Tag index
Generated from page-level ## Tags sections. Each tag below links to the pages that currently use it.
All tags
- 3CX (1)
- Ababil of Minab (1)
- Accellion (1)
- account-takeover (1)
- active exploitation (5)
- actors (2)
- Admin API key theft (1)
- Adspect (1)
- adware (1)
- AI (2)
- AI agents (1)
- AI tooling (4)
- ai-agent (1)
- Albania (1)
- Android (1)
- Apex One (1)
- API abuse (1)
- AppDomainManager (1)
- AppleJeus (1)
- appliance (1)
- APT (2)
- APT27 (1)
- APT28 (1)
- APT29 (1)
- APT37 (1)
- APT45 (1)
- Artifact Signing (1)
- ASP.NET machineKey (1)
- authentication bypass (1)
- authentication-coercion (1)
- AWS (1)
- Azure (2)
- backdoor (4)
- backups (1)
- Barracuda (1)
- Bash Uploader (1)
- Belarus (1)
- BirdCall (1)
- Bitbucket (1)
- Bitwarden (1)
- BLUEBEAM (1)
- branch-name-injection (1)
- browser credential theft (1)
- build-time compromise (1)
- Bun (1)
- C2 (2)
- CANFAIL (1)
- CCleaner (1)
- CDN (1)
- Checkmarx (1)
- China (2)
- ChromElevator (1)
- CI/CD (17)
- CircleCI (1)
- CISA KEV (2)
- Citrine Sleet (1)
- Citrix (1)
- ClickFix (1)
- cloaking (1)
- cloud (4)
- Cloudflare (1)
- Cloudflare Workers (1)
- CMS (2)
- Cobalt Strike (2)
- code signing (2)
- Codecov (1)
- Coinbase (1)
- command execution (1)
- command-execution (1)
- command-injection (1)
- Composer (2)
- compromised accounts (1)
- ConnectWise (1)
- control panel compromise (1)
- Coruna (1)
- cPanel (2)
- Crates.io (1)
- credential theft (5)
- credential-theft (14)
- criminal infrastructure (1)
- critical-infrastructure (2)
- crypto (2)
- cryptocurrency (3)
- cryptocurrency theft (1)
- cryptominer (1)
- Curious Serpens (1)
- CVE-2023-2868 (1)
- CVE-2023-4966 (1)
- CVE-2024-1708 (1)
- CVE-2024-1709 (1)
- CVE-2024-3094 (2)
- CVE-2025-34291 (1)
- CVE-2026-26980 (1)
- CVE-2026-34926 (1)
- CVE-2026-41091 (1)
- CVE-2026-41940 (1)
- CVE-2026-45498 (1)
- CVE-2026-48172 (1)
- CVE-2026-5426 (1)
- CVE-2026-9082 (1)
- cybercrime (3)
- data exfiltration (1)
- data theft (1)
- defense evasion (2)
- DeFi (2)
- deployment_status (1)
- destructive operations (1)
- developer machines (3)
- device registration (1)
- DEWMODE (1)
- Digital Knowledge (1)
- Discord (1)
- discovery (1)
- DLL sideloading (2)
- DNS C2 (1)
- Docker (1)
- DPAPI (1)
- DPAPILoader (1)
- DPRK (1)
- Drupal (1)
- edge appliance (1)
- EDR evasion (1)
- education (1)
- email (1)
- email gateway (1)
- endpoint-security (2)
- energy-sector (1)
- Entra ID (1)
- environmental keying (1)
- ESG (1)
- espionage (11)
- ETW patching (1)
- Eurojust (1)
- Europe (2)
- Europol (1)
- EvilAI (1)
- exfiltration (1)
- exploit-development (1)
- exploit-kit (1)
- Exploit.in (1)
- exploitation (3)
- extortion (1)
- fake plugin (1)
- FakeCaptcha (1)
- faketivism (1)
- Fancy Bear (1)
- FBI (1)
- FileFiend (1)
- filemanager (1)
- filename-injection (1)
- financial sector (1)
- financial services (1)
- financial theft (1)
- Forest Blizzard (1)
- Fox Tempest (1)
- FTA (1)
- Funnull (1)
- GCS (1)
- Ghost CMS (1)
- GitHub (5)
- GitHub Actions (13)
- GitHub OAuth (1)
- Gleaming Pisces (1)
- Go (3)
- Godzilla (1)
