spoofing Chromium MV3 /
declarativeNetRequestsearch hijackers, ScreenConnect abuse, SimpleRunPE/RuntimeHost GPU cryptojacking, edge-appliance intrusion chains, ransomware tooling such as Storm-2697 / The Gentlemen self-propagating Go encryptor, parallel-intrusion case studies such as Storm-2603 SharePoint-focused ransomware activity overlapping an unnamed actor's DLL sideloading and NTDS theft, commodity malware and disruption writeups such as StealC / Amadey infostealer-loader infrastructure takedowns with browser-cookie / App-Bound Encryption bypass / scheduled-task / RDP / hidden-admin detail, Tor-routed cryptocurrency malware such as the Crypto Clipper USB /.lnkworm, hospitality phishing and Node.js implant campaigns such as Photo ZIP abuse of Calendly / Google redirect laundering, Claude Code GitHub Action / AI-agent CI/CD trust-boundary cases such as/proc/self/environRead-tool exposure, AutoJack-style local agent / localhost control-plane RCE patterns including PyPI pre-release exposure caveats, agent-memory poisoning / delayed tool-execution defenses such as provenance, memory audit logs, andMemoryUpdatedtelemetry, MCP / acting-agent supply-chain trust boundaries such as poisoned tool descriptions that exfiltrate business data through already-approved tools, and npm supply-chain campaigns such as Miasma / Red Hat npm trusted-publishing abuse, Sapphire Sleet-attributed Mastra /easy-day-jspostinstall compromise,vpmdhajOpenSearch / Elasticsearch typosquats, oroob.moika.techdependency-confusion clusters that profile developers, steal environment context, and abuse lifecycle hooks / Bun-runtime loaders) - Microsoft Edge Vulnerability Research / Edge Extensions Security Team — https://microsoftedge.github.io/edgevr/ (HTML watch; monitor browser-extension ecosystem compromise and Edge Add-ons response writeups such as StegoAd, where malicious extensions hid JavaScript in PNG/WebP/WOFF2 assets, delayed execution, used server-side validation, stole Google / WordPress credentials and cookies, and monetized through ad fraud / affiliate hijacking)
- Broadcom / Symantec Threat Intelligence — https://www.security.com/threat-intelligence (HTML watch; monitor incident-response-backed actor tradecraft such as Seedworm / MuddyWater Node.js-orchestrated PowerShell, signed-binary DLL sideloading, ChromElevator browser theft, Deno/Python backdoors such as Dindoor and Fakeset, Rclone-to-Wasabi exfiltration, Backblaze staging, and public file-transfer exfiltration, cybercrime access-broker tooling such as Backdoor.Mistic / MLTBackdoor, Woodgnat / KongTuke, ModeloRAT, ClickFix delivery, MpExtMs.exe / EndpointDlp.dll sideloading, and Qilin-linked ransomware access, plus high-consequence tool research such as Fast16 LS-DYNA / AUTODYN nuclear-simulation sabotage)
- WatchGuard Secplicity / Threat Lab — https://www.watchguard.com/wgrd-security-hub/secplicity-blog (HTML watch; monitor regional malware and fraud operations such as Grandoreiro campaigns using DLL sideloading, WebRTC/STUN/ICE communications camouflage, cloud-service abuse, and anti-analysis checks)
- LevelBlue SpiderLabs — https://www.levelblue.com/blogs/spiderlabs-blog (HTML watch; monitor malware/tooling research with durable cross-platform defender value, such as QuimaRAT Java RAT MaaS analysis covering Windows / Linux / macOS persistence, Netty C2, plugin loading, fileless execution, and concrete IOC sets)
