EvilBit Threat Digest - Malicious Extensions, APT Overlap, Mobile Banking Malware

4.3M malicious extensions, evolving npm worm and BEC, overlapping APTs, advanced Android banking trojans, and a Rust-based Linux APT toolkit.

EvilBit Threat Digest - When the Supply Chain Eats Itself

Two weeks of supply chain chaos: npm worm hijacks repos, OAuth integrations abused, APTs use cloud C2, and IoT botnets test massive DDoS.

ZeroDay Field Notes - When Pixels Hide Payloads and Trust Gets Weaponized

From PNG-steganography payloads to dev-tool supply chain compromises, attackers scale obfuscation and weaponize trust across platforms.

EvilBit Threat Digest - When AI Turns on Itself and Attackers Go Kinetic

Iranian APTs enabling kinetic strikes, AI botnet via Ray RCE, creative malware via Blender, WhatsApp, homoglyphs, and critical patches.

EvilBit Threat Digest - OAuth Tokens and Other People's Problems

We faced a sprawling mess of supply chain compromises, state-sponsored espionage campaigns, insider threats, mobile malware that bypasses end-to-end encryption, and router hijacking this week.

ZeroDay Field Notes - Payloads in the Browser, Rootkits in the ATM

EDR evasion with RONINGLOADER, Windows admin bypass, browser push C2, router AitM updates, Lazarus tweaks, and an ATM heist with a Pi.

EvilBit Threat Digest: Steganography Shenanigans and Espionage Escalations

Weekly digest: stego loaders, stealers, APT espionage on aerospace and policy orgs, VDI pivots, and critical RHEL and OT patch updates.

EvilBit Threat Digest - Patches, Leaks, and AI Sneaks: The Week That Kept on Giving

Weekly cybersecurity digest: vendor patches and exploits, major data leaks, evolving malware and autonomous AI-orchestrated espionage, and ransomware fragmentation.

ZeroDay Field Notes: Shells, Shadows, and Sandbox Escapes

APT chains hitting Citrix and Cisco with stealthy webshells, new RATs and a Go packer boosting EDR evasion; also destructive ops and proxy C2.

EvilBit Threat Digest - The Long November: Patch Tuesday, Zero-Days, and Attackers’ Creativity

A roundup of November’s critical patches, active exploits, APT campaigns, supply chain attacks, and evolving phishing threats.

EvilBit Threat Digest - Cloudy with a Chance of Backups: State Actors, Zero-Days, and the RMM Ruckus

Security roundup on cloud backup breaches, critical CVEs, and malware trends, urging patching, credential rotation, MFA, and immutable backups.

ZeroDay Field Notes: Hiding in Plain Sight with Hyper-V

Explores using Hyper-V as a covert hideout for stealthy C2 and persistence, with real-world campaigns and toolchains.

wsus

EvilBit Threat Digest - The Phantom Menace: WSUS Exploits, Android Zero-Clicks, and AI Lies

Wednesday security digest on urgent patches for WSUS and Android, new APT campaigns, and warnings about dubious AI-driven ransomware claims.

kev

EvilBit Threat Digest - A KEV-Heavy Halloween Hangover

KEV-heavy week recap: on-prem exploits (SharePoint, VMware Aria, LANSCOPE), Warlock ransomware, and the need for asset visibility.

ZeroDay Field Notes - Tricks, Treats, and Fresh Shells

A weekly security roundup of VM escapes, DLL hijacks, browser exfiltration tricks, phishing evasion, and hybrid Linux-on-Windows ransomware campaigns.

EvilBit Threat Digest - Ghosts in the Machine, Failures in the Silicon

A tour of evolving cyber threats -from state-sponsored social engineering to zero-days -emphasizing patching, defense in depth, and vigilance.

EvilBit Threat Digest - The Human Factor and the Hidden Hand

Explores how social engineering and human psychology drive modern cyber intrusions, from fake prompts to credential phishing and APT toolsets.

malware

ZeroDay Field Notes - Some Assembly Required: Your Weekly Logon Script

Weekly security roundup of new malware, exploits, supply-chain tricks, and defense notes across Linux, Windows, and cloud.

firewall

EvilBit Threat Digest - Edge of Chaos: Firewall Flaws and Cloud Fumbles

A roundup of firewall flaws and edge-security woes: WatchGuard RCE, Zyxel bypasses, eBPF rootkits, and evolving cloud threats.

f5

Sunday Edition - Sunday Edition — 2025‑10‑19

Security roundup detailing F5 compromise, Patch Tuesday Windows EoPs, GoAnywhere MFT exploit, KEV updates, and practical mitigations

f5

Special Edition - F5 breach: emergency hardening under CISA ED 26-01; KEV Windows EoPs

Time-critical guidance to inventory, isolate, patch, and rotate credentials for F5 devices; apply ED 26-01; KEV flags Windows EoPs.

patch-tuesday,

Wednesday Edition - Midweek Patchquake: WSUS RCE, Preview-Pane Traps, and the Last Hurrah for Win10

Overview of October 2025 Patch Tuesday: four high-risk flaws, patch priorities, and guidance as Windows 10 reaches end of support.

oracle

Sunday Edition - Sunday Edition: Perimeter Problems, Patching Frenzy

This week was a buffet of the usual suspects: exposed admin panels, edge gear with “please shell me” banners, an enterprise zero-day pressed into extortion, and AI browsers quietly auditioning for “Shadow IT: The Musical.” If you manage anything with a WAN IP or an upload handler, this was not

edge

Special Edition - Edge security roundup: RondoDox, Gladinet 0-day, SonicWall

Threat briefing on edge campaigns: RondoDox, phpMyAdmin poisoning, Gladinet 0-day, SonicWall backups breach, with quick defensive actions.