Cybersecurity Reading List - Week of 2025-10-27 - DomainTools Investigations | DTI
Commentary followed by links to cybersecurity articles that caught our interest internally.| DomainTools Investigations | DTI
Analysis of the 500GB+ Great Firewall data breach revealing China’s state censorship network, VPN evasion tactics, and the operators behind it. The post Inside the Great Firewall Part 1: The Dump appeared first on DomainTools Investigations | DTI.| DomainTools Investigations | DTI
Despite major changes in the leading ransomware groups, ransomware attacks have surged 50% in 2025, as cybercriminals have proven adept at finding new opportunities and exploiting vulnerabilities. Ransomware attacks were up 50% in 2025 through October 21, according to Cyble data, rising to 5,010 from 3,335 in the same period of 2024. Cyble’s data is based on ransomware group claims on their dark web data leak sites. From the decline of RansomHub to the rise of Qilin ...| Cyble Podcast | Cybersecurity & Threat Intelligence Insights
Europe's ransomware problem isn't getting better! Q3 2025 saw 288 attacks hammer organizations across the region, with Qilin claiming 65 victims and cementing its position as the most aggressive threat actor targeting the continent. But it's SafePay's meteoric rise to second place—and a devastating airport attack that rippled across multiple countries—that has security teams particularly worried about what's coming next. The numbers tell a sobering story in Cyble's latest report, “E...| Cyble Podcast | Cybersecurity & Threat Intelligence Insights
Commentary followed by links to cybersecurity articles that caught our interest internally.| DomainTools Investigations | DTI
Kaspersky researchers identified over 2000 unique hashtags across 11,000 hacktivist posts on the surface web and the dark web to find out how hacktivist campaigns function and whom they target.| Securelist
Ian Campbell's recap of DTI's participation at BSides NoVa| DomainTools Investigations | DTI
Security teams spend much of their day pulling data from reports, forums, and feeds, trying to connect clues across multiple sources. Google says that work can now happen through a simple conversation. A new way to interact with threat data Google has launched agentic threat intelligence, a preview feature available to customers of its Threat Intelligence Enterprise and Enterprise+ products. The company describes it as an “agentic platform” that acts like a digital teammate for … More ...| Help Net Security
Health-ISAC Heartbeat provides observations of ransomware, cybercrime trends, and malicious actor forum postings that could potentially impact health sector organizations. This product is for situational awareness. Topics: Ransomware Attacks in the Health Sector Global Events Analysis Targeted Alert Trends Underground Forums Activity Threat Actor Profiles and Mitigations Additional Recommendations The post Health-ISAC Health Sector Heartbeat – Q3 2025 appeared first on Health-ISAC - H...| Health-ISAC – Health Information Sharing and Analysis Center
Cyberangriffe nehmen rasant zu und richten immer größere Schäden an. Schadensbegrenzung allein reicht deshalb nicht mehr aus. Reaktive Ansätze, die erst nac| B2B Cyber Security
A massive crypto wallet-drain conspiracy links fake trading sites to a single criminal IP address. See our investigative deep dive into how these orchestrated scams are draining user funds. The post Inside a Crypto Scam Nexus appeared first on DomainTools Investigations | DTI.| DomainTools Investigations | DTI
Commentary followed by links to cybersecurity articles that caught our interest internally. The post Cybersecurity Reading List - Week of 2025-09-29 appeared first on DomainTools Investigations | DTI.| DomainTools Investigations | DTI
Salt Typhoon is a Chinese state-sponsored cyber threat group aligned with the Ministry of State Security (MSS), specializing in long-term espionage operations targeting global telecommunications infrastructure. Active since at least 2019, Salt Typhoon has demonstrated advanced capabilities in exploiting network edge devices, establishing deep persistence, and harvesting sensitive communications metadata, VoIP configurations, lawful intercept data, and subscriber profiles from telecom provider...| DomainTools Investigations | DTI
Discover how EclecticIQ Platform 3.6 empowers analysts with Custom objects to capture, structure, and operationalize intelligence beyond STIX. Model data your way, streamline investigations, and stay ready for emerging threats.| blog.eclecticiq.com