- Arctic Wolf Labs — https://arcticwolf.com/resources/blog/ (HTML watch; monitor incident-response-backed exploitation, identity-first phishing, and malware-delivery reporting such as Kali365 OAuth device-code PhaaS expansion across Microsoft / Okta / Xerox / MAX Messenger lures, FortiClient EMS CVE-2026-35616 abuse to push EKZ Infostealer through endpoint-management policy and fake Fortinet patch workflows, PAN-OS GlobalProtect CVE-2026-0257 follow-on intrusion detail such as unauthorized VPN tunnels followed by Impacket-style SMB / NTLM reconnaissance, and ransomware-affiliate tradecraft such as Anubis intrusions using CitrixBleed 2 / CVE-2025-5777, valid VPN credentials, RMM tools, cloudflared, authenticated proxies, SSH SOCKS tunnels, and backup/NAS targeting)
- Blackpoint Cyber — https://blackpointcyber.com/blog/ (HTML watch; monitor incident-response-backed RMM, identity, loader, ransomware, and infostealer intrusion chains such as SimpleHelp CVE-2026-48558 exploitation leading to TaskWeaver Node.js loader deployment and Djinn Stealer collection of cloud, source-control, package-registry, AI-assistant, SSH, browser, and wallet secrets, plus Avalon / CrownX-style legal-lure ISO/LNK/MSBuild malware frameworks that combine credential theft, EDR-aware evasion, recovery disruption, and ransomware)
- Ransom-ISAC — https://ransom-isac.org/blog/ (HTML watch for public ransomware and data-extortion case studies with negotiation transcripts, payment-flow analysis, actor-brand caveats, and public-sector defender lessons such as Kairos data-only extortion where no encryptor/locker sample was verified)
- eSentire TRU advisories — https://www.esentire.com/security-advisories (HTML watch; monitor incident-response-backed active-exploitation advisories and edge-appliance exploitation telemetry such as Progress Kemp LoadMaster CVE-2026-8037 attempts, FortiBleed credential exposure, and concrete IOC / affected-version updates)
- Kaspersky Securelist — https://securelist.com/ (HTML/RSS watch; monitor supply-chain compromises, signed-binary backdoors, RAT tooling, Windows exploitation writeups such as MiniPlasma Cloud Filter / CVE-2020-17103-adjacent LPE detection, and incident-response reports such as DAEMON Tools Lite CVE-2026-8398 with typosquatted C2, selective backdoor deployment, and QUIC RAT activity; Cloud Atlas updates such as PowerCloud, PowerShower, VBCloud, reverse SSH / ReverseSocks / Tor backup-channel use, and Russia/Belarus government targeting; North Korea/Kimsuky tooling evolution such as PebbleDash / AppleSeed, HelloDoor, HttpMalice, VS Code tunneling, DWAgent, and Cloudflare Quick Tunnel abuse; identity-phishing tradecraft such as Microsoft Identity Platform / OAuth device-code phishing where law-firm PDF lures, CAPTCHA-gated fake legal portals, clipboard-copied
user_codevalues, and legitimate MFA flows lead to mailbox, OneDrive, and Teams token abuse; messaging-app malware such as WhatsApp-delivered VBScript chains that install ManageEngine Endpoint Central / RMM agents; ToddyCat / Umbrij Gmail OAuth abuse through headless Chromium remote debugging and STRD-style browser-session token acquisition; Armored Likho / BusySnake Stealer activity with AI-looking loaders, GitHub-hosted Python/PyArmor staging, WindowsHelper scheduled-task persistence, browser credential and cookie theft, and reverse SSH tunneling; ScreenConnect / RMM abuse campaigns such as freeware-impersonation SEO poisoning that silently installs ScreenConnect and deploys AsyncRAT throughinstall.res.1033.dll, Defender exclusions, RegAsm process hollowing, and scheduled-task