Internet Storm Center
Sign In
Sign Up
Handler on Duty:
Jesse La Grew
Threat Level:
green
Date
Author
Title
SUPPLY CHAIN ATTACK
2026-04-27
Kenneth Hartman
TeamPCP Supply Chain Campaign: Update 008 - 26-Day Pause Ends with Three Concurrent Compromises (Checkmarx KICS, Bitwarden CLI Cascade, xinference PyPI), CanisterSprawl npm Worm Identified, and Tier 1 Coverage Returns
SUPPLY
2026-04-27/a>
Kenneth Hartman
TeamPCP Supply Chain Campaign: Update 008 - 26-Day Pause Ends with Three Concurrent Compromises (Checkmarx KICS, Bitwarden CLI Cascade, xinference PyPI), CanisterSprawl npm Worm Identified, and Tier 1 Coverage Returns
2026-04-08/a>
Kenneth Hartman
TeamPCP Supply Chain Campaign: Update 007 - Cisco Source Code Stolen via Trivy-Linked Breach, Google GTIG Tracks TeamPCP as UNC6780, and CISA KEV Deadline Arrives with No Standalone Advisory
2026-04-03/a>
Kenneth Hartman
TeamPCP Supply Chain Campaign: Update 006 - CERT-EU Confirms European Commission Cloud Breach, Sportradar Details Emerge, and Mandiant Quantifies Campaign at 1,000+ SaaS Environments
2026-04-01/a>
Kenneth Hartman
TeamPCP Supply Chain Campaign: Update 005 - First Confirmed Victim Disclosure, Post-Compromise Cloud Enumeration Documented, and Axios Attribution Narrows
2026-03-30/a>
Kenneth Hartman
TeamPCP Supply Chain Campaign: Update 004 - Databricks Investigating Alleged Compromise, TeamPCP Runs Dual Ransomware Operations, and AstraZeneca Data Released
2026-03-28/a>
Kenneth Hartman
TeamPCP Supply Chain Campaign: Update 003 - Operational Tempo Shift as Campaign Enters Monetization Phase With No New Compromises in 48 Hours
2026-03-27/a>
Kenneth Hartman
TeamPCP Supply Chain Campaign: Update 002 - Telnyx PyPI Compromise, Vect Ransomware Mass Affiliate Program, and First Named Victim Claim
2026-03-26/a>
Kenneth Hartman
TeamPCP Supply Chain Campaign: Update 001 - Checkmarx Scope Wider Than Reported, CISA KEV Entry, and Detection Tools Available
2023-07-18/a>
Johannes Ullrich
Exploit Attempts for "Stagil navigation for Jira Menus & Themes" CVE-2023-26255 and CVE-2023-26256
2019-10-24/a>
Johannes Ullrich
Your Supply Chain Doesn't End At Receiving: How Do You Decommission Network Equipment?
CHAIN
2026-04-27/a>
Kenneth Hartman
TeamPCP Supply Chain Campaign: Update 008 - 26-Day Pause Ends with Three Concurrent Compromises (Checkmarx KICS, Bitwarden CLI Cascade, xinference PyPI), CanisterSprawl npm Worm Identified, and Tier 1 Coverage Returns
2026-04-08/a>
Kenneth Hartman
TeamPCP Supply Chain Campaign: Update 007 - Cisco Source Code Stolen via Trivy-Linked Breach, Google GTIG Tracks TeamPCP as UNC6780, and CISA KEV Deadline Arrives with No Standalone Advisory
2026-04-03/a>
Kenneth Hartman
TeamPCP Supply Chain Campaign: Update 006 - CERT-EU Confirms European Commission Cloud Breach, Sportradar Details Emerge, and Mandiant Quantifies Campaign at 1,000+ SaaS Environments
2026-04-01/a>
Kenneth Hartman
TeamPCP Supply Chain Campaign: Update 005 - First Confirmed Victim Disclosure, Post-Compromise Cloud Enumeration Documented, and Axios Attribution Narrows
2026-03-30/a>
Kenneth Hartman
TeamPCP Supply Chain Campaign: Update 004 - Databricks Investigating Alleged Compromise, TeamPCP Runs Dual Ransomware Operations, and AstraZeneca Data Released
2026-03-28/a>
Kenneth Hartman
TeamPCP Supply Chain Campaign: Update 003 - Operational Tempo Shift as Campaign Enters Monetization Phase With No New Compromises in 48 Hours
2026-03-27/a>
Kenneth Hartman
TeamPCP Supply Chain Campaign: Update 002 - Telnyx PyPI Compromise, Vect Ransomware Mass Affiliate Program, and First Named Victim Claim
2026-03-26/a>
Kenneth Hartman
TeamPCP Supply Chain Campaign: Update 001 - Checkmarx Scope Wider Than Reported, CISA KEV Entry, and Detection Tools Available
2024-07-16/a>
Jan Kopriva
"Reply-chain phishing" with a twist
2023-07-18/a>
Johannes Ullrich
Exploit Attempts for "Stagil navigation for Jira Menus & Themes" CVE-2023-26255 and CVE-2023-26256
2022-09-19/a>
Russ McRee
Chainsaw: Hunt, search, and extract event log records
2019-10-24/a>
Johannes Ullrich
Your Supply Chain Doesn't End At Receiving: How Do You Decommission Network Equipment?
