trust
EvilBit Threat Digest - EvilBit Threat Digest: Copy, Paste, Regret
Developers lured through Slack, macOS users tricked into pasting malware, AI prompt injection in government, and NHS domains hijacked.
KryptoKat
Hobbyist dev & experienced Vulnerability Analyst. Masters graduate and CISSP holder, Linux/Python enthusiast, cybersecurity evangelist, and network security nerd.
axios
EvilBit Threat Digest - Features, Until They're Evidence
Operational trust abused at machine speed: Axios, prt-scan, EvilTokens, Storm-1175, PolyShell, ComfyUI. Features, until they're evidence.
supply-chain
EvilBit Threat Digest - Trust, But Check the Package Manager
Supply chain compromises dominate the week: axios attribution lands, CI/CD blast radius widens, and phishing kits shrug off takedowns.
f5-big-ip
EvilBit Threat Digest - Gateways on Fire, Dependencies with Teeth
Active RCE in F5 BIG-IP APM, a nation-state npm supply-chain compromise, and macOS ClickFix stealer. April 1, but none of this is a joke.
supply-chain
EvilBit Threat Digest - The Permissions We Granted
There is a particular kind of exhaustion that comes from watching the same trust model break in five different ways before Friday. CI/CD credentials as skeleton keys, a Python runtime weaponized for ambient persistence, and phishing that sounds like bureaucracy.
kubernetes
EvilBit Threat Digest - Wipers in the Cluster, Thieves in the Toolchain
Wipers riding Kubernetes, supply chains turned inside out, and "trusted" platforms doing the con's heavy lifting. This week's threats hide where you already look.
supply-chain
EvilBit Threat Digest - Ghosts in the Pipeline
Trust failures defined the week: poisoned CI tags, stealthy C2, real-time phishing theft, and patch priorities defenders cannot ignore.
supply-chain
EvilBit Threat Digest - The Week the Toolchain Bit Back
Weekly digest of self-propagating supply-chain worms, credential pivots into cloud data, and social engineering driving trust abuse in vendors …and it’s only halfway over.
admin-console
EvilBit Threat Digest - Wipes, Wormholes, and Weaponized Admin Panels
A summary of threats abusing identity and cloud admin tools to weaponize admin consoles, with supply-chain and phishing trends.
rust
EvilBit Threat Digest - Rusty Backdoors, Phishing Kit Takedowns, and the Infrastructure Arms Race
Threat digest on Rust-based backdoors, phishing-kit takedowns, SSL graph-based threat hunting, AI prompt-injection exploits, and Cisco advisories.
geopolitics
EvilBit Threat Digest - Blackouts, Backdoors, and Browser Brainworms
A cross-cutting security digest on geopolitics shaping outages, new APT chains, AI prompt risks, cryptomining, and pragmatic patching guidance.
gridtide
EvilBit Threat Digest - Sheets, Shellcode, and SeaFlowers
Cloud-first malware roundup: GRIDTIDE uses Google Sheets as C2, PlugX evolutions, React RCE, SeaFlower wallet clones, fixes.