EvilBit Threat Digest - EvilBit Threat Digest: Copy, Paste, Regret

Developers lured through Slack, macOS users tricked into pasting malware, AI prompt injection in government, and NHS domains hijacked.

ZeroDay Field Notes - When the same names keep showing up

Kimsuky's credential playbook, Docker API miners, SystemBC's ransomware empire, RomCom zero-day chains, and why your extensions are someone else's red team.

EvilBit Threat Digest - Features, Until They're Evidence

Operational trust abused at machine speed: Axios, prt-scan, EvilTokens, Storm-1175, PolyShell, ComfyUI. Features, until they're evidence.

EvilBit Threat Digest - Trust, But Check the Package Manager

Supply chain compromises dominate the week: axios attribution lands, CI/CD blast radius widens, and phishing kits shrug off takedowns.

ZeroDay Field Notes - supply-chain backdoors surge

TeamPCP supply-chain attacks hit PyPI and npm, GlassWorm returns with unkillable Solana C2, and new fileless primitives ForsHops and FlipSwitch raise the stealth bar.

EvilBit Threat Digest - Gateways on Fire, Dependencies with Teeth

Active RCE in F5 BIG-IP APM, a nation-state npm supply-chain compromise, and macOS ClickFix stealer. April 1, but none of this is a joke.

EvilBit Threat Digest - The Permissions We Granted

There is a particular kind of exhaustion that comes from watching the same trust model break in five different ways before Friday. CI/CD credentials as skeleton keys, a Python runtime weaponized for ambient persistence, and phishing that sounds like bureaucracy.

ZeroDay Field Notes - Chains That Bind

Supply chain cascades, blockchain C2, browser encryption bypasses, and 20-hour exploit weaponization. UncleSp1d3r breaks down the chains.

EvilBit Threat Digest - Wipers in the Cluster, Thieves in the Toolchain

Wipers riding Kubernetes, supply chains turned inside out, and "trusted" platforms doing the con's heavy lifting. This week's threats hide where you already look.

EvilBit Threat Digest - Ghosts in the Pipeline

Trust failures defined the week: poisoned CI tags, stealthy C2, real-time phishing theft, and patch priorities defenders cannot ignore.

ZeroDay Field Notes - Shadows in the Supply Chain

Process hollowing, Deno signing abuse, build-time supply chain poisoning, and AOT evasion: this week's techniques dissected for operators.

EvilBit Threat Digest - The Week the Toolchain Bit Back

Weekly digest of self-propagating supply-chain worms, credential pivots into cloud data, and social engineering driving trust abuse in vendors …and it’s only halfway over.

admin-console

EvilBit Threat Digest - Wipes, Wormholes, and Weaponized Admin Panels

A summary of threats abusing identity and cloud admin tools to weaponize admin consoles, with supply-chain and phishing trends.

blockchain

ZeroDay Field Notes - Blockchain Backdoors and Runtime Ruses

A snapshot of rising cyber threats: blockchain-backed C2, fileless runtimes, IoT botnets, and state-sponsored intrusions shaping modern operations.

macos

EvilBit Threat Digest: Free-Trial C2, Copy/Paste Compromise, and iPhones on the Menu

Weekly threat digest on how free trials, copy/paste install guides, and trusted tech boundaries are weaponized, with actionable defenses.

rust

EvilBit Threat Digest - Rusty Backdoors, Phishing Kit Takedowns, and the Infrastructure Arms Race

Threat digest on Rust-based backdoors, phishing-kit takedowns, SSL graph-based threat hunting, AI prompt-injection exploits, and Cisco advisories.

zero-days

ZeroDay Field Notes - Chains, RATs, and the Art of Staying Invisible

A red-team roundup of chaining zero-days, browser rats, air-gap hops, and evasive phishing techniques for stealthy ops.

geopolitics

EvilBit Threat Digest - Blackouts, Backdoors, and Browser Brainworms

A cross-cutting security digest on geopolitics shaping outages, new APT chains, AI prompt risks, cryptomining, and pragmatic patching guidance.

gridtide

EvilBit Threat Digest - Sheets, Shellcode, and SeaFlowers

Cloud-first malware roundup: GRIDTIDE uses Google Sheets as C2, PlugX evolutions, React RCE, SeaFlower wallet clones, fixes.

supply-chain

ZeroDay Field Notes - Supply Chains on Fire, RATs in the Shadows

Poisoned npm packages hijack AI dev tools, MIMICRAT laughs at ETW, and a Cisco zero-day's been burning since 2023. Sharpen up.

ai-agent

EvilBit Threat Digest - Your AI Assistant Just Ran `base64 -d | bash`

Midweek threat digest on AI-agent skill abuse, deepfake social engineering, ransomware links, Office bugs, mobile banking threats, and attack surface.

ai

EvilBit Threat Digest - AI Honeypots, Fileless Rats, and a Very Busy January Recap

Weekly security recap on AI-driven deception, BYOVD, steganography, and crypto-enabled infostealers shaping last month's threats.

proxy

ZeroDay Field Notes - Shells in the Shadows: When Proxies Meet Zero-Days

Proxy malware is getting trickier, supply chains are still a dumpster fire, zero-days keep landing, loaders are mutating, and now we've got AI poisoning to worry about. Here's what's actually worth your time this week.

EvilBit Threat Digest: Trust Falls, But Make It Internet-Scale

Attackers leaned on other people's infrastructure this week: OAST callback services, SaaS notifications, AI/extension marketplaces, fake installers, and a very convincing lookalike 7-Zip site all did their part to make defenders question reality and make incident responders question coffee.