- GoEdge (1)
- group (1)
- groups (4)
- hack-and-leak (1)
- hacktivist persona (1)
- HAR files (1)
- hard-coded secrets (1)
- HellsGate (1)
- HONESTCUE (1)
- Hugging Face (1)
- ICONICSTEALER (1)
- ICS (1)
- IDE extension (1)
- identity (2)
- incident response (3)
- infostealer (1)
- infrastructure (2)
- initial-access (1)
- iOS (1)
- Iran (5)
- Israel (1)
- Japan (1)
- JavaScript injection (1)
- JavaScript loader (1)
- JavaScript malware (1)
- JavaScript tampering (1)
- JSON:API (1)
- KEV (2)
- keylogger (1)
- KnowledgeDeliver (1)
- L2TP/IPSec (1)
- LA Metro (1)
- Langflow (1)
- Laravel (1)
- lateral-movement (1)
- Lazarus (1)
- LD_PRELOAD (1)
- legacy software (1)
- liblzma (1)
- libp2p (1)
- libpeconv (1)
- lifecycle hooks (1)
- Linux (5)
- LiteSpeed (1)
- LLM (2)
- LMS (1)
- LNK (1)
- long-term access (1)
- LONGSTREAM (1)
- MacCMS (1)
- macOS (2)
- maintainer persona (1)
- maintainer-compromise (1)
- malicious releases (1)
- malvertising (1)
- malware (6)
- malware delivery (1)
- malware-signing-as-a-service (1)
- manufacturing (1)
- MCP (1)
- memory-only malware (1)
- MFA bypass (3)
- Microsoft (1)
- Microsoft Defender (1)
- Microsoft Graph (2)
- Middle East (1)
- Midnight Blizzard (1)
- MiniJunk (1)
- MiniUpdate (1)
- module-proxy (1)
- MOIS (3)
- Monero (1)
- Mr_Rot13 (1)
- MSP (1)
- MuddyWater (2)
- nation-state (1)
- NetScaler (1)
- Nginx module (1)
- node-ipc (1)
- Node.js (1)
- North Korea (2)
- npm (13)
- obfuscation (1)
- OFAC (1)
- OIDC (2)
- Okta (2)
- Ollama (1)
- OneDrive (1)
- OpenConnect (1)
- OpenVPN (1)
- operational resilience (1)
- operations (49)
- OpFauxSign (1)
- ops (46)
- OYSTERBLUES (1)
- OYSTERFRESH (1)
- OYSTERSHUCK (1)
- P2P (1)
- package-takeover (1)
- Packagist (2)
- page poisoning (1)
- patterns (2)
- pe_to_shellcode (1)
- people (1)
- persistence (11)
- phishing (1)
- PHP (1)
- pig-butchering (1)
- Piriform (1)
- Polymarket (1)
- portmap (1)
- post-exploitation (1)
- PostgreSQL (1)
- postinstall (1)
- PowerShell (1)
- PPtP (1)
- PRC (1)
- PRC-aligned (1)
- private-key theft (1)
- privilege escalation (2)
- prompt-injection (3)
- PROMPTFLUX (1)
- PROMPTSPY (1)
- proxy (4)
- psychological operations (1)
- public file-transfer exfiltration (1)
- public sector (1)
- pwn-request (1)
- PyPI (4)
- Python (1)
- RAM disk (1)
- ransomware (2)
- RAT (4)
- Reality (1)
- Reaper (1)
- recovery denial (1)
- recruitment lures (1)
- Redis backdoor (1)
- release tampering (1)
- remote access (1)
- remote code execution (1)
- RemotePE (1)
- RemotePELoader (1)
- reviewdog (1)
- RingH23 (1)
- ROADrecon (1)
- ROADtools (1)
- roadtx (1)
- RokRAT (1)
- root execution (1)
- rootkit (1)
- RubyGems (1)
- Runner.Worker (1)
- Russia (2)
- Russia-nexus (1)
- Russian-speaking forums (1)
- Rust (1)
- sabotage (1)
- Safari (1)
- ScarCruft (1)
- ScreenConnect (1)
- script-injection (1)
- secret exposure (1)
- secrets (3)
- Seedworm (1)
- sendit.sh (1)
- session hijacking (2)
- session theft (1)
- ShadowPad (1)
- Shai-Hulud (3)
- shared hosting (2)
- shared secrets (1)
- signed updates (1)
- sleeper packages (1)
- SLSA (1)
- SmartScreen (1)
- smishing (1)
- social engineering (2)
- SOCKS5 (2)
- South Africa (1)
- South Korea (1)
- Southeast Asia (1)
- spearphishing (1)
- SQL injection (2)
- SSH (1)
- SSH key persistence (1)
- SSH persistence (1)
- SSRF (1)
- state-linked (1)
- Static Kitten (1)
- stealer (1)
- storage deletion (1)
- supply-chain (33)
- tag rewrite (1)
- tag tampering (2)
- takedown (1)
- TamperedChef (1)
- TartarusGate (1)
- TeamPCP (7)
- TeamViewer (1)
- telecom (1)
- Telegram (1)
- Temp Zagros (1)
- tj-actions (1)
- token replay (1)
- token theft (2)
- tooling (5)
- tools (4)
- Trading Technologies (1)
- traffic hijacking (1)
- transnational repression (1)
- Trend Micro (1)
- Twilio (1)
- typosquat (1)
- typosquatting (3)
- Udev persistence (1)
- Ukraine (3)
- UNC2814 (1)
- UNC4736 (1)
- UNC6780 (1)
- UTA0355 (1)
- Views (1)
- ViewState deserialization (1)
- virtualization (1)
- VLESS (1)
- VPN (1)
- VS Code (2)
- vulnerability (2)
- vulnerability-research (1)
- wallet replacement (1)
- wallet-drainer (1)
- wallet-theft (2)
- watering-hole (2)
- web application (1)
- web hosting (2)
- web shell (1)
- web supply chain (1)
- WebKit (1)
- webshell (1)
- Webworm (1)
- WHM (2)
- Windows (7)
- wiper (2)
- wiper-adjacent (1)
- WireGuard (1)
- workflow backdoor (1)
- worm (6)
- X_TRADER (1)
- XMRig (1)
- XSS.is (1)
- xz (1)
- Yanbian (1)
- Zero Trust (1)
- zero-click (1)
- zero-day (1)
3CX
Ababil of Minab
Accellion
account-takeover
active exploitation
- Drupal Core CVE-2026-9082 exploitation
- Ghost CMS CVE-2026-26980 ClickFix poisoning
- KnowledgeDeliver CVE-2026-5426 ViewState exploitation
- LiteSpeed cPanel CVE-2026-48172 exploitation
- Mr_Rot13 cPanel CVE-2026-41940 backdoor campaign
actors
Admin API key theft
Adspect
adware
AI
AI agents
AI tooling
- Ollama P2P cryptominer RAT campaign
- Polymarket npm wallet-drainer packages
- SANDWORM_MODE AI-toolchain npm worm
- TrapDoor crypto-stealer cross-ecosystem campaign
ai-agent
Albania
Android
Apex One
API abuse
AppDomainManager
AppleJeus
appliance
APT
APT27
APT28
APT29
APT37
APT45
Artifact Signing
ASP.NET machineKey
authentication bypass
authentication-coercion
AWS
Azure
backdoor
- Mr_Rot13 cPanel CVE-2026-41940 backdoor campaign
- Ollama P2P cryptominer RAT campaign
- shopsprint/decimal Go typosquat DNS backdoor
- Showboat
backups
Barracuda
Bash Uploader
Belarus
BirdCall
Bitbucket
Bitwarden
BLUEBEAM
branch-name-injection
browser credential theft
build-time compromise
Bun
C2
CANFAIL
CCleaner
CDN
Checkmarx
China
ChromElevator
CI/CD
- actions-cool GitHub Actions tag compromise
- Bitwarden / Checkmarx Shai-Hulud Third Coming campaign
- BufferZoneCorp RubyGems / Go module CI poisoning
- CircleCI 2023 customer secret exposure incident
- Codecov Bash Uploader compromise
- GitHub Actions deployment poisoning
- HackerBot Claw
- HackerBot Claw GitHub Actions exploitation campaign
- Laravel-Lang Composer tag-rewrite compromise
- LiteLLM compromise
- Megalodon GitHub Actions workflow backdooring
- Mini Shai-Hulud npm/PyPI worm campaign
- SANDWORM_MODE AI-toolchain npm worm
- TeamPCP
- tj-actions and reviewdog compromise
- Trivy compromise
- Trivy → TeamPCP → CanisterWorm: compromise timeline
CircleCI
CISA KEV
- Microsoft Defender CVE-2026-41091 / CVE-2026-45498 exploitation
- Trend Micro Apex One CVE-2026-34926 exploitation
Citrine Sleet
Citrix
ClickFix
cloaking
cloud
Cloudflare
Cloudflare Workers
CMS
Cobalt Strike
code signing
Codecov
Coinbase
command execution
command-execution
command-injection
Composer
compromised accounts
ConnectWise
control panel compromise
Coruna
cPanel
Crates.io
credential theft
- Langflow CVE-2025-34291 exploitation
- LiteLLM compromise
- Mr_Rot13 cPanel CVE-2026-41940 backdoor campaign
- Seedworm / MuddyWater
- Trivy compromise
credential-theft
- actions-cool GitHub Actions tag compromise
- APT29
- Bitwarden / Checkmarx Shai-Hulud Third Coming campaign
- BufferZoneCorp RubyGems / Go module CI poisoning
- GitHub / Packagist postinstall hook campaign
- js-logger-pack Hugging Face exfiltration campaign
- Laravel-Lang Composer tag-rewrite compromise
- Megalodon GitHub Actions workflow backdooring
- Mini Shai-Hulud npm/PyPI worm campaign
- node-ipc 2026 npm maintainer-account compromise
- Nx Console VS Code extension compromise
- SANDWORM_MODE AI-toolchain npm worm
- TrapDoor crypto-stealer cross-ecosystem campaign
- Xinference PyPI compromise
criminal infrastructure
critical-infrastructure
crypto
cryptocurrency
cryptocurrency theft
cryptominer
Curious Serpens
CVE-2023-2868
CVE-2023-4966
CVE-2024-1708
CVE-2024-1709
CVE-2024-3094
CVE-2025-34291
CVE-2026-26980
CVE-2026-34926
CVE-2026-41091
CVE-2026-41940
CVE-2026-45498
CVE-2026-48172
CVE-2026-5426
CVE-2026-9082
cybercrime
data exfiltration
data theft
defense evasion
DeFi
deployment_status
destructive operations
developer machines
- BufferZoneCorp RubyGems / Go module CI poisoning
- Polymarket npm wallet-drainer packages
- Trivy compromise
device registration
DEWMODE
Digital Knowledge
Discord
discovery
DLL sideloading
DNS C2
Docker
DPAPI
DPAPILoader
DPRK
Drupal
edge appliance
EDR evasion
education
email gateway
endpoint-security
- Microsoft Defender CVE-2026-41091 / CVE-2026-45498 exploitation
- Trend Micro Apex One CVE-2026-34926 exploitation
energy-sector
Entra ID
environmental keying
ESG
espionage
- APT29
- Barracuda ESG zero-day backdoor campaign
- Dragonfly
- Ghostwriter
- RemotePE
- ROADtools
- ScarCruft Yanbian game-platform supply-chain attack
- Screening Serpens
- Seedworm / MuddyWater
- Showboat
- Webworm
ETW patching
Eurojust
Europe
Europol
EvilAI
exfiltration
exploit-development
exploit-kit
Exploit.in
exploitation
- Langflow CVE-2025-34291 exploitation
- Microsoft Defender CVE-2026-41091 / CVE-2026-45498 exploitation
- Trend Micro Apex One CVE-2026-34926 exploitation
extortion
fake plugin
FakeCaptcha
faketivism
Fancy Bear
FBI
FileFiend
filemanager
filename-injection
financial sector
financial services
financial theft
Forest Blizzard
Fox Tempest
FTA
Funnull
GCS
Ghost CMS
GitHub
- BufferZoneCorp RubyGems / Go module CI poisoning
- GitHub / Packagist postinstall hook campaign
- JiaT75
- Nx Console VS Code extension compromise
- Webworm
GitHub Actions