persistence; SharkLoader / StrikeShark-style Cobalt Strike loader campaigns using edge exploitation, custom droppers, DLL sideloading, and scheduled-task persistence; and durable cybercrime malware campaigns such as piracy-site fake-update SilentCryptoMiner / RAT delivery) - Jamf Threat Labs — https://www.jamf.com/blog/ (HTML watch; monitor macOS malware, AppleScript/JXA delivery, MDM/endpoint-security tradecraft, and infostealer research such as PamStealer's fake Maccy distribution, Rust Mach-O second stage, PAM-validated credential capture, login-item persistence, Finder / Software Update masquerading, Full Disk Access social engineering, and blockchain-RPC configuration pivots)
- WithSecure Labs — https://labs.withsecure.com/publications (HTML watch; monitor Russia-nexus, Ukraine-focused, and AI-assisted campaigns such as GREYVIBE / PhantomMail / PhantomClick / PrincessClub with PhantomRelay, FallSpy, LegionRelay, DAYLIGHT, TEASOUP, and cybercrime-overlap attribution notes)
- Proofpoint Threat Insight — https://www.proofpoint.com/us/blog/threat-insight (HTML watch; monitor email-threat and actor-cluster reporting such as TA4922 Chinese-speaking cybercrime expansion, localized HR/payroll/tax/invoice lures, ValleyRAT / Winos4.0, Atlas RAT, RomulusLoader, SilentRunLoader, Silver Fox / Void Arachne overlap caveats, and DPRK/developer-targeting repository-phishing clusters such as UNK_DeadDrop using GitHub/GitLab lures, VS Code / Cursor
folderOpentasks, malicious VSIX persistence, Overlord payloads, and cryptocurrency-wallet theft, and academic / mailserver exploitation clusters such as UNK_MassTraction Roundcube CVE-2024-42009 to CVE-2025-49113 chains using IceCube, SquareShell, SNOWLIGHT, and VShell) - ReliaQuest Threat Research — https://reliaquest.com/blog/ (HTML watch; monitor incident-response-backed cluster and intrusion reporting such as OP-512 IIS web-shell espionage, cryptographically gated ASP.NET handlers, self-reporting DNS C2, and legacy .NET / IIS behavioral detections)
- Volexity Threat Research — https://www.volexity.com/blog/ (HTML watch; monitor incident-response-backed actor and appliance coverage such as VerdantBamboo / WARP PANDA / UNC5221 BRICKSTORM operations on Egnyte Storage Sync, pfSense, Synology NAS, MSP, Linux, FreeBSD, and other low-EDR management-plane systems)
- Sygnia research — https://www.sygnia.co/blog/ (HTML watch; monitor incident-response-backed China-nexus and infrastructure-persistence reporting such as Velvet Ant / Operation Highland authentication-stack backdoors, F5 BIG-IP abuse, Cisco Nexus CVE-2024-20399 / VELVETSHELL, PAM / OpenSSH tampering, segmented-network intrusion paths, and crypto supply-chain containment lessons such as developer endpoint → repo/CI → automation identity → Kubernetes/runtime → secrets → custody/transaction authority chains)
- Gambit Security research — https://gambit.security/news-resources (HTML watch; monitor recovery-denial and destructive-operation reporting such as Ababil of Minab / MOIS-linked backup, virtualization, and storage destruction campaigns)
- Infoblox Threat Intel — https://www.infoblox.com/blog/threat-intelligence/ (HTML watch; monitor DNS-scale fraud, phishing, scam-infrastructure, malicious-domain clustering, and framework/template abuse such as DCloud Uni-App scam infrastructure where legitimate web/app scaffolding supports fake crypto exchanges, pig-butchering flows, WhatsApp phishing, scambling/fake gambling, brand impersonation, and wallet drainers.)
- Hunt.io research — https://hunt.io/blog (HTML watch; monitor exposed attacker-infrastructure recoveries, C2/toolkit leaks, cloud-abuse operations, provider/ASN-level malicious-infrastructure concentration reports such as the Middle East 1,350+ C2 / 98-provider Host Radar analysis and Eastern Europe 3,900+ C2 / 302-provider Host Radar analysis, phishing/smishing infrastructure such as the 19-country government / postal / telecom campaign with 1,628 URLs and a reusable 128-character page hash or GHOST STADIUM FIFA World Cup ticketing clones with reusable
/fifa// Layui / same-origin credential-harvest pivots, managed-service / endpoint-management compromise blast-radius cases such as Quest KACE SMA CVE-2025-32975 exposed-toolkit reporting, Iranian-nexus exposed-C2 and staging operations such as Oman government webshell / Chisel / DotNetNuke targeting or Ababil of Minab exposed Python SimpleHTTP / Flask staging with LA Metro database-backup material, exposed DDoS-for-hire / IoT botnet operations such as xlabs_v1 ADB-on-TCP/5555 infection, Speedtest bandwidth tiering, and TCP/26721 fallback re-entry, TeamPCP Python toolkit / FIRESCALE fallback reporting, PCPJack-style proxy / SMTP relay infrastructure analysis, and high-blast-radius npm compromise payload analysis such as Axios /plain-crypto-jscross-platform RAT delivery with TA444 / BlueNoroff infrastructure overlaps) - SentinelOne SentinelLABS — https://www.sentinelone.com/labs/ (HTML watch; monitor crimeware, cloud-worm, DPRK, ransomware, macOS malware, and actor/tool reporting such as PCPJack credential theft, exposed cloud service propagation, Sliver payloads, TeamPCP-adjacent artifact removal, and analyst-targeting AI anti-analysis such as macOS.Gaslight Rust implants with Telegram C2, LaunchAgent persistence, keychain/browser theft, and prompt-injection payloads aimed at LLM-assisted triage)
- Sysdig Threat Research — https://www.sysdig.com/threat-research (HTML watch; monitor cloud-native, container, AI-workflow, DevOps platform, and post-exploitation reporting such as Gitea Docker CVE-2026-20896 reverse-proxy trusted-proxy wildcard probing, marimo CVE-2026-39987 LLM-agent post-exploitation, PraisonAI CVE-2026-44338 same-day endpoint validation, JADEPUFFER-style Langflow CVE-2025-3248 agentic ransomware / database-extortion operations, Cloudflare Workers egress fan-out, AWS Secrets Manager pivots, database theft from AI/notebook runtimes, and NATS-as-C2 / KeyHunter credential-harvesting worker infrastructure targeting AWS, AI keys, and code-sandbox secrets)
- Securonix Threat Labs — https://www.securonix.com/blog/ (HTML watch; monitor multi-stage malware delivery, infostealer, and living-off-the-land chains with concrete loader and detection detail, such as VEIL#DROP Blogger / Blogspot-hosted PowerShell loaders that deploy PureLogs Stealer through fake PDF JavaScript lures, dynamic URL mutation, reflective .NET loading, and signed Microsoft LOLBin fallbacks)
- Permiso Security / P0 Labs — https://permiso.io/blog (HTML watch; monitor AI identity, assistant-rendering, and indirect-prompt-injection research such as ChatGPhish page-summarization phishing through live Markdown links, auto-fetched images, spoofed alerts, and QR-code pivots)
- LayerX Security research — https://layerxsecurity.com/blog/ (HTML watch for browser, SaaS, AI-browser, and indirect-prompt-injection research such as BioShocking, where malicious page/game context can steer agentic browsers and browser plugins into authenticated-site credential or data access)
- Tenet Security Threat Labs — https://tenetsecurity.ai/blog/ (HTML watch for AI-agent runtime and MCP trust-boundary research such as Sentry Agentjacking, where public observability events can inject fake remediation instructions that coding agents execute through package-manager or shell tools)
- Noma Security / Noma Labs — https://noma.security/blog/ (HTML watch for agentic AI security research such as GitLost, where public GitHub issue text can indirectly prompt GitHub Agentic Workflows into reading private repositories and publishing results back to public issue comments)
- SAND Security research — https://www.sandsecurity.ai/blog (HTML watch for AI platform and sandbox-isolation research such as WriteOut, where Writer AI live previews forwarded user session cookies into attacker-controlled sandboxes before the vendor fix)
- AIR Security research — https://www.air.security/blog (HTML watch for AI-agent skill, MCP, plugin, and marketplace-abuse research such as mutable external-document skill swaps where clean submitted skills later fetch changed instructions from attacker-controlled product-adjacent domains)
