deserialization
EvilBit Threat Digest - The Deserialization Blues
Critical RCE flaws in Sitecore, HPE OneView, and Magento face active exploitation. Plus: OAuth phishing tricks, RMM tool abuse, and new cloud-native Linux malware.
Latest
malware
ZeroDay Field Notes - When Your Build Path Becomes Your Fingerprint
Weekly analysis of evasion and OPSEC failures: hardware-breakpoint AMSI bypass, unstripped Rust build paths ('Jacob'), cloud-native VoidLink, and markdown exfil.
phishing
EvilBit Threat Digest - When Tables Become Traps and Trust Turns Toxic
Attackers weaponize trust with HTML QR phishing, multi-stage AsyncRAT, fake Fortinet VPNs, OAST campaigns, LLM SSRF, SSH and RMM abuse.
cybersecurity
EvilBit Threat Digest - EvilBit Threat Digest: The Walls Have AI Ears
Knownsec leak exposes Chinese cyber-espionage tools, npm supply-chain attacks use blockchain C2, malicious Chrome extensions steal AI chats, and WhatsApp becomes a worm vector.
infosec
ZeroDay Field Notes - When Package Managers Become Trojan Horses and AI Safety Gets Weaponized
Offensive-focused notes on npm supply chain backdoors, Pyarmor stealth stealers, socially engineered RATs, GRU phishing, and weaponized AI safety.
cybersecurity
EvilBit Threat Digest - Turning the Tables: When Deception Becomes Defense
Newsletter on Resecurity's honeypot win, FortiWeb 0-day exploitation, and Chinese Office Assistant supply chain browser plugin attack.
insider-threat
EvilBit Threat Digest - New Year Breaches and Phishing at Scale
KryptoKat analyzes Coupang's 33.7M-record insider breach, GlassWorm's macOS pivot with Solana C2, Silver Fox tax-themed phishing in India, and Intellexa sanctions reversal.
supply-chain
ZeroDay Field Notes - New Year, Same Threat Actors: Supply-Chain Mayhem and APT Innovation
React/Next.js exploits compromise 59K servers, browser extensions steal $7M in crypto, and APT groups deploy kernel rootkits for stealthy persistence.
MongoDB
EvilBit Threat Digest - When Databases Leak and Developers Click: The Final Week of 2025
The threat landscape is ending the year with a bang rather than a whimper. We're seeing critical memory disclosure in one of the world's most popular databases, a ransomware group that's essentially become an industry unto itself, and supply-chain attacks have us jumping at every bump in the night.
supply-chain
EvilBit Threat Digest - When Your Browser and Build Pipeline Become the Backdoor
Supply-chain attacks target Maven Central with Cobalt Strike, Firefox extensions hide malware in PNG pixels, and APT groups weaponize DNS to hijack software updates.
watchguard
ZeroDay Field Notes - When Your Firewall Becomes the Backdoor
Critical WatchGuard RCE exploited in the wild, 59K Next.js servers compromised, cross-platform APT36 campaigns, and code-signed macOS malware bypassing Gatekeeper.
ddos
EvilBit Threat Digest - When the Bots Come Knocking: Record DDoS, State Actors, and the Week in Malware
Record 29.7 Tbps DDoS botnet, fresh APT campaigns, mobile and browser malware, and OAuth device code phishing—what defenders must do now.