supply-chain

supply-chain

ZeroDay Field Notes - Supply Chains on Fire, RATs in the Shadows

Poisoned npm packages hijack AI dev tools, MIMICRAT laughs at ETW, and a Cisco zero-day's been burning since 2023. Sharpen up.

supply-chain

EvilBit Threat Digest - QR Codes, Poisoned Packages, and AI With a Side Hustle

Weekly briefing on how attackers abuse trust layers such as package registries, QR codes, AI platforms, and search ads to breach supply chains.

supply-chain

EvilBit Threat Digest - When the Update Server is Lying to You

Threat digest on attackers abusing trusted services - from update servers to cloud mail - turning trust into a weapon and evading detection.

phishing

EvilBit Threat Digest - Phishing, AI-agent Risks & Malware

Roundup: LastPass phishing, ErrTraffic ClickFix, BlueNoroff macOS/supply-chain attacks, MCP AI-agent risks, and WordPress/mJobtime exploits.

fortinet

ZeroDay Field Notes - Your Firewall is a Liar, and Your IDE is a Snitch

Fortinet firewalls compromised despite patches, malicious VS Code AI extensions steal code from 1.5M developers, and phishing kits exploit trusted cloud platforms.

cybersecurity

EvilBit Threat Digest - EvilBit Threat Digest: The Walls Have AI Ears

Knownsec leak exposes Chinese cyber-espionage tools, npm supply-chain attacks use blockchain C2, malicious Chrome extensions steal AI chats, and WhatsApp becomes a worm vector.

infosec

ZeroDay Field Notes - When Package Managers Become Trojan Horses and AI Safety Gets Weaponized

Offensive-focused notes on npm supply chain backdoors, Pyarmor stealth stealers, socially engineered RATs, GRU phishing, and weaponized AI safety.

cybersecurity

EvilBit Threat Digest - Turning the Tables: When Deception Becomes Defense

Newsletter on Resecurity's honeypot win, FortiWeb 0-day exploitation, and Chinese Office Assistant supply chain browser plugin attack.

insider-threat

EvilBit Threat Digest - New Year Breaches and Phishing at Scale

KryptoKat analyzes Coupang's 33.7M-record insider breach, GlassWorm's macOS pivot with Solana C2, Silver Fox tax-themed phishing in India, and Intellexa sanctions reversal.

supply-chain

ZeroDay Field Notes - New Year, Same Threat Actors: Supply-Chain Mayhem and APT Innovation

React/Next.js exploits compromise 59K servers, browser extensions steal $7M in crypto, and APT groups deploy kernel rootkits for stealthy persistence.

supply-chain

EvilBit Threat Digest - When Your Browser and Build Pipeline Become the Backdoor

Supply-chain attacks target Maven Central with Cobalt Strike, Firefox extensions hide malware in PNG pixels, and APT groups weaponize DNS to hijack software updates.

fortinet

EvilBit Threat Digest - This Week in Security: Burning Platforms and Broken Trust

Fortinet and Cisco zero-days, React RCE, Kimwolf botnet, Node.js malware, parked domain abuse, NuGet typosquat, and new Nessus plugins.