- Adversa AI research — https://adversa.ai/blog/ (HTML watch for AI-agent and coding-agent trust-boundary research such as GuardFall shell-guard bypasses, TrustFall prompt-to-command execution paths, and deny-rule bypasses where agent safety gates inspect different text than the shell or tool runtime executes)
- Google Cloud / Mandiant Threat Intelligence — https://cloud.google.com/blog/topics/threat-intelligence (HTML/RSS watch; monitor incident-response-backed actor/campaign/tooling, exploited-product writeups such as KnowledgeDeliver CVE-2026-5426 ViewState deserialization, BLUEBEAM / Godzilla, Cobalt Strike follow-on activity, Oracle PeopleSoft CVE-2026-35273 zero-day exploitation by UNC6240 / ShinyHunters, GTIG AI Threat Tracker reporting on AI-assisted vulnerability exploitation, autonomous malware, obfuscated model access, TeamPCP / UNC6780 AI-environment supply-chain abuse, UNC6692 / SNOW malware social-engineering chains using Teams, browser-extension persistence, tunnels, and LSASS theft, PRC-nexus research-sector espionage such as UNC6508 REDCap / INFINITERED / mail content-compliance rule abuse against medical, academic, and military research organizations, Turla / Secret Blizzard tooling such as STOCKSTAY .NET WebSocket backdoors, KAZUAR overlap, K1MORPHER obfuscation, malicious GPO / RDP-file phishing deployment, and Ukrainian / foreign-policy targeting, criminal-market ecosystem reporting such as Chinese-language PhaaS real-time OTP interception / wallet-tokenization tradecraft, BlackFile / UNC6671 vishing extortion, UNC3753 / Luna Moth law-firm vishing with RMM and physical-impersonation pivots, AiTM SSO compromise, and SaaS data theft, plus residential-proxy / botnet disruption reporting such as NetNut / Popa with Google-account C2 disablement, Play Protect SDK enforcement, reseller-capacity migration, and threat-cluster abuse metrics)
- Google safety / affirmative litigation — https://blog.google/innovation-and-ai/technology/safety-security/ and https://affirmativelitigation.withgoogle.com/ (HTML watch for Google-filed abuse-disruption cases, AI-enabled scam operations, smishing / PhaaS infrastructure such as Outsider Enterprise, and law-enforcement or carrier-coordination details that add durable defender pivots)
- GitHub Security Blog / Changelog — https://github.blog/security/ and https://github.blog/changelog/ (HTML watch for GitHub platform incident notes, postmortems, incident-response controls such as enterprise self-service credential revocation, and supply-chain security-default changes such as npm v12 script approval /
allowScripts,--allow-git, and--allow-remotedefaults, plus GitHub Actions trust-boundary hardening such asactions/checkoutpwn-request refusal inpull_request_target/workflow_runcontexts and workflow execution protections that restrict allowed triggering actors and events) - Huntress incident posts — https://www.huntress.com/blog/ (HTML watch for transparent customer-side incident reports and SaaS / identity supply-chain lessons such as Klue OAuth token abuse impacting Salesforce-connected customer environments, Azure CLI / Microsoft Entra ID password-spray campaigns abusing ROPC and Conditional Access policy gaps such as LSHIY / AS32167 activity, and identity telemetry pivots that separate high-volume spray noise from confirmed credential validity)
- ZeroBEC research — https://zerobec.com/blog (HTML watch for identity, phishing, and cloud-post-exploitation reporting with concrete Microsoft 365 / Entra pivots such as DEBULL device-code phishing, Microsoft Authentication Broker token brokering, exposed PhaaS panels, and GraphSpy / Microsoft Graph post-authentication artifacts)
- Google Chrome Releases — https://chromereleases.googleblog.com/ (HTML/RSS watch for actively exploited Chrome / Chromium client-side zero-days such as V8 CVE-2026-11645 and rollout details for fixed stable builds)
- Island Security Research — https://www.island.io/blog (HTML watch for browser-extension and enterprise-browser trust-boundary research such as BadBlocker / Adblock for YouTube remote-script injection risk, where all-site extension permissions, remote rule channels, and page-context script execution create latent SaaS/admin-session exposure even without confirmed malicious payload delivery)
