EvilBit Threat Digest - Network Edge Pummeled, Supply-Chain Worms Get Better, AI Starts Finding the Bugs
Cisco SD-WAN CVSS 10.0 under active exploit, May Patch Tuesday brings a wormable Windows DNS Client RCE, and the npm worm reaches OpenAI.
Latest
EvilBit Threat Digest - Apple Drops a May Patch Bomb, Supply Chains Take Another Hit
Apple's May patch bomb hits every OS, Mini Shai-Hulud poisons 170 npm packages, and DPRK laptop-farm enablers each catch 18 months.
EvilBit Threat Digest - Supply Chains, Session Tokens, and a Page Cache That Doesn't Care About Containers
Copy Fail kernel LPE traverses containers, Microsoft AiTM hits 35,000 users, cPanel auth bypass on KEV, and three federal sentencings.
EvilBit Threat Digest - Supply Chains That Keep on Giving
Dual-RMM phishing hits 80+ orgs, cPanel and MOVEit auth bypasses under active exploit, APT28 keeps hijacking routers for M365 token theft.
EvilBit Threat Digest: Supply-Chain Mayhem and Insider Roulette
BlackCat insiders draw 4-year sentences, ShinyHunters AI-vishes ADT and Medtronic, and Mini Shai-Hulud worms its way into more npm packages.
EvilBit Threat Digest - Patch Tuesday leftovers and supply-chain hangovers
Patch volume was up this week. The louder stories came from attackers abusing trust at the edges of developer workflows, AI tooling, and government portals.
ZeroDay Field Notes - Preloaded Hardware, Fileless RMM Drops, and Supply-Chain Backdoors
Preloaded LunaSpy phones, in-memory ScreenConnect drops, npm typosquats stealing SSH keys, two Cisco ISE 9.9s. Disk is for chumps this week.
EvilBit Threat Digest - Patch Now or Pray Later: Nightmare-Eclipse, VPN Pivots, and Four Fresh Android Bankers
Nightmare-Eclipse Defender LPEs land in real intrusions, four Android bankers share 800+ targets, and Claude helps hijack BuddyBoss WordPress.
EvilBit Threat Digest - EvilBit Threat Digest: Copy, Paste, Regret
Developers lured through Slack, macOS users tricked into pasting malware, AI prompt injection in government, and NHS domains hijacked.
ZeroDay Field Notes - When the same names keep showing up
Kimsuky's credential playbook, Docker API miners, SystemBC's ransomware empire, RomCom zero-day chains, and why your extensions are someone else's red team.
EvilBit Threat Digest - Features, Until They're Evidence
Operational trust abused at machine speed: Axios, prt-scan, EvilTokens, Storm-1175, PolyShell, ComfyUI. Features, until they're evidence.
EvilBit Threat Digest - Trust, But Check the Package Manager
Supply chain compromises dominate the week: axios attribution lands, CI/CD blast radius widens, and phishing kits shrug off takedowns.
supply-chain
ZeroDay Field Notes - supply-chain backdoors surge
TeamPCP supply-chain attacks hit PyPI and npm, GlassWorm returns with unkillable Solana C2, and new fileless primitives ForsHops and FlipSwitch raise the stealth bar.
f5-big-ip
EvilBit Threat Digest - Gateways on Fire, Dependencies with Teeth
Active RCE in F5 BIG-IP APM, a nation-state npm supply-chain compromise, and macOS ClickFix stealer. April 1, but none of this is a joke.
supply-chain
EvilBit Threat Digest - The Permissions We Granted
There is a particular kind of exhaustion that comes from watching the same trust model break in five different ways before Friday. CI/CD credentials as skeleton keys, a Python runtime weaponized for ambient persistence, and phishing that sounds like bureaucracy.
supply-chain
ZeroDay Field Notes - Chains That Bind
Supply chain cascades, blockchain C2, browser encryption bypasses, and 20-hour exploit weaponization. UncleSp1d3r breaks down the chains.
kubernetes
EvilBit Threat Digest - Wipers in the Cluster, Thieves in the Toolchain
Wipers riding Kubernetes, supply chains turned inside out, and "trusted" platforms doing the con's heavy lifting. This week's threats hide where you already look.
supply-chain
EvilBit Threat Digest - Ghosts in the Pipeline
Trust failures defined the week: poisoned CI tags, stealthy C2, real-time phishing theft, and patch priorities defenders cannot ignore.
supply-chain
ZeroDay Field Notes - Shadows in the Supply Chain
Process hollowing, Deno signing abuse, build-time supply chain poisoning, and AOT evasion: this week's techniques dissected for operators.
supply-chain
EvilBit Threat Digest - The Week the Toolchain Bit Back
Weekly digest of self-propagating supply-chain worms, credential pivots into cloud data, and social engineering driving trust abuse in vendors …and it’s only halfway over.
admin-console
EvilBit Threat Digest - Wipes, Wormholes, and Weaponized Admin Panels
A summary of threats abusing identity and cloud admin tools to weaponize admin consoles, with supply-chain and phishing trends.
blockchain
ZeroDay Field Notes - Blockchain Backdoors and Runtime Ruses
A snapshot of rising cyber threats: blockchain-backed C2, fileless runtimes, IoT botnets, and state-sponsored intrusions shaping modern operations.
macos
EvilBit Threat Digest: Free-Trial C2, Copy/Paste Compromise, and iPhones on the Menu
Weekly threat digest on how free trials, copy/paste install guides, and trusted tech boundaries are weaponized, with actionable defenses.
rust
EvilBit Threat Digest - Rusty Backdoors, Phishing Kit Takedowns, and the Infrastructure Arms Race
Threat digest on Rust-based backdoors, phishing-kit takedowns, SSL graph-based threat hunting, AI prompt-injection exploits, and Cisco advisories.