kimsuky
ZeroDay Field Notes - When the same names keep showing up
Kimsuky's credential playbook, Docker API miners, SystemBC's ransomware empire, RomCom zero-day chains, and why your extensions are someone else's red team.
UncleSp1d3r
I'm a computer security pro who loves creating custom tools. I'm all about building secure systems and diving into Rust and GoLang. Let's connect and team up!
supply-chain
ZeroDay Field Notes - supply-chain backdoors surge
TeamPCP supply-chain attacks hit PyPI and npm, GlassWorm returns with unkillable Solana C2, and new fileless primitives ForsHops and FlipSwitch raise the stealth bar.
supply-chain
ZeroDay Field Notes - Chains That Bind
Supply chain cascades, blockchain C2, browser encryption bypasses, and 20-hour exploit weaponization. UncleSp1d3r breaks down the chains.
supply-chain
ZeroDay Field Notes - Shadows in the Supply Chain
Process hollowing, Deno signing abuse, build-time supply chain poisoning, and AOT evasion: this week's techniques dissected for operators.
blockchain
ZeroDay Field Notes - Blockchain Backdoors and Runtime Ruses
A snapshot of rising cyber threats: blockchain-backed C2, fileless runtimes, IoT botnets, and state-sponsored intrusions shaping modern operations.
macos
EvilBit Threat Digest: Free-Trial C2, Copy/Paste Compromise, and iPhones on the Menu
Weekly threat digest on how free trials, copy/paste install guides, and trusted tech boundaries are weaponized, with actionable defenses.
zero-days
ZeroDay Field Notes - Chains, RATs, and the Art of Staying Invisible
A red-team roundup of chaining zero-days, browser rats, air-gap hops, and evasive phishing techniques for stealthy ops.
supply-chain
ZeroDay Field Notes - Supply Chains on Fire, RATs in the Shadows
Poisoned npm packages hijack AI dev tools, MIMICRAT laughs at ETW, and a Cisco zero-day's been burning since 2023. Sharpen up.
ai-agent
EvilBit Threat Digest - Your AI Assistant Just Ran `base64 -d | bash`
Midweek threat digest on AI-agent skill abuse, deepfake social engineering, ransomware links, Office bugs, mobile banking threats, and attack surface.
proxy
ZeroDay Field Notes - Shells in the Shadows: When Proxies Meet Zero-Days
Proxy malware is getting trickier, supply chains are still a dumpster fire, zero-days keep landing, loaders are mutating, and now we've got AI poisoning to worry about. Here's what's actually worth your time this week.
EvilBit Threat Digest: Trust Falls, But Make It Internet-Scale
Attackers leaned on other people's infrastructure this week: OAST callback services, SaaS notifications, AI/extension marketplaces, fake installers, and a very convincing lookalike 7-Zip site all did their part to make defenders question reality and make incident responders question coffee.
supply-chain
EvilBit Threat Digest - QR Codes, Poisoned Packages, and AI With a Side Hustle
Weekly briefing on how attackers abuse trust layers such as package registries, QR codes, AI platforms, and search ads to breach supply chains.