ZeroDay Field Notes - When Your Build Path Becomes Your Fingerprint

Weekly analysis of evasion and OPSEC failures: hardware-breakpoint AMSI bypass, unstripped Rust build paths ('Jacob'), cloud-native VoidLink, and markdown exfil.

EvilBit Threat Digest - When Tables Become Traps and Trust Turns Toxic

Attackers weaponize trust with HTML QR phishing, multi-stage AsyncRAT, fake Fortinet VPNs, OAST campaigns, LLM SSRF, SSH and RMM abuse.

EvilBit Threat Digest - EvilBit Threat Digest: The Walls Have AI Ears

Knownsec leak exposes Chinese cyber-espionage tools, npm supply-chain attacks use blockchain C2, malicious Chrome extensions steal AI chats, and WhatsApp becomes a worm vector.

ZeroDay Field Notes - When Package Managers Become Trojan Horses and AI Safety Gets Weaponized

Offensive-focused notes on npm supply chain backdoors, Pyarmor stealth stealers, socially engineered RATs, GRU phishing, and weaponized AI safety.

EvilBit Threat Digest - Turning the Tables: When Deception Becomes Defense

Newsletter on Resecurity's honeypot win, FortiWeb 0-day exploitation, and Chinese Office Assistant supply chain browser plugin attack.

EvilBit Threat Digest - New Year Breaches and Phishing at Scale

KryptoKat analyzes Coupang's 33.7M-record insider breach, GlassWorm's macOS pivot with Solana C2, Silver Fox tax-themed phishing in India, and Intellexa sanctions reversal.

ZeroDay Field Notes - New Year, Same Threat Actors: Supply-Chain Mayhem and APT Innovation

React/Next.js exploits compromise 59K servers, browser extensions steal $7M in crypto, and APT groups deploy kernel rootkits for stealthy persistence.

EvilBit Threat Digest - When Databases Leak and Developers Click: The Final Week of 2025

The threat landscape is ending the year with a bang rather than a whimper. We're seeing critical memory disclosure in one of the world's most popular databases, a ransomware group that's essentially become an industry unto itself, and supply-chain attacks have us jumping at every bump in the night.

EvilBit Threat Digest - When Your Browser and Build Pipeline Become the Backdoor

Supply-chain attacks target Maven Central with Cobalt Strike, Firefox extensions hide malware in PNG pixels, and APT groups weaponize DNS to hijack software updates.

ZeroDay Field Notes - When Your Firewall Becomes the Backdoor

Critical WatchGuard RCE exploited in the wild, 59K Next.js servers compromised, cross-platform APT36 campaigns, and code-signed macOS malware bypassing Gatekeeper.

EvilBit Threat Digest - When the Bots Come Knocking: Record DDoS, State Actors, and the Week in Malware

Record 29.7 Tbps DDoS botnet, fresh APT campaigns, mobile and browser malware, and OAuth device code phishing—what defenders must do now.

EvilBit Threat Digest - This Week in Security: Burning Platforms and Broken Trust

Fortinet and Cisco zero-days, React RCE, Kimwolf botnet, Node.js malware, parked domain abuse, NuGet typosquat, and new Nessus plugins.

srop

ZeroDay Field Notes - Sleep Tight: SROP Obfuscation and the Rise of Local AI Exploitation

Two offensive tools to watch: SROP-based sleep obfuscation for Linux implants and a local AI auto-exploitation push, with defenses and caveats.

react2shell

EvilBit Threat Digest - Multiple Actors, Multiple Platforms, Multiple Headaches

React2Shell exploitation surges, Android trojans and WhatsApp GhostPairing spread, 700Credit breach hits millions, new stealers and APT ops.

react

EvilBit Threat Digest - This Week in Security: React Like You Mean It

React2Shell RCE slams Next.js as threat actors pivot to BYOVD ransomware, eBPF rootkits, Teams scams, VS Code trojans, and OT bruteforce attacks.

react

ZeroDay Field Notes - React2Shell: From Theory to Practice in 72 Hours

React2Shell exploited within hours; patch now. Active Gladinet attacks persist. Malware tradecraft and AI-assisted reverse engineering insights.

nessus

EvilBit Threat Digest - Your Scanner Just Got Smarter

Nessus plugin refresh expands detections across Linux, QNAP, FreeBSD and PRTG, adding new CVE coverage and TLS configuration checks.

react

EvilBit Threat Digest - A Critical Reaction to the Week in Bugs

Critical React RCE sparks urgent patches as malware campaigns, APT spyware, supply-chain hits, and breaches highlight fragile digital trust.

zero-day

ZeroDay Field Notes - October-December 2025 Vulnerability and Exploit Highlights

An in-depth analysis of October-December 2025's major cybersecurity events, including pre-auth RCEs, rootkits on network switches, Windows 10's last free patches, and advanced tradecraft with blockchain C2 and AI phishing.

browser-extensions

EvilBit Threat Digest - Malicious Extensions, APT Overlap, Mobile Banking Malware

4.3M malicious extensions, evolving npm worm and BEC, overlapping APTs, advanced Android banking trojans, and a Rust-based Linux APT toolkit.

supply-chain

EvilBit Threat Digest - When the Supply Chain Eats Itself

Two weeks of supply chain chaos: npm worm hijacks repos, OAuth integrations abused, APTs use cloud C2, and IoT botnets test massive DDoS.

steganography

ZeroDay Field Notes - When Pixels Hide Payloads and Trust Gets Weaponized

From PNG-steganography payloads to dev-tool supply chain compromises, attackers scale obfuscation and weaponize trust across platforms.

ai

EvilBit Threat Digest - When AI Turns on Itself and Attackers Go Kinetic

Iranian APTs enabling kinetic strikes, AI botnet via Ray RCE, creative malware via Blender, WhatsApp, homoglyphs, and critical patches.

oauth

EvilBit Threat Digest - OAuth Tokens and Other People's Problems

We faced a sprawling mess of supply chain compromises, state-sponsored espionage campaigns, insider threats, mobile malware that bypasses end-to-end encryption, and router hijacking this week.