 | JINX-0164 Targeting Cryptocurrency Development Infrastructure (Campaign) | 2026-05-27 | True | [email protected] (Wiz Threat Research) | True | | |
| Supply Chain Campaign Targeting Composer and GitHub Repositories (Campaign) | 2026-05-24 | True | [email protected] (Wiz Threat Research) | True | | |
| Megalodon Campaign Backdoors GitHub Repositories via CI Workflow Compromise (Campaign) | 2026-05-22 | True | [email protected] (Wiz Threat Research) | True | | |
| TeamPCP Claims Breach of Internal GitHub Repositories (Incident) | 2026-05-20 | True | [email protected] (Wiz Threat Research) | True | | |
| New Mini-Shai-Hulud Wave Targets NPM, PyPi Packages and VSCode Extension (Campaign) | 2026-05-18 | True | [email protected] (Wiz Threat Research) | True | | |
| node-ipc npm Distribution Compromised (Campaign) | 2026-05-14 | True | [email protected] (Wiz Threat Research) | True | | |
| Tanstack and other Packages Compromised in Supply Chain Attack (Campaign) | 2026-05-11 | True | [email protected] (Wiz Threat Research) | True | | |
| DDoS Botnet Leveraging Jenkins Misconfigurations for Initial Access (Campaign) | 2026-05-10 | True | [email protected] (Wiz Threat Research) | True | | |
| Compromise of Checkmarx Jenkins AST Plugin by TeamPCP (Campaign) | 2026-05-09 | True | [email protected] (Wiz Threat Research) | True | | |
| Lightning and Intercom Packages Compromised in Supply Chain Attack (Campaign) | 2026-04-30 | True | [email protected] (Wiz Threat Research) | True | | |
| Supply Chain Campaign Targets SAP npm Packages with Credential-Stealing Malware (Campaign) | 2026-04-29 | True | [email protected] (Wiz Threat Research) | True | | |
| Critical SQL Injection Vulnerability in LiteLLM Exploited in-the-Wild (Campaign) | 2026-04-27 | True | [email protected] (Wiz Threat Research) | True | | |
| Elementary Data Compromised in Supply Chain Attack (Campaign) | 2026-04-23 | True | [email protected] (Wiz Threat Research) | True | | |
| Checkmarx KICS and Bitwarden CLI Compromised in Fresh Supply Chain Attack (Campaign) | 2026-04-22 | True | [email protected] (Wiz Threat Research) | True | | |
| Xinference Compromised in Supply Chain Attack (Campaign) | 2026-04-22 | True | [email protected] (Wiz Threat Research) | True | | |
| PolinRider Campaign: DPRK-Linked Supply Chain Attack Infects GitHub Repositories (Campaign) | 2026-04-09 | True | [email protected] (Wiz Threat Research) | True | | |
| Stolen SaaS Integration Tokens Enable Data Theft Across Snowflake Environments (Campaign) | 2026-04-07 | True | [email protected] (Wiz Threat Research) | True | | |
| UAT-10608 Campaign Abuses React2Shell for Cloud Credential Harvesting (Campaign) | 2026-04-02 | True | [email protected] (Wiz Threat Research) | True | | |
| Axios supply chain attack (Incident) | 2026-03-31 | True | [email protected] (Wiz Threat Research) | True | | |
| Apifox supply chain attack (Incident) | 2026-03-26 | True | [email protected] (Wiz Threat Research) | True | | |
| BuddyBoss supply chain attack (Incident) | 2026-03-25 | True | [email protected] (Wiz Threat Research) | True | | |
| LiteLLM supply chain attack (Incident) | 2026-03-24 | True | [email protected] (Wiz Threat Research) | True | | |
| Exploitation of S1ngularity-exposed cloud keys for lateral movement (Incident) | 2026-03-11 | True | [email protected] (Wiz Threat Research) | True | | |
| xygeni-action repository hijack (Incident) | 2026-03-09 | True | [email protected] (Wiz Threat Research) | True | | |
| PolinRider supply chain attack (Incident) | 2026-03-08 | True | [email protected] (Wiz Threat Research) | True | | |
| Trivy supply chain attack (Incident) | 2026-03-01 | True | [email protected] (Wiz Threat Research) | True | | |
| SANDWORM_MODE: Typosquatted npm Packages Used to Hijack CI Workflows (Campaign) | 2026-02-20 | True | [email protected] (Wiz Threat Research) | True | | |
| TeamPCP Cloud-Native Campaign Targeting Exposed Control Planes (Campaign) | 2026-02-05 | True | [email protected] (Wiz Threat Research) | True | | |
| Supply-Chain Hijacking of Notepad++ Updates via Hosting Provider Compromise (Campaign) | 2026-02-02 | True | [email protected] (Wiz Threat Research) | True | | |
| Supply-Chain Attack via Force Pushes on Plone GitHub Repositories (Campaign) | 2026-01-31 | True | [email protected] (Wiz Threat Research) | True | | |
| Operation Bizarre Bazaar: Commercialized LLMjacking (Campaign) | 2026-01-28 | True | [email protected] (Wiz Threat Research) | True | | |
| Cloud-Native Phishing Infrastructure via Abused AWS WorkMail (Campaign) | 2026-01-27 | True | [email protected] (Wiz Threat Research) | True | | |
| GeoServer RCE Exploited in CoinMiner Campaigns (Campaign) | 2026-01-24 | True | [email protected] (Wiz Threat Research) | True | | |
| Amadey Loader Abuses Compromised Self-Hosted GitLab to Deliver StealC Infostealer (Campaign) | 2025-12-18 | True | [email protected] (Wiz Threat Research) | True | | |
| China-nexus Campaign Exploits CVE-2025-20393 in Cisco Email Security Devices (Campaign) | 2025-12-17 | True | [email protected] (Wiz Threat Research) | True | | |
| Shai-Hulud 2.0 Supply Chain Attack (Campaign) | 2025-11-24 | True | [email protected] (Wiz Threat Research) | True | | |
| Cryptomining Campaign Exploiting Exposed Ray AI Infrastructure (Campaign) | 2025-11-19 | True | [email protected] (Wiz Threat Research) | True | | |
| Cisco ISE Vulnerability Exploited as 0day by APT (Campaign) | 2025-11-13 | True | [email protected] (Wiz Threat Research) | True | | |
| Unauthenticated Remote Access via Triofox Vulnerability Exploited by UNC6485 (Campaign) | 2025-11-12 | True | [email protected] (Wiz Threat Research) | True | | |
| Gambling Network Exploits Abandoned Subdomains (Campaign) | 2025-11-11 | True | [email protected] (Wiz Threat Research) | True | | |
| China-Linked Actors Target U.S. Policy-Oriented Non-Profit Organisations (Campaign) | 2025-11-05 | True | [email protected] (Wiz Threat Research) | True | | |
| TruffleNet Campaign Exploits AWS SES for Large-Scale Cloud Abuse and BEC Fraud (Campaign) | 2025-10-31 | True | [email protected] (Wiz Threat Research) | True | | |
| PassiveNeuron Campaign: Espionage Campaign Targeting Windows Server Environments (Campaign) | 2025-10-21 | True | [email protected] (Wiz Threat Research) | True | | |
| F5 incident (Incident) | 2025-10-15 | True | [email protected] (Wiz Threat Research) | True | | |
| eBPF Rootkit Targeting AWS and Linux Environments (Campaign) | 2025-10-14 | True | [email protected] (Wiz Threat Research) | True | | |
| Supply Chain Risk in Axis Autodesk Revit Plugin Due to Exposed Azure Storage Credentials and Revit RCE Vulnerabilities (Research) | 2025-10-08 | True | [email protected] (Wiz Threat Research) | True | | |
| Cl0p Extortion Campaign Claims Theft via Oracle E-Business Suite (Campaign) | 2025-10-02 | True | [email protected] (Wiz Threat Research) | True | | |
| “Crimson Collective” Claims Theft of Customer Data from Red Hat (Campaign) | 2025-10-02 | True | [email protected] (Wiz Threat Research) | True | | |
| Renewed "ArcaneDoor" Campaign Targeting 0-day Vulnerabilities in Cisco ASA (Campaign) | 2025-09-26 | True | [email protected] (Wiz Threat Research) | True | | |
| SonicWall MySonicWall Cloud Backup File Security Incident (Incident) | 2025-09-25 | True | [email protected] (Wiz Threat Research) | True | | |