- actions-cool GitHub Actions tag compromise
- Bitwarden / Checkmarx Shai-Hulud Third Coming campaign
- BufferZoneCorp RubyGems / Go module CI poisoning
- GitHub Actions deployment poisoning
- HackerBot Claw
- HackerBot Claw GitHub Actions exploitation campaign
- Megalodon GitHub Actions workflow backdooring
- Mini Shai-Hulud npm/PyPI worm campaign
- SANDWORM_MODE AI-toolchain npm worm
- TeamPCP
- tj-actions and reviewdog compromise
- Trivy compromise
- Trivy → TeamPCP → CanisterWorm: compromise timeline
GitHub OAuth
Gleaming Pisces
Go
- BufferZoneCorp RubyGems / Go module CI poisoning
- Ollama P2P cryptominer RAT campaign
- shopsprint/decimal Go typosquat DNS backdoor
Godzilla
GoEdge
group
groups
hack-and-leak
hacktivist persona
HAR files
hard-coded secrets
HellsGate
HONESTCUE
Hugging Face
ICONICSTEALER
ICS
IDE extension
identity
incident response
- Funnull RingH23 and MacCMS supply-chain attacks
- LiteSpeed cPanel CVE-2026-48172 exploitation
- Mr_Rot13 cPanel CVE-2026-41940 backdoor campaign
infostealer
infrastructure
initial-access
iOS
Iran
- Ababil of Minab MOIS-linked recovery-destruction campaign
- Handala
- Langflow CVE-2025-34291 exploitation
- Screening Serpens
- Seedworm / MuddyWater
Israel
Japan
JavaScript injection
JavaScript loader
JavaScript malware
JavaScript tampering
JSON:API
KEV
keylogger
KnowledgeDeliver
L2TP/IPSec
LA Metro
Langflow
Laravel
lateral-movement
Lazarus
LD_PRELOAD
legacy software
liblzma
libp2p
libpeconv
lifecycle hooks
Linux
- GitHub / Packagist postinstall hook campaign
- js-logger-pack Hugging Face exfiltration campaign
- Ollama P2P cryptominer RAT campaign
- Showboat
- XZ Utils backdoor
LiteSpeed
LLM
LMS
LNK
long-term access
LONGSTREAM
MacCMS
macOS
maintainer persona
maintainer-compromise
malicious releases
malvertising
malware
- AI-augmented adversary operations
- CanisterWorm
- RemotePE
- Showboat
- TamperedChef-style productivity malware clusters
- TeamPCP
malware delivery
malware-signing-as-a-service
manufacturing
MCP
memory-only malware
MFA bypass
Microsoft
Microsoft Defender
Microsoft Graph
Middle East
Midnight Blizzard
MiniJunk
MiniUpdate
module-proxy
MOIS
Monero
Mr_Rot13
MSP
MuddyWater
nation-state
NetScaler
Nginx module
node-ipc
Node.js
North Korea
npm
- art-template Coruna-style iOS watering-hole compromise
- Bitwarden / Checkmarx Shai-Hulud Third Coming campaign
- CanisterWorm
- GitHub / Packagist postinstall hook campaign
- js-logger-pack Hugging Face exfiltration campaign
- Megalodon GitHub Actions workflow backdooring
- Mini Shai-Hulud npm/PyPI worm campaign
- node-ipc 2026 npm maintainer-account compromise
- Polymarket npm wallet-drainer packages
- SANDWORM_MODE AI-toolchain npm worm
- TeamPCP
- TrapDoor crypto-stealer cross-ecosystem campaign
- Trivy → TeamPCP → CanisterWorm: compromise timeline
obfuscation
OFAC
OIDC
Okta
Ollama
OneDrive
OpenConnect
OpenVPN
operational resilience
operations
- 0ktapus phishing campaign
- 3CX desktop app compromise
- Ababil of Minab MOIS-linked recovery-destruction campaign
- Accellion FTA exploitation campaign
- actions-cool GitHub Actions tag compromise