The European Union continues to face a complex web of cyber threats, according to the 2025 ENISA Threat Landscape report. Covering incidents from July 2024 through June 2025, the report details how a variety of threat actors are targeting the EU’s digital infrastructure with overlapping tactics, highly technical attack models, and heightened collaboration. The EU Threat Landscapeand Converging Threat Groups ENISA’s latest analysis, based on 4,875 recorded cybersecurity incidents, reveal...| Cyble Podcast | Cybersecurity & Threat Intelligence Insights
Today, we are taking some big steps forward in our mission to help build a better Internet. Cloudflare is giving everyone free access to 10+ different website and network security products and features.| The Cloudflare Blog
SANTA CLARA, Calif.–(BUSINESS WIRE)–Cequence, a pioneer in API security and bot management, today announced a new partnership with Netskope, a leader in secure access service edge (SASE). Through the partnership, Netskope customers can now leverage unique API threat intelligence from the Cequence Unified API Protection (UAP) platform to unlock insights into real-world threats and ultimately strengthen organizational […]| Merchant Fraud Journal
BOSTON–(BUSINESS WIRE)–Lookout, Inc., the data-centric cloud security company, today announced it has been named a leader in The Forrester Wave™: Mobile Threat Defense Solutions, Q3 2024 report. According to the report, Lookout Mobile Endpoint Security balances powerful mobile security with user experience to provide a strong set of features across the spectrum of mobile security and deep threat […]| Merchant Fraud Journal
Cybersecurity has been stuck in reaction mode for too long. Detect, respond, patch, repeat. That cycle isn’t working anymore especially not when threat actors are moving faster, scaling wider, and using AI to outpace defenders.| blog.eclecticiq.com
Fighting ransomware isn’t about more data — it’s about smarter context. Veteran Jeremy Nichols reveals how to outpace threats with automation.| blog.eclecticiq.com
Executive summary On June 2, 2025, EclecticIQ analysts observed the emergence of GLOBAL GROUP, a new Ransomware-as-a-Service (RaaS) brand promoted on the Ramp4u forum by the threat actor known as “$$$”. The same actor controls the Black Lock RaaS [1] and previously managed Mamona [2] ransomware operations. GLOBAL GROUP targets a wide range of sectors across the United States and Europe. EclecticIQ assesses with medium confidence that GLOBAL GROUP was likely established as a rebranding...| EclecticIQ Blog
Executive Summary On May 7, 2025, during the active military escalation between Pakistan and India—specifically in the context of India's military campaign 'Operation Sindoor'—, EclecticIQ analysts observed that Bitter APT (also known as TA397)[1] very likely targeted the Pakistan Telecommunication Company Limited (PTCL) workers[2] in a spear phishing campaign very likely to deliver malware. Analysts assess that, Bitter APT is very likely a South Asian state-sponsored actor, conducting cy...| EclecticIQ Blog
This report on cybercrime, hacktivist and APT groups targeting primarily Russian organizations provides an analysis and comparison of their TTPs and divides them into three clusters.| securelist.com
When analysts at RH-ISAC found themselves spending 10 hours a week just collecting threat intelligence, they knew their process wasn’t sustainable. They| Help Net Security
Need a VirusTotal alternative? zvelo delivers human-curated, AI-powered threat & phishing intel with broad coverage and predictable pricing. The post zvelo. Smart, Cost Effective VT Alternative for Threat Intel. appeared first on zvelo.| zvelo
Authors: Yun Zheng Hu and Mick Koomen Introduction In the past few years, Fox-IT and NCC Group have conducted multiple incident response cases involving a Lazarus subgroup that specifically targets…| Fox-IT International blog
Regional APT Threat Situation In July 2025, the global threat hunting system of Fuying Lab detected a total of 33 APT attack activities. These activities were primarily concentrated in regions including South Asia, East Asia, Southeast Asia, Eastern Europe, and West Asia, as shown in the following figure. Regarding the activity levels of different organizations, […]| NSFOCUS, Inc., a global network and cyber security leader, protects enterpris...
