apple
EvilBit Threat Digest - Apple Drops a May Patch Bomb, Supply Chains Take Another Hit
Apple's May patch bomb hits every OS, Mini Shai-Hulud poisons 170 npm packages, and DPRK laptop-farm enablers each catch 18 months.
EvilBit Threat Digest - Patch Tuesday leftovers and supply-chain hangovers
Patch volume was up this week. The louder stories came from attackers abusing trust at the edges of developer workflows, AI tooling, and government portals.
ZeroDay Field Notes - Preloaded Hardware, Fileless RMM Drops, and Supply-Chain Backdoors
Preloaded LunaSpy phones, in-memory ScreenConnect drops, npm typosquats stealing SSH keys, two Cisco ISE 9.9s. Disk is for chumps this week.
EvilBit Threat Digest - Patch Now or Pray Later: Nightmare-Eclipse, VPN Pivots, and Four Fresh Android Bankers
Nightmare-Eclipse Defender LPEs land in real intrusions, four Android bankers share 800+ targets, and Claude helps hijack BuddyBoss WordPress.
EvilBit Threat Digest - EvilBit Threat Digest: Copy, Paste, Regret
Developers lured through Slack, macOS users tricked into pasting malware, AI prompt injection in government, and NHS domains hijacked.
ZeroDay Field Notes - When the same names keep showing up
Kimsuky's credential playbook, Docker API miners, SystemBC's ransomware empire, RomCom zero-day chains, and why your extensions are someone else's red team.
EvilBit Threat Digest - Features, Until They're Evidence
Operational trust abused at machine speed: Axios, prt-scan, EvilTokens, Storm-1175, PolyShell, ComfyUI. Features, until they're evidence.
EvilBit Threat Digest - Trust, But Check the Package Manager
Supply chain compromises dominate the week: axios attribution lands, CI/CD blast radius widens, and phishing kits shrug off takedowns.
ZeroDay Field Notes - supply-chain backdoors surge
TeamPCP supply-chain attacks hit PyPI and npm, GlassWorm returns with unkillable Solana C2, and new fileless primitives ForsHops and FlipSwitch raise the stealth bar.
EvilBit Threat Digest - Gateways on Fire, Dependencies with Teeth
Active RCE in F5 BIG-IP APM, a nation-state npm supply-chain compromise, and macOS ClickFix stealer. April 1, but none of this is a joke.
EvilBit Threat Digest - The Permissions We Granted
There is a particular kind of exhaustion that comes from watching the same trust model break in five different ways before Friday. CI/CD credentials as skeleton keys, a Python runtime weaponized for ambient persistence, and phishing that sounds like bureaucracy.
ZeroDay Field Notes - Chains That Bind
Supply chain cascades, blockchain C2, browser encryption bypasses, and 20-hour exploit weaponization. UncleSp1d3r breaks down the chains.
EvilBit Threat Digest - Wipers in the Cluster, Thieves in the Toolchain
Wipers riding Kubernetes, supply chains turned inside out, and "trusted" platforms doing the con's heavy lifting. This week's threats hide where you already look.