- APT28 LNK SmartScreen bypass and CVE-2026-32202 coercion chain
- art-template Coruna-style iOS watering-hole compromise
- Barracuda ESG zero-day backdoor campaign
- Bitwarden / Checkmarx Shai-Hulud Third Coming campaign
- BufferZoneCorp RubyGems / Go module CI poisoning
- CanisterWorm
- CCleaner signed-update compromise
- CircleCI 2023 customer secret exposure incident
- CitrixBleed session-hijack wave
- Codecov Bash Uploader compromise
- ConnectWise ScreenConnect exploitation wave
- Drupal Core CVE-2026-9082 exploitation
- Funnull RingH23 and MacCMS supply-chain attacks
- Ghost CMS CVE-2026-26980 ClickFix poisoning
- GitHub / Packagist postinstall hook campaign
- HackerBot Claw
- HackerBot Claw GitHub Actions exploitation campaign
- js-logger-pack Hugging Face exfiltration campaign
- KnowledgeDeliver CVE-2026-5426 ViewState exploitation
- Langflow CVE-2025-34291 exploitation
- Laravel-Lang Composer tag-rewrite compromise
- LiteLLM compromise
- LiteSpeed cPanel CVE-2026-48172 exploitation
- Megalodon GitHub Actions workflow backdooring
- Microsoft Defender CVE-2026-41091 / CVE-2026-45498 exploitation
- Mini Shai-Hulud npm/PyPI worm campaign
- Mr_Rot13 cPanel CVE-2026-41940 backdoor campaign
- node-ipc 2026 npm maintainer-account compromise
- Nx Console VS Code extension compromise
- Okta support-system compromise
- Ollama P2P cryptominer RAT campaign
- Polymarket npm wallet-drainer packages
- SANDWORM_MODE AI-toolchain npm worm
- ScarCruft Yanbian game-platform supply-chain attack
- shopsprint/decimal Go typosquat DNS backdoor
- TamperedChef-style productivity malware clusters
- TeamPCP
- tj-actions and reviewdog compromise
- TrapDoor crypto-stealer cross-ecosystem campaign
- Trend Micro Apex One CVE-2026-34926 exploitation
- Trivy compromise
- Trivy → TeamPCP → CanisterWorm: compromise timeline
- Xinference PyPI compromise
- XZ Utils backdoor
OpFauxSign
ops
- 0ktapus phishing campaign
- 3CX desktop app compromise
- Ababil of Minab MOIS-linked recovery-destruction campaign
- Accellion FTA exploitation campaign
- actions-cool GitHub Actions tag compromise
- APT28 LNK SmartScreen bypass and CVE-2026-32202 coercion chain
- art-template Coruna-style iOS watering-hole compromise
- Barracuda ESG zero-day backdoor campaign
- Bitwarden / Checkmarx Shai-Hulud Third Coming campaign
- BufferZoneCorp RubyGems / Go module CI poisoning
- CCleaner signed-update compromise
- CircleCI 2023 customer secret exposure incident
- CitrixBleed session-hijack wave
- Codecov Bash Uploader compromise
- ConnectWise ScreenConnect exploitation wave
- Drupal Core CVE-2026-9082 exploitation
- Funnull RingH23 and MacCMS supply-chain attacks
- Ghost CMS CVE-2026-26980 ClickFix poisoning
- GitHub / Packagist postinstall hook campaign
- HackerBot Claw GitHub Actions exploitation campaign
- js-logger-pack Hugging Face exfiltration campaign
- KnowledgeDeliver CVE-2026-5426 ViewState exploitation
- Langflow CVE-2025-34291 exploitation
- Laravel-Lang Composer tag-rewrite compromise
- LiteLLM compromise
- LiteSpeed cPanel CVE-2026-48172 exploitation