LazarOps: APT Tactics Targeting the Developers Supply Chain [PART 1]| Security Joes
Find crucial steps to take as a CISO to empower your SOC operations with threat intelligence to mitigate risks and improve key metrics.| ANY.RUN's Cybersecurity Blog
Explore why financial institutions are prime cybercrime targets and what features to seek in threat intelligence tools to protect assets and ensure compliance.| Searchlight Cyber
Perplexity is repeatedly modifying their user agent and changing IPs and ASNs to hide their crawling activity, in direct conflict with explicit no-crawl preferences expressed by websites.| The Cloudflare Blog
Imagine sipping your morning coffee, scrolling through your inbox, when a seemingly innocent ProtonMail message catches your eye. But this isn’t your typical email—it’s a credential-harvesting attempt targeting specific cloud services. Today, cybercriminals are not just focusing on well-known platforms like DocuSign and Microsoft. They’re expanding their reach, exploiting a variety of cloud apps such […] The post Is That Really ProtonMail? New Credential Harvesting Threats Targeting...| SlashNext
Discover how a groundbreaking AI solution neutralized a bold Black Basta-style cyberattack in under 90 minutes—the first AI solution in the industry.| SlashNext | Complete Generative AI Security for Email, Mobile, and Browser
In today’s threat landscape, CTI as it’s commonly practiced—charting IOCs, naming malware strains, passing around the same handful of YARA rules—isn’t cutting it anymore. We’ve built an industry around collecting the digital exhaust of attackers while leaving the drivers untouched. We’ve become comfortable with symptoms and allergic to root cause. That’s a problem. Because the […]| Krypt3ia
The 2025 Information Risk Insight Study reveals a 650% surge in cyberattacks. Discover trends and insights to strengthen your cybersecurity.| Alert Logic
Before starting, let’s understand a few terms,what is CNAPP? CNAPP aka cloud Native Application Protection Platform is all-in one cloud-native software platform that simplifies DevSecops practices.This term CNAPP was orignally coined by Gartner in 2021 CNAPPs make it simpler to embed security into the application lifecycle while providing superior protection for cloud workloads and data. A few core features of CNAPP are:- No Vendor Locking, with multi cloud support TI(Threat Intelligence)in...| hugs4bugs
Before jump over the onboarding of Microsoft Sentinel, let’s understand what MS Sentinel is? Definition: Microsoft Sentinel is a cloud native SIEM(Security information and Event Management) and SOAR(Security orchestration,automation,and response) solution,which delivers intelligent security analytics and threat intelligence. Why do we use it? To act as blue teaming as defensive security against attack detection,threat visibility,proactive hunting and threat response. In this blog we’ll be...| hugs4bugs
EDR, MDR, and XDR alleviate the challenges of most small business cybersecurity teams, but the differences between these solutions are significant.| ThreatDown by Malwarebytes
KMSpico is one of the most popular hack tools for activating pirated copies of Microsoft products. Here’s why we don’t recommend it.| ThreatDown by Malwarebytes
A trusted root certificate is the cornerstone of authentication and security on the Internet. But even this can be abused. Read on to learn how.| ThreatDown by Malwarebytes
Learn how SIEM enables real-time threat monitoring for swift identification and response to emerging cyber threats.| Govindhtech
March 2025 saw a huge number of ransomware attacks, and the Pennsylvania State Education Association quietly notify over 500,000 current and former teachers that hackers infiltrated its networks last…| ThreatDown by Malwarebytes
Threat intelligence platforms help analyze and share cyber threat data. Discover top TIPs , their features, use cases, and comparisons.| eSecurity Planet
A notable trend in cyber threats nowadays is the exploitation of vulnerabilities in drivers through the Bring Your Own Vulnerable Driver...| Security Joes
Security Joes Incident Response team recently became aware of a set of relatively new CVEs that were released at the end of March 2023....| Security Joes
Our research team is committed to continuously identifying potential security vulnerabilities and techniques that threat actors may...| Security Joes
In September of last year, our Incident Response team was called to an incident that was identified as an attempt of social engineering...| Security Joes
Recent attacks documented in previous months seem to be orchestrated by hacking groups using a framework called Raspberry Robin. This...| Security Joes
PlugX is a malware family first spotted in 2008. It is a Remote Access Trojan that has been used by several threat actors and provides...| Security Joes
Microsoft Threat Intelligence has identified a shift in tactics for Silk Typhoon, a Chinese state-sponsored espionage group, to target remote management tools| RH-ISAC
Watch how zvelo enhances phishing protection solutions with real-time intelligence that helps block phishing attacks before harm occurs.| zvelo
Sandworm APT targets Ukrainian users with Trojanized Microsoft KMS tools for cyber espionage, leveraging pirated software to exfiltrate sensitive data and compromise critical infrastructure.| blog.eclecticiq.com
Mission "Data Destruction": A Large-scale Data-Wiping Campaign Targeting Israel| Security Joes
Threat intelligence plays a crucial role in cybersecurity decision-making. It involves identifying and gathering cybersecurity information.| CIP Blog
Explore emerging credential harvesting threats targeting cloud apps like ProtonMail, Gravatar, and telecoms. Learn tactics, risks, and how to stay secure.| SlashNext | Complete Generative AI Security for Email, Mobile, and Browser
Discover how a groundbreaking AI solution neutralized a bold Black Basta-style cyberattack in under 90 minutes—the first AI solution in the industry.| SlashNext | Complete Generative AI Security for Email, Mobile, and Browser
We analyze an example of how the Black Basta ransomware group uses PowerShell to prepare their attack| ThreatDown by Malwarebytes
EclecticIQ analysts discovered phishing campaigns targeting financial institutions driven by a Phishing-as-a-Service (PhaaS) platform called ONNX Store.| blog.eclