lunaspy
ZeroDay Field Notes - Preloaded Hardware, Fileless RMM Drops, and Supply-Chain Backdoors
Preloaded LunaSpy phones, in-memory ScreenConnect drops, npm typosquats stealing SSH keys, two Cisco ISE 9.9s. Disk is for chumps this week.
EvilBit Threat Digest - Features, Until They're Evidence
Operational trust abused at machine speed: Axios, prt-scan, EvilTokens, Storm-1175, PolyShell, ComfyUI. Features, until they're evidence.
EvilBit Threat Digest - Trust, But Check the Package Manager
Supply chain compromises dominate the week: axios attribution lands, CI/CD blast radius widens, and phishing kits shrug off takedowns.
ZeroDay Field Notes - supply-chain backdoors surge
TeamPCP supply-chain attacks hit PyPI and npm, GlassWorm returns with unkillable Solana C2, and new fileless primitives ForsHops and FlipSwitch raise the stealth bar.
EvilBit Threat Digest - Gateways on Fire, Dependencies with Teeth
Active RCE in F5 BIG-IP APM, a nation-state npm supply-chain compromise, and macOS ClickFix stealer. April 1, but none of this is a joke.
EvilBit Threat Digest - The Permissions We Granted
There is a particular kind of exhaustion that comes from watching the same trust model break in five different ways before Friday. CI/CD credentials as skeleton keys, a Python runtime weaponized for ambient persistence, and phishing that sounds like bureaucracy.
ZeroDay Field Notes - Chains That Bind
Supply chain cascades, blockchain C2, browser encryption bypasses, and 20-hour exploit weaponization. UncleSp1d3r breaks down the chains.
EvilBit Threat Digest - Wipers in the Cluster, Thieves in the Toolchain
Wipers riding Kubernetes, supply chains turned inside out, and "trusted" platforms doing the con's heavy lifting. This week's threats hide where you already look.
EvilBit Threat Digest - Ghosts in the Pipeline
Trust failures defined the week: poisoned CI tags, stealthy C2, real-time phishing theft, and patch priorities defenders cannot ignore.
ZeroDay Field Notes - Shadows in the Supply Chain
Process hollowing, Deno signing abuse, build-time supply chain poisoning, and AOT evasion: this week's techniques dissected for operators.
EvilBit Threat Digest - The Week the Toolchain Bit Back
Weekly digest of self-propagating supply-chain worms, credential pivots into cloud data, and social engineering driving trust abuse in vendors …and it’s only halfway over.
EvilBit Threat Digest - Wipes, Wormholes, and Weaponized Admin Panels
A summary of threats abusing identity and cloud admin tools to weaponize admin consoles, with supply-chain and phishing trends.
ZeroDay Field Notes - Blockchain Backdoors and Runtime Ruses
A snapshot of rising cyber threats: blockchain-backed C2, fileless runtimes, IoT botnets, and state-sponsored intrusions shaping modern operations.