- Megalodon GitHub Actions workflow backdooring
- Microsoft Defender CVE-2026-41091 / CVE-2026-45498 exploitation
- Mini Shai-Hulud npm/PyPI worm campaign
- Mr_Rot13 cPanel CVE-2026-41940 backdoor campaign
- node-ipc 2026 npm maintainer-account compromise
- Nx Console VS Code extension compromise
- Okta support-system compromise
- Ollama P2P cryptominer RAT campaign
- Polymarket npm wallet-drainer packages
- SANDWORM_MODE AI-toolchain npm worm
- ScarCruft Yanbian game-platform supply-chain attack
- shopsprint/decimal Go typosquat DNS backdoor
- TamperedChef-style productivity malware clusters
- tj-actions and reviewdog compromise
- TrapDoor crypto-stealer cross-ecosystem campaign
- Trend Micro Apex One CVE-2026-34926 exploitation
- Trivy compromise
- Trivy → TeamPCP → CanisterWorm: compromise timeline
- Xinference PyPI compromise
- XZ Utils backdoor
OYSTERBLUES
OYSTERFRESH
OYSTERSHUCK
P2P
package-takeover
Packagist
page poisoning
patterns
pe_to_shellcode
people
persistence
- Bitwarden / Checkmarx Shai-Hulud Third Coming campaign
- CanisterWorm
- Nx Console VS Code extension compromise
- Ollama P2P cryptominer RAT campaign
- ROADtools
- Showboat
- TamperedChef-style productivity malware clusters
- TeamPCP
- TrapDoor crypto-stealer cross-ecosystem campaign
- Trivy compromise
- Trivy → TeamPCP → CanisterWorm: compromise timeline
phishing
PHP
pig-butchering
Piriform
Polymarket
portmap
post-exploitation
PostgreSQL
postinstall
PowerShell
PPtP
PRC
PRC-aligned
private-key theft
privilege escalation
prompt-injection
- HackerBot Claw GitHub Actions exploitation campaign
- SANDWORM_MODE AI-toolchain npm worm
- TrapDoor crypto-stealer cross-ecosystem campaign
PROMPTFLUX
PROMPTSPY
proxy
psychological operations
public file-transfer exfiltration
public sector
pwn-request
PyPI
- LiteLLM compromise
- Mini Shai-Hulud npm/PyPI worm campaign
- TrapDoor crypto-stealer cross-ecosystem campaign
- Xinference PyPI compromise
Python
RAM disk
ransomware
RAT
- Ollama P2P cryptominer RAT campaign
- RemotePE
- Screening Serpens
- TamperedChef-style productivity malware clusters
Reality
Reaper
recovery denial
recruitment lures
Redis backdoor
release tampering
remote access
remote code execution
RemotePE
RemotePELoader
reviewdog
RingH23
ROADrecon
ROADtools
roadtx
RokRAT
root execution
rootkit
RubyGems
Runner.Worker
Russia
Russia-nexus
Russian-speaking forums
Rust
sabotage
Safari
ScarCruft
ScreenConnect
script-injection
secret exposure
secrets
- CircleCI 2023 customer secret exposure incident
- Codecov Bash Uploader compromise
- GitHub Actions deployment poisoning
Seedworm
sendit.sh
session hijacking
session theft
ShadowPad
Shai-Hulud
- Bitwarden / Checkmarx Shai-Hulud Third Coming campaign
- Mini Shai-Hulud npm/PyPI worm campaign
- SANDWORM_MODE AI-toolchain npm worm
shared hosting
shared secrets
signed updates
sleeper packages
SLSA
SmartScreen
smishing
social engineering
SOCKS5
South Africa
South Korea
Southeast Asia
spearphishing
SQL injection
SSH
SSH key persistence
SSH persistence
SSRF
state-linked
Static Kitten
stealer
storage deletion
supply-chain