- McAfee Labs — https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ (HTML watch for commodity malware, browser-extension, and cryptocurrency-theft campaigns such as Silent Swap / Google Notes crypto clippers that combine unsigned installers, Chromium profile tampering, clipboard address replacement, and EtherHiding blockchain C2/dead-drop resolution)
- Check Point Research / advisories — https://research.checkpoint.com/, https://blog.checkpoint.com/security/, and https://support.checkpoint.com/ (HTML watch for active edge, VPN, firewall, and ransomware-affiliate exploitation reporting such as Remote Access VPN / Mobile Access CVE-2026-50751 IKEv1 authentication bypass and companion SK hotfix guidance; Iran-linked actor/tool reporting such as Cavern Manticore / Cavern modular .NET C2 framework activity against Israeli government and IT-provider targets; AI-agent framework research such as LangGraph checkpointer injection / unsafe deserialization chains; and social-proof / reputation-manipulation malware distribution such as fake GitHub / SourceForge / YouTube / VirusTotal engagement around cryptocurrency clipboard hijackers)
- Ammar Askar security research — https://blog.ammaraskar.com/ (HTML watch for developer-tooling, VS Code, GitHub.dev, and source-control token-boundary research such as browser IDE OAuth token theft)
- GMO Flatt Security Research — https://flatt.tech/research/ (HTML watch for AI-agent, Claude Code, GitHub Actions, and repository-permission boundary research such as Claude Code GitHub Action prompt-injection and workflow takeover paths)
- The Hacker News — https://feeds.feedburner.com/TheHackersNews (monitor active-exploitation reports and secondary pointers to primary actor/tool research that add concrete affected-version, exploit-status, or response guidance, such as Januscape KVM/x86 CVE-2026-53359 guest-to-host escape public PoC coverage, LiteSpeed/cPanel CVE-2026-48172, Cisco Catalyst SD-WAN Manager CVE-2026-20245, Cisco Unified CM CVE-2026-20230 WebDialer-gated file-write exploitation, Oracle E-Business Suite CVE-2026-46817 Oracle Payments exploitation telemetry, Lazarus RemotePE coverage, Malware-Slop / Claude user-data npm infostealer pointers to OX Security, WithSecure GREYVIBE pointers, Sysdig marimo LLM-agent post-exploitation pointers, Permiso ChatGPhish AI-summary phishing pointers, ClickFix payload-as-a-service / API-driven delivery analysis pointers, public exploit / kernel-patch pivots such as Bad Epoll CVE-2026-46242, and cross-source campaign roundups such as Grandoreiro / BTMOB)
- Wordfence vulnerability intelligence — https://www.wordfence.com/threat-intel/vulnerabilities and https://www.wordfence.com/blog/category/vulnerabilities/ (HTML watch; monitor active WordPress plugin exploitation with concrete affected versions, exploit telemetry, and mitigation details such as WP Maps Pro CVE-2026-8732 administrator-account creation, Everest Forms Pro CVE-2026-3300 calculation-field RCE, and Gravity SMTP CVE-2026-4020 email-provider API-key exposure)
- Fox-IT / NCC Group research blog — https://blog.fox-it.com/ (HTML watch; monitor incident-response-backed actor/tool research such as Lazarus RemotePE, DPAPI/environmental-keying loaders, and memory-only RAT tradecraft)
- Boost Security Labs — https://labs.boostsecurity.io/rss.xml (watch CI/CD supply-chain techniques such as deployment poisoning, TeamPCP follow-ups, GitHub Actions OIDC trust-boundary research such as Sleeper Squats subject-claim delimiter collisions, and trusted-publishing/provenance trust-boundary analysis such as the Miasma / Red Hat throwaway-branch OIDC publication path)
- Novee Security — https://novee.security/blog/ (HTML watch; monitor CI/CD workflow-composition research such as Cordyceps, where untrusted pull-request comments, branch names, artifacts, or metadata cross into privileged GitHub Actions automation with secrets or write tokens)
- watchTowr Labs — https://labs.watchtowr.com/ (HTML watch for fast edge-appliance, security-platform, and enterprise-web-platform exploit analysis plus detection artifacts, such as Ivanti Sentry CVE-2026-10520 / CVE-2026-10523 pre-auth command-injection and authentication-bypass research, Splunk Enterprise CVE-2026-20253 PostgreSQL Sidecar Service pre-auth file-write-to-RCE analysis, Progress Kemp LoadMaster CVE-2026-8037 API-enabled pre-auth RCE / uninitialized-heap command-injection analysis, Citrix NetScaler CVE-2026-8451 CitrixBleed-class SAML IdP memory-overread validation, and Adobe ColdFusion APSB26-68 CVE-bonanza follow-ups covering CFIDE / FILEIO arbitrary file read-write and path-traversal primitives)
