EvilBit Threat Digest - Sheets, Shellcode, and SeaFlowers

Cloud-first malware roundup: GRIDTIDE uses Google Sheets as C2, PlugX evolutions, React RCE, SeaFlower wallet clones, fixes.

ZeroDay Field Notes - Supply Chains on Fire, RATs in the Shadows

Poisoned npm packages hijack AI dev tools, MIMICRAT laughs at ETW, and a Cisco zero-day's been burning since 2023. Sharpen up.

EvilBit Threat Digest - Your AI Assistant Just Ran `base64 -d | bash`

Midweek threat digest on AI-agent skill abuse, deepfake social engineering, ransomware links, Office bugs, mobile banking threats, and attack surface.

EvilBit Threat Digest - AI Honeypots, Fileless Rats, and a Very Busy January Recap

Weekly security recap on AI-driven deception, BYOVD, steganography, and crypto-enabled infostealers shaping last month's threats.

ZeroDay Field Notes - Shells in the Shadows: When Proxies Meet Zero-Days

Proxy malware is getting trickier, supply chains are still a dumpster fire, zero-days keep landing, loaders are mutating, and now we've got AI poisoning to worry about. Here's what's actually worth your time this week.

EvilBit Threat Digest: Trust Falls, But Make It Internet-Scale

Attackers leaned on other people's infrastructure this week: OAST callback services, SaaS notifications, AI/extension marketplaces, fake installers, and a very convincing lookalike 7-Zip site all did their part to make defenders question reality and make incident responders question coffee.

EvilBit Threat Digest - QR Codes, Poisoned Packages, and AI With a Side Hustle

Weekly briefing on how attackers abuse trust layers such as package registries, QR codes, AI platforms, and search ads to breach supply chains.

ZeroDay Field Notes - Implants, Exploits, and the AI Edge

Weekly briefing on AI-driven evasion, deepfake malware, cloud C2s, and smishing that bypasses 2FA, with defender-focused mitigations.

EvilBit Threat Digest - Proxies, Poisoned Installers, and the Taxman's PDF

Your midweek security digest covers deceptive traffic origins, malicious installers, and trusted delivery channels that threaten credentials and endpoints.

EvilBit Threat Digest: DNS Side-Channels, Admin UIs, and the Long Tail of Defaults

Threat digest on DNS as control plane via compromised routers and shadow resolvers, weak admin interfaces, evolving scams, and AI-enabled risk.

ZeroDay Field Notes - Tradecraft, Takeovers, and the Tools That Keep Giving

Explores firmware and extension-era attack chains - from UEFI boot-service hooks to Android/Windows RATs, NFC data exfil, and supply-chain risks.

EvilBit Threat Digest - RTFs, Rogue Plugins, and a Side of Credential Theft

A digest of threats from weaponized RTFs and rogue editor extensions, plus credential-stealing campaigns, supply-chain abuses, and defender tips.

supply-chain

EvilBit Threat Digest - When the Update Server is Lying to You

Threat digest on attackers abusing trusted services - from update servers to cloud mail - turning trust into a weapon and evading detection.

security

ZeroDay Field Notes - Your Tools Are Turning On You

Your compliance dashboard is green. Your patching metrics satisfy the auditors. The attackers are still inside.

infrastructure

EvilBit Threat Digest - EvilBit Threat Digest: When Infrastructure Becomes a Weapon and Trust Turns Toxic

Threat actors weaponize infrastructure at scale, from wipers targeting power grids to supply-chain malware and browser extensions that act as C2.

phishing

EvilBit Threat Digest - Phishing, AI-agent Risks & Malware

Roundup: LastPass phishing, ErrTraffic ClickFix, BlueNoroff macOS/supply-chain attacks, MCP AI-agent risks, and WordPress/mJobtime exploits.

fortinet

ZeroDay Field Notes - Your Firewall is a Liar, and Your IDE is a Snitch

Fortinet firewalls compromised despite patches, malicious VS Code AI extensions steal code from 1.5M developers, and phishing kits exploit trusted cloud platforms.

voidlink

EvilBit Threat Digest - Kernel Rootkits Get a Cloud-Native Upgrade

VoidLink malware compiles custom kernel rootkits on-demand, plus critical n8n and WordPress vulnerabilities, DLL side-loading campaigns, and more threats analyzed.

deserialization

EvilBit Threat Digest - The Deserialization Blues

Critical RCE flaws in Sitecore, HPE OneView, and Magento face active exploitation. Plus: OAuth phishing tricks, RMM tool abuse, and new cloud-native Linux malware.

malware

ZeroDay Field Notes - When Your Build Path Becomes Your Fingerprint

Weekly analysis of evasion and OPSEC failures: hardware-breakpoint AMSI bypass, unstripped Rust build paths ('Jacob'), cloud-native VoidLink, and markdown exfil.

phishing

EvilBit Threat Digest - When Tables Become Traps and Trust Turns Toxic

Attackers weaponize trust with HTML QR phishing, multi-stage AsyncRAT, fake Fortinet VPNs, OAST campaigns, LLM SSRF, SSH and RMM abuse.

cybersecurity

EvilBit Threat Digest - EvilBit Threat Digest: The Walls Have AI Ears

Knownsec leak exposes Chinese cyber-espionage tools, npm supply-chain attacks use blockchain C2, malicious Chrome extensions steal AI chats, and WhatsApp becomes a worm vector.

infosec

ZeroDay Field Notes - When Package Managers Become Trojan Horses and AI Safety Gets Weaponized

Offensive-focused notes on npm supply chain backdoors, Pyarmor stealth stealers, socially engineered RATs, GRU phishing, and weaponized AI safety.

cybersecurity

EvilBit Threat Digest - Turning the Tables: When Deception Becomes Defense

Newsletter on Resecurity's honeypot win, FortiWeb 0-day exploitation, and Chinese Office Assistant supply chain browser plugin attack.