Research

Threat intelligence reports generated by Actioner's research pipeline. Each report includes executive summaries, MITRE ATT&CK mappings, IOCs, and validated detection rules (Sigma, YARA, Snort, Suricata).

Latest Reports

Axios npm Supply Chain Compromise

North Korean state-sponsored compromise of axios, the most widely-used npm HTTP client. Cross-platform RAT deployed via postinstall hook.

BlueHammer: Windows Defender Zero-Day

Unpatched TOCTOU race condition in Windows Defender's signature update mechanism. Full PoC public, no patch available.

TeamPCP Supply Chain Campaign

How TeamPCP compromised Trivy, KICS, LiteLLM, and 47+ npm packages in a cascading supply chain attack affecting 500K+ machines.

Scattered Spider: Recent Campaigns and Evolving TTPs

Analysis of Scattered Spider's 2025-2026 campaigns including UK retail attacks, aviation targeting, and DragonForce ransomware pivot.

Lazarus Group: Comprehensive Threat Actor Profile

Full profile of North Korea's Lazarus Group including the $1.5B Bybit heist, Medusa ransomware, and developer supply chain attacks.

Research ​

Latest Reports ​