- StepSecurity blog — https://www.stepsecurity.io/blog/rss.xml (watch Mini Shai-Hulud / Nx Console follow-ups, Miasma-style
@redhat-cloud-services, Leo Platform, and internal-developer-platform package compromises such as Immobiliare Labs Backstage plugins, CI/CD workflow-backdoor campaigns such as Megalodon, GitHub Actions tag-retargeting compromises such ascodfish/semantic-release-actionandsimonecorsi/mawesome, JINX-0164-adjacent package compromises such as Velora DEX SDK / MINIRAT, npm native-addon build-path execution such asbinding.gypCI/CD worms, AI-assistant/editor repository reinfections such asAzure/durabletask, source-repository force-push compromises such asPythagora-io/gpt-pilot, stale-maintainer npm scope compromises such as Mastra /easy-day-js, IDE marketplace credential theft such as malicious JetBrains AI plugins stealing OpenAI / DeepSeek / SiliconFlow API keys, developer-machine package-manager configuration drift such as npm / Python registry, cooldown, and auth policy checks, downstream GitHub Actions availability impacts such asAzure/functions-actionrepository disablement, Composer/GitHub tag-rewrite incidents such as Laravel-Lang, and Hades-style PyPI import-hook waves with graph-ML / bioinformatics package compromise, LLM-analysis prompt-injection evasion, cross-platform runner-memory scraping, SSH/SCP lateral movement, wiper-deterrent persistence, and developer-machine suspicious-file detection pivots such asbinding.gyp, injected__init__.py,.vscode/tasks.json, and.claude/setup.mjs) - Trail of Bits blog — https://blog.trailofbits.com/feed/ (watch AI-agent skill distribution and scanner-bypass research such as public marketplace poisoning, ClawHub / skills.sh / Cisco skill-scanner bypasses, bytecode/document indirection, prompt-injection framing, and broader AI/ML supply-chain hardening)
- arXiv agentic-security papers — https://arxiv.org/list/cs.CR/recent (HTML watch; promote only papers with immediate defender value for AI-agent, coding-agent, MCP, skill, and autonomous-workflow security, such as SkillCloak / SkillDetonate measurements of agent-skill scanner evasion and runtime detonation)
- CleverHans Lab — https://cleverhans.io/latest-research.html (HTML/arXiv watch for adversarial-ML and agentic-security research with operational defender value, such as adaptive computer worms using local open-weight LLMs on compromised hosts)
- PortSwigger Research — https://portswigger.net/research/rss
- ProjectDiscovery blog — https://projectdiscovery.io/blog/rss
- runZero Research — https://www.runzero.com/blog/ (HTML watch for exposure-management and IT/OT/IoT vulnerability research with durable defender value, such as FatFs CVE-2026-6682 through CVE-2026-6688 embedded-filesystem flaws affecting removable-media and firmware-update paths across Espressif ESP-IDF, STM32Cube, Zephyr RTOS, MicroPython, ArduPilot, RT-Thread, Mbed, Samsung TizenRT, SWUpdate, and downstream IoT/OT products.)
- Synacktiv publications — https://www.synacktiv.com/en/publications (HTML watch for offensive research with durable defender impact, especially CI/CD, Kubernetes, cloud, and supply-chain control-plane flaws such as unpatched Argo CD repo-server gRPC / Redis reachability leading to unauthenticated code execution and arbitrary Kubernetes manifest deployment.)
- CISA KEV / alerts — https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json and https://www.cisa.gov/news-events/cybersecurity-advisories (promote entries and alerts when they add active exploitation evidence, actor linkage, or high-impact platform exposure such as Langflow CVE-2025-34291, PAN-OS GlobalProtect CVE-2026-0257, managed-file-transfer availability attacks such as SolarWinds Serv-U CVE-2026-28318, Magento / Adobe Commerce extension RCE such as Mirasvit Cache Warmer CVE-2026-45247, credential-exposure activity against edge/VPN devices such as FortiBleed, enterprise application RCE such as PTC Windchill / FlexPLM CVE-2026-12569, remote-support/RMM authentication bypass such as SimpleHelp CVE-2026-48558, or edge / ICS / enterprise-application command-execution exposure such as UniFi OS CVE-2026-34908 / CVE-2026-34909 / CVE-2026-34910, Lantronix EDS5000 CVE-2025-67038, and Microsoft SharePoint CVE-2026-45659)
- CERT/CC Vulnerability Notes — https://kb.cert.org/vuls/ (HTML/RSS/API watch for high-impact vulnerability notes with durable defender value, especially edge-device, router, appliance, and supply-chain flaws where vendor coordination is incomplete or no patch is available, such as Tenda firmware CVE-2026-11405 hidden web-management authentication backdoors.)
