supply-chain
EvilBit Threat Digest - Trust, But Check the Package Manager
Supply chain compromises dominate the week: axios attribution lands, CI/CD blast radius widens, and phishing kits shrug off takedowns.
supply-chain
supply-chain
ZeroDay Field Notes - supply-chain backdoors surge
TeamPCP supply-chain attacks hit PyPI and npm, GlassWorm returns with unkillable Solana C2, and new fileless primitives ForsHops and FlipSwitch raise the stealth bar.
f5-big-ip
EvilBit Threat Digest - Gateways on Fire, Dependencies with Teeth
Active RCE in F5 BIG-IP APM, a nation-state npm supply-chain compromise, and macOS ClickFix stealer. April 1, but none of this is a joke.
supply-chain
EvilBit Threat Digest - The Permissions We Granted
There is a particular kind of exhaustion that comes from watching the same trust model break in five different ways before Friday. CI/CD credentials as skeleton keys, a Python runtime weaponized for ambient persistence, and phishing that sounds like bureaucracy.
supply-chain
ZeroDay Field Notes - Chains That Bind
Supply chain cascades, blockchain C2, browser encryption bypasses, and 20-hour exploit weaponization. UncleSp1d3r breaks down the chains.
supply-chain
EvilBit Threat Digest - Ghosts in the Pipeline
Trust failures defined the week: poisoned CI tags, stealthy C2, real-time phishing theft, and patch priorities defenders cannot ignore.
supply-chain
ZeroDay Field Notes - Shadows in the Supply Chain
Process hollowing, Deno signing abuse, build-time supply chain poisoning, and AOT evasion: this week's techniques dissected for operators.
supply-chain
EvilBit Threat Digest - The Week the Toolchain Bit Back
Weekly digest of self-propagating supply-chain worms, credential pivots into cloud data, and social engineering driving trust abuse in vendors …and it’s only halfway over.
supply-chain
ZeroDay Field Notes - Supply Chains on Fire, RATs in the Shadows
Poisoned npm packages hijack AI dev tools, MIMICRAT laughs at ETW, and a Cisco zero-day's been burning since 2023. Sharpen up.
supply-chain
EvilBit Threat Digest - QR Codes, Poisoned Packages, and AI With a Side Hustle
Weekly briefing on how attackers abuse trust layers such as package registries, QR codes, AI platforms, and search ads to breach supply chains.
supply-chain
EvilBit Threat Digest - When the Update Server is Lying to You
Threat digest on attackers abusing trusted services - from update servers to cloud mail - turning trust into a weapon and evading detection.
phishing
EvilBit Threat Digest - Phishing, AI-agent Risks & Malware
Roundup: LastPass phishing, ErrTraffic ClickFix, BlueNoroff macOS/supply-chain attacks, MCP AI-agent risks, and WordPress/mJobtime exploits.