2017-06-02/a>
Xavier Mertens
Phishing Campaigns Follow Trends
2016-11-23/a>
Tom Webb
Mapping Attack Methodology to Controls
ATTACK
2026-04-27/a>
Kenneth Hartman
TeamPCP Supply Chain Campaign: Update 008 - 26-Day Pause Ends with Three Concurrent Compromises (Checkmarx KICS, Bitwarden CLI Cascade, xinference PyPI), CanisterSprawl npm Worm Identified, and Tier 1 Coverage Returns
2025-09-10/a>
Guy Bruneau
DShield SIEM Docker Updates
2024-01-08/a>
Jesse La Grew
What is that User Agent?
2022-08-10/a>
Johannes Ullrich
And Here They Come Again: DNS Reflection Attacks
2022-03-26/a>
Guy Bruneau
Is buying Cyber Insurance a Must Now?
2022-02-03/a>
Johannes Ullrich
Keeping Track of Your Attack Surface for Cheap
2021-02-01/a>
Rob VandenBrink
Taking a Shot at Reverse Shell Attacks, CNC Phone Home and Data Exfil from Servers
2019-08-25/a>
Guy Bruneau
Are there any Advantages of Buying Cyber Security Insurance?
2019-07-20/a>
Guy Bruneau
Re-evaluating Network Security - It is Increasingly More Complex
2017-09-06/a>
Adrien de Beaupre
Modern Web Application Penetration Testing , Hash Length Extension Attacks
2016-11-02/a>
Rob VandenBrink
What Does a Pentest Look Like?
2016-06-03/a>
Tom Liston
MySQL is YourSQL
2015-03-18/a>
Daniel Wesemann
Pass the hash!
2015-02-19/a>
Daniel Wesemann
DNS-based DDoS
2014-02-26/a>
Russ McRee
Ongoing NTP Amplification Attacks
2014-02-17/a>
Chris Mohan
NTP reflection attacks continue
2013-12-02/a>
Richard Porter
Reports of higher than normal SSH Attacks
2013-08-19/a>
Guy Bruneau
Business Risks and Cyber Attacks
2013-07-27/a>
Scott Fendley
Defending Against Web Server Denial of Service Attacks
2013-07-13/a>
Lenny Zeltser
Decoy Personas for Safeguarding Online Identity Using Deception
2012-10-05/a>
Richard Porter
Reports of a Distributed Injection Scan
2011-12-28/a>
Daniel Wesemann
Hash collisions vulnerability in web servers
2011-12-01/a>
Mark Hofman
SQL Injection Attack happening ATM
2011-09-28/a>
Richard Porter
All Along the ARP Tower!
2011-01-23/a>
Richard Porter
Crime is still Crime!
2010-12-23/a>
Mark Hofman
White house greeting cards
2010-08-16/a>
Raul Siles
DDOS: State of the Art
2010-08-15/a>
Manuel Humberto Santander Pelaez
Obfuscated SQL Injection attacks
2010-08-13/a>
Tom Liston
The Strange Case of Doctor Jekyll and Mr. ED
2010-03-15/a>
Adrien de Beaupre
Spamassassin Milter Plugin Remote Root Attack
2010-01-29/a>
Johannes Ullrich
Analyzing isc.sans.org weblogs, part 2, RFI attacks
2009-11-11/a>
Rob VandenBrink
Layer 2 Network Protections against Man in the Middle Attacks
2009-08-28/a>
Adrien de Beaupre
WPA with TKIP done
2009-06-04/a>
Raul Siles
Targeted e-mail attacks asking to verify wire transfer details
2009-04-20/a>
Jason Lam
Digital Content on TV
2009-04-02/a>
Bojan Zdrnja
JavaScript insertion and log deletion attack tools
2009-03-20/a>
donald smith
Stealthier then a MBR rootkit, more powerful then ring 0 control, it’s the soon to be developed SMM root kit.
2009-02-25/a>
Swa Frantzen
Targeted link diversion attempts
2009-01-30/a>
Mark Hofman
Request for info - Scan and webmail
2009-01-18/a>
Maarten Van Horenbeeck
Targeted social engineering
2008-12-03/a>
Andre Ludwig
New ISC Poll! Has your organization suffered a DDoS (Distributed Denial of Service) attack in the last year?
2008-07-09/a>
Johannes Ullrich
Unpatched Word Vulnerability
2008-05-26/a>
Marcus Sachs
Predictable Response
2008-03-27/a>
Maarten Van Horenbeeck
Guarding the guardians: a story of PGP key ring theft
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Domains
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Contact Us
Contact Us
About Us
Handlers
About Us
Slack Channel
Mastodon
Bluesky
X
This site is powered by
your submissions
, so tell us
what you see happening