- 3CX desktop app compromise
- actions-cool GitHub Actions tag compromise
- AI-augmented adversary operations
- APT29
- art-template Coruna-style iOS watering-hole compromise
- Bitwarden / Checkmarx Shai-Hulud Third Coming campaign
- BufferZoneCorp RubyGems / Go module CI poisoning
- CanisterWorm
- Codecov Bash Uploader compromise
- Funnull RingH23 and MacCMS supply-chain attacks
- GitHub / Packagist postinstall hook campaign
- GitHub Actions deployment poisoning
- HackerBot Claw
- HackerBot Claw GitHub Actions exploitation campaign
- JiaT75
- js-logger-pack Hugging Face exfiltration campaign
- Laravel-Lang Composer tag-rewrite compromise
- LiteLLM compromise
- Megalodon GitHub Actions workflow backdooring
- Mini Shai-Hulud npm/PyPI worm campaign
- node-ipc 2026 npm maintainer-account compromise
- Nx Console VS Code extension compromise
- Polymarket npm wallet-drainer packages
- SANDWORM_MODE AI-toolchain npm worm
- ScarCruft Yanbian game-platform supply-chain attack
- shopsprint/decimal Go typosquat DNS backdoor
- TeamPCP
- tj-actions and reviewdog compromise
- TrapDoor crypto-stealer cross-ecosystem campaign
- Trivy compromise
- Trivy → TeamPCP → CanisterWorm: compromise timeline
- Xinference PyPI compromise
- XZ Utils backdoor
tag rewrite
tag tampering
takedown
TamperedChef
TartarusGate
TeamPCP
- actions-cool GitHub Actions tag compromise
- AI-augmented adversary operations
- Bitwarden / Checkmarx Shai-Hulud Third Coming campaign
- Mini Shai-Hulud npm/PyPI worm campaign
- Nx Console VS Code extension compromise
- Trivy compromise
- Xinference PyPI compromise
TeamViewer
telecom
Telegram
Temp Zagros
tj-actions
token replay
token theft
tooling
- CanisterWorm
- HackerBot Claw
- LiteLLM compromise
- TeamPCP
- Trivy → TeamPCP → CanisterWorm: compromise timeline
tools
Trading Technologies
traffic hijacking
transnational repression
Trend Micro
Twilio
typosquat
typosquatting
- Funnull RingH23 and MacCMS supply-chain attacks
- SANDWORM_MODE AI-toolchain npm worm
- shopsprint/decimal Go typosquat DNS backdoor
Udev persistence
Ukraine
UNC2814
UNC4736
UNC6780
UTA0355
Views
ViewState deserialization
virtualization
VLESS
VPN
VS Code
vulnerability
- Microsoft Defender CVE-2026-41091 / CVE-2026-45498 exploitation
- Trend Micro Apex One CVE-2026-34926 exploitation
vulnerability-research
wallet replacement
wallet-drainer
wallet-theft
watering-hole
web application
web hosting
web shell
web supply chain
WebKit
webshell
Webworm
WHM
Windows
- 3CX desktop app compromise
- APT28 LNK SmartScreen bypass and CVE-2026-32202 coercion chain
- CCleaner signed-update compromise
- js-logger-pack Hugging Face exfiltration campaign
- Microsoft Defender CVE-2026-41091 / CVE-2026-45498 exploitation
- ScarCruft Yanbian game-platform supply-chain attack
- TamperedChef-style productivity malware clusters
wiper
wiper-adjacent
WireGuard
workflow backdoor
worm
- Bitwarden / Checkmarx Shai-Hulud Third Coming campaign
- CanisterWorm
- Mini Shai-Hulud npm/PyPI worm campaign
- SANDWORM_MODE AI-toolchain npm worm
- TeamPCP
- Trivy → TeamPCP → CanisterWorm: compromise timeline