Some years back, I witnessed a magnanimous security breach of a trademarked company website in my previous company, which left the IT team frozen in shock.| Learn Hub
Authors: Yun Zheng Hu and Mick Koomen Introduction In the past few years, Fox-IT and NCC Group have conducted multiple incident response cases involving a Lazarus subgroup that specifically targets…| Fox-IT International blog
Chinese state-sponsored cyber espionage campaigns have been reportedly targeting critical sectors across the globe. From telecommunications and government to transportation, lodging, and military operations, cyber actors linked to the People’s Republic of China (PRC) are conducting extensive, stealthy operations to infiltrate and control key network devices. This ongoing cyber onslaught has been documented by leading government agencies, revealing a complex web of tactics designed for long-...| Cyble Podcast | Cybersecurity & Threat Intelligence Insights
Software supply chain attacks have been occurring at twice their long-term average in recent months and have shown no sign of slowing down. The uptick in supply chain attacks began in April 2025, when Cyble dark web researchers observed claims of 31 such attacks. Since then, cyberattacks with supply chain implications have averaged 26 a month, twice the rate seen from early 2024 through March 2025 (chart below). Cyble’s most recent threat landscape report (registration required) documen...| Cyble Podcast | Cybersecurity & Threat Intelligence Insights
Australia is experiencing an unprecedented cybercrime epidemic that is reshaping the digital threat landscape. As artificial intelligence becomes more sophisticated and accessible, cybercriminals are leveraging these technologies to launch increasingly sophisticated attacks, while supply chain vulnerabilities continue to expose organizations to devastating data breaches. The statistics paint a sobering picture of a nation under digital siege. The Staggering Scale of Australia's Cyber Crisis...| Cyble Podcast | Cybersecurity & Threat Intelligence Insights
Regional APT Threat Situation In July 2025, the global threat hunting system of Fuying Lab detected a total of 33 APT attack activities. These activities were primarily concentrated in regions including South Asia, East Asia, Southeast Asia, Eastern Europe, and West Asia, as shown in the following figure. Regarding the activity levels of different organizations, […]| NSFOCUS, Inc., a global network and cyber security leader, protects enterpris...
Health-ISAC and CI-ISAC Australia joint white paper As the fusion of espionage, hacktivism, and financially motivated crimes continues to meld together, there are a number of reasons for this trajectory, and many are dependent on the society in which the cybercrime originates. Key Judgements Nation-state threat actors have been observed empowering local cybercriminal outfits to […] The post Melding of State and Criminal Threat Actor Motivation: The Nebulous Normal Whitepaper appeared first ...| Health-ISAC – Health Information Sharing and Analysis Center
Cloudy now supercharges analytics investigations and Cloudforce One threat intelligence! Get instant insights from threat events and APIs on APTs, DDoS, cybercrime & more - powered by Workers AI.| The Cloudflare Blog
LazarOps: APT Tactics Targeting the Developers Supply Chain [PART 1]| Security Joes
One solution can change everything. ANY.RUN’s Threat Intelligence Lookup is living proof of that. By delivering a browsable source of threat data, it helps your SOC overcome challenges that have to be faced in order to reach higher detection rates and make smarter security decisions. Find details on how to make the most of TI […] The post How to Enrich IOCs with Actionable Threat Context: Tips for SOC Analysts appeared first on ANY.RUN's Cybersecurity Blog.| ANY.RUN's Cybersecurity Blog
Find crucial steps to take as a CISO to empower your SOC operations with threat intelligence to mitigate risks and improve key metrics.| ANY.RUN's Cybersecurity Blog
Regional APT Threat Situation In June 2025, the global threat hunting system of Fuying Lab detected a total of 33 APT attack activities. These activities were mainly distributed in regions such as South Asia, East Asia, West Asia, Eastern Europe, and South America, as shown in the figure below. In terms of organizational activity, the […] The post NSFOCUS Monthly APT Insights – June 2025 appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and ...| NSFOCUS, Inc., a global network and cyber security leader, protects enterpris...
In this blog we discuss why financial institutions are prime targets for cybercriminals and what they should look for in their threat intelligence tools. The post Threat Intelligence Tools: What Financial Institutions Should Look for appeared first on Searchlight Cyber.| Searchlight Cyber
Cybercrime is accelerating at an alarming pace, with global damages projected to soar to $23 trillion by 2027. Ransomware, supply chain attacks and AI-generated threats are breaking through traditional defenses—exposing a dangerous gap in how most organizations defend their infrastructure. What’s changed? Attackers are evolving faster than defenses. Armed with AI, they’re launching stealthier and more […] The post Infoblox Unveils a Radically Advanced Threat Defense to Preemptively ...| Infoblox Blog
Perplexity is repeatedly modifying their user agent and changing IPs and ASNs to hide their crawling activity, in direct conflict with explicit no-crawl preferences expressed by websites.| The Cloudflare Blog
Imagine sipping your morning coffee, scrolling through your inbox, when a seemingly innocent ProtonMail message catches your eye. But this isn’t your typical email—it’s a credential-harvesting attempt targeting specific cloud services. Today, cybercriminals are not just focusing on well-known platforms like DocuSign and Microsoft. They’re expanding their reach, exploiting a variety of cloud apps such […] The post Is That Really ProtonMail? New Credential Harvesting Threats Targeting...| SlashNext
Discover how a groundbreaking AI solution neutralized a bold Black Basta-style cyberattack in under 90 minutes—the first AI solution in the industry.| SlashNext | Complete Generative AI Security for Email, Mobile, and Browser
Security assessment of Meta's Llama 4 Scout and Maverick models shows medium risk (52-58%) with notable jailbreak vulnerabilities.| protectai.com
In today’s threat landscape, CTI as it’s commonly practiced—charting IOCs, naming malware strains, passing around the same handful of YARA rules—isn’t cutting it anymore. We’ve built an industry around collecting the digital exhaust of attackers while leaving the drivers untouched. We’ve become comfortable with symptoms and allergic to root cause. That’s a problem. Because the […]| Krypt3ia
TIPs enable security teams to assess the severity and relevance of threats according to their predefined internal criteria.| Help Net Security
The 2025 Information Risk Insight Study reveals a 650% surge in cyberattacks. Discover trends and insights to strengthen your cybersecurity.| Alert Logic
Before starting, let’s understand a few terms,what is CNAPP? CNAPP aka cloud Native Application Protection Platform is all-in one cloud-native software platform that simplifies DevSecops practices.This term CNAPP was orignally coined by Gartner in 2021 CNAPPs make it simpler to embed security into the application lifecycle while providing superior protection for cloud workloads and data. A few core features of CNAPP are:- No Vendor Locking, with multi cloud support TI(Threat Intelligence)in...| hugs4bugs
Before jump over the onboarding of Microsoft Sentinel, let’s understand what MS Sentinel is? Definition: Microsoft Sentinel is a cloud native SIEM(Security information and Event Management) and SOAR(Security orchestration,automation,and response) solution,which delivers intelligent security analytics and threat intelligence. Why do we use it? To act as blue teaming as defensive security against attack detection,threat visibility,proactive hunting and threat response. In this blog we’ll be...| hugs4bugs
Before starting let’s understand a few steps of threat investigation and attackers’ mindset. Whenever attacker breaches a system or try to all logs are generated as Events and Incidents which can be fetched into SIEM tools like MS Sentinel , Qradar. These behaviours can be summarised into TTP viz Tactics : The high level description of the behaviour and strategy of a threat actor.It means how they behave across the different stages of the cyberattack kill chain. Usually these stages inclu...| hugs4bugs
In today’s rapidly evolving cybersecurity landscape, staying ahead of threats is not just a challenge, it’s a necessity. At NSFOCUS, we are committed to providing users with the most advanced and comprehensive threat intelligence solutions to safeguard the organization against the ever-growing spectrum of cyber threats. NSFOCUS threat intelligence (NTI) is complemented by integration with […]| NSFOCUS, Inc., a global network and cyber security leader, protects enterpris...
In this blog, we discuss why getting under the skin of a threat actor and understanding their TTPs is important for managing external cyber risk.| Searchlight Cyber
Learn about the differences between EDR, MDR, and XDR solutions—and how they each alleviate the challenges of cybersecurity teams.| ThreatDown by Malwarebytes
Where does cyber risk come from? Read our blog to find out as well as learn how vulnerabilities can be identified before cybercriminals spot them.| Searchlight Cyber
KMSpico is one of the most popular hack tools for activating pirated copies of Microsoft products. Here’s why we don’t recommend it.| ThreatDown by Malwarebytes
A trusted root certificate is the cornerstone of authentication and security on the Internet. But even this can be abused. Read on to learn how.| ThreatDown by Malwarebytes
Learn how SIEM enables real-time threat monitoring for swift identification and response to emerging cyber threats.| Govindhtech
March 2025 saw a huge number of ransomware attacks, and the Pennsylvania State Education Association quietly notify over 500,000 current and former teachers that hackers infiltrated its networks last…| ThreatDown by Malwarebytes
Threat intelligence platforms help analyze and share cyber threat data. Discover top TIPs , their features, use cases, and comparisons.| eSecurity Planet
A notable trend in cyber threats nowadays is the exploitation of vulnerabilities in drivers through the Bring Your Own Vulnerable Driver...| Security Joes
Security Joes Incident Response team recently became aware of a set of relatively new CVEs that were released at the end of March 2023....| Security Joes
Our research team is committed to continuously identifying potential security vulnerabilities and techniques that threat actors may...| Security Joes
In September of last year, our Incident Response team was called to an incident that was identified as an attempt of social engineering...| Security Joes
Recent attacks documented in previous months seem to be orchestrated by hacking groups using a framework called Raspberry Robin. This...| Security Joes
PlugX is a malware family first spotted in 2008. It is a Remote Access Trojan that has been used by several threat actors and provides...| Security Joes
Microsoft Threat Intelligence has identified a shift in tactics for Silk Typhoon, a Chinese state-sponsored espionage group, to target remote management tools| RH-ISAC
Watch how zvelo enhances phishing protection solutions with real-time intelligence that helps block phishing attacks before harm occurs.| zvelo
Sandworm APT targets Ukrainian users with Trojanized Microsoft KMS tools for cyber espionage, leveraging pirated software to exfiltrate sensitive data and compromise critical infrastructure.| blog.eclecticiq.com
Date: 2.13.25 🚨 Top Headlines Chinese Cyberspy Possibly Launching Ransomware Attacks as Side Job Summary: Tools typically employed by Chinese cyberespionage groups have been used in a recent ransomware attack, likely by an individual hacker, Symantec notes in a fresh report. The toolset includes a legitimate Toshiba executable deployed on the victims’ systems to sideload […]| Krypt3ia
Date: 2.5.25 🚨 Top Headlines Five Eyes Launch Guidance to Improve Edge Device Security Summary: The UK’s leading cybersecurity agency and its Five Eyes peers have produced new guidance for manufacturers of edge devices designed to improve baseline security. GCHQ’s National Cyber Security Centre (NCSC) and allies in Australia, Canada, New Zealand and the US […]| Krypt3ia
Date: 2.4.25 🚨 Top Headlines Texas to Establish Cyber Command Amid “Dramatic” Rise in Attacks Summary: Texas Governor Greg Abbott has announced plans to create a Texas Cyber Command, designed to combat a “dramatic” rise in cyber-attacks targeting the US state. Abbott unveiled the Cyber Command as an emergency item during his State of the […]| Krypt3ia
Mission "Data Destruction": A Large-scale Data-Wiping Campaign Targeting Israel| Security Joes
Threat intelligence plays a crucial role in cybersecurity decision-making. It involves identifying and gathering cybersecurity information.| CIP Blog
Explore emerging credential harvesting threats targeting cloud apps like ProtonMail, Gravatar, and telecoms. Learn tactics, risks, and how to stay secure.| SlashNext | Complete Generative AI Security for Email, Mobile, and Browser
Discover how a groundbreaking AI solution neutralized a bold Black Basta-style cyberattack in under 90 minutes—the first AI solution in the industry.| SlashNext | Complete Generative AI Security for Email, Mobile, and Browser
We analyze an example of how the Black Basta ransomware group uses PowerShell to prepare their attack| ThreatDown by Malwarebytes
The emergence of the Internet of Things, or IoT, as it’s commonly known, has been a massive boon to just about every aspect of our society. It allows a multitude […]| Planet Mainframe
Businesses will need to adapt as ransomware gangs take less time to steal and encrypt data than ever before.| ThreatDown by Malwarebytes
EclecticIQ analysts discovered phishing campaigns targeting financial institutions driven by a Phishing-as-a-Service (PhaaS) platform called ONNX Store.| blog.eclecticiq.com
Ist ja schön, dass wir im ersten Artikel "Modern Honeypot Network – Teil 1: Kommandozentrale auf DigitalOcean" eine Kommandozentrale eingerichtet haben, um unsere Honeypots zu kontrollieren. Aber wie bekommen wir es nun hin, dass hier auch wirklich Daten ankommen? Wir müssen dazu unseren ersten Honeypot einrichten bzw. unseren ersten "Sensor" installieren. Ich habe mich dafür […]| Tizian Kohler
Letztens kam mir die Idee einen Honeypot aufzusetzen, um Daten über das Vorgehen von Hackern zu sammeln. Also habe ich mich damit beschäftigt und mir mit Modern Honeypot Network (MHN) ein passendes Framework gesucht. Da ich keinen lokalen Honeypot aufsetzen wollte, habe ich eine cloudbasierte Variante mit DigitalOcean realisiert. In diesem Beitrag beschreibe ich kurz […]| Tizian Kohler
Kaspersky's CTI analysts recently released their Asian APT groups report, including details on behavior by different adversaries. Followin...| blog.virustotal.com
EclecticIQ analysts identified a threat actor that utilized information stealer HackBrowserData to target Indian government entities and energy sector.| blog.eclecticiq.com
This post is the fifth of a series on Threat Intelligence Automation topic. Post 1: Architecture and Hardening of MineMeld Post 2: Foundation: write a custom prototype and SOC integration Post 3: E…| Scubarda
MD5 is known to be broken for more than a decade now. Practical attacks have been shown since 2006, and public collision generator tools are also available since that time. The dangers of the developed collision attacks were demonstrated by academia and white-hat hackers too, but in case of the Flame malware we’ve also seen malicious parties exploiting the weaknesses in the wild.| Silent Signal Techblog
Explore how curated threat intelligence offers a strategic, cost-effective solution in the face of cybersecurity budget cuts.| zvelo
AI-fueled social engineering tactics are a potent initial infection vector for ransomware as well as a myriad of other cyber threats.| zvelo
This post explores Defense-in-Depth, a comprehensive strategy with a multi-layered approach to modern threat protection.| zvelo