- GitHub Security Advisories — https://github.com/advisories.atom
- CERT-UA — https://cert.gov.ua/ (HTML/API watch for Ukraine-focused actor campaigns, UAC cluster reports, malware component names, and indicator bundles; article pages can be queried via
/api/articles/byId?id=<article-id>) - Europol / Eurojust / FBI IC3 / SBU public cyber notices — watch for criminal infrastructure takedowns, seized domains, exit-node indicators, ransomware-enabler service descriptions, TDS / fake-update warnings, and law-enforcement caveats that can update tool/infrastructure pages such as the June 2026 Operation Endgame SocGholish / FakeUpdates disruption; also monitor FBI/CISA/SBU messaging-application targeting advisories such as Russian Intelligence Services / FSB commercial-messaging phishing tracked as
UNC5792/UNC4221, Backup Recovery Key theft against Signal users, SMS-style fake-support lures, and QR-code account-linking attempts. - NCSC-NL / Dutch Police cyber notices — https://www.ncsc.nl/nieuws and https://www.politie.nl/nieuws (watch Netherlands-hosted criminal infrastructure, botnet takedowns, residential-proxy / IoT-device abuse, hosting-provider disruptions, seized servers, and follow-up victim-notification or indicator releases such as the 17-million-device botnet disruption).
Maintainer / vendor incident posts to watch during active campaigns
- Nx / nrwl security advisories and issues — https://github.com/nrwl/nx/security/advisories and https://github.com/nrwl/nx/issues
- Grafana Labs security posts — https://grafana.com/blog/tags/security/
- PyPI project and malware-report pages for affected packages — use package-specific release history as confirmation for yanked or restored versions.
- Packagist package pages and maintainer incident notes — watch package metadata/tag movement and unexpected
composer-pluginconversions during Mini Shai-Hulud-style cross-ecosystem incidents. - LiteSpeed / cPanel security notices — watch vendor advisories and cPanel support notices for actively exploited hosting-control-plane flaws and forced-removal/patch guidance, including LiteSpeed cPanel Plugin CVE-2026-54420 root escalation on CloudLinux / CageFS shared-hosting systems.
- BeyondTrust security advisories — https://www.beyondtrust.com/trust-center/security-advisories (HTML watch; monitor Remote Support / Privileged Remote Access authentication-bypass and appliance-control flaws such as BT26-03 / CVE-2026-40138 / CVE-2026-40139, especially where exposed RS/PRA systems have prior web-shell / backdoor exploitation history.)
- DAEMON Tools / Disc Soft notices — https://blog.daemon-tools.cc/ and release notes; watch follow-ups to DAEMON Tools Lite CVE-2026-8398, installer integrity claims, rebuild/version guidance, and infrastructure-remediation details.
- Visual Studio Code release notes / Marketplace security changes — https://code.visualstudio.com/updates/ and https://marketplace.visualstudio.com/VSCode (watch extension-marketplace mitigations, delayed auto-update changes, publisher-trust exceptions, and response details following poisoned-extension incidents such as Nx Console.)
Notes
- Prefer RSS/Atom over ad hoc web searches.
- If a feed URL changes, update this page and the monitoring config together.
- If a source produces repeated noise, lower its priority before removing it.
Active watch topics
- Shai-Hulud / Mini Shai-Hulud / TeamPCP supply-chain activity — monitor vendor research, affected-package appendices, maintainer postmortems, CISA/GitHub advisories, and registry notices for new package families, propagation methods, persistence paths, infrastructure, and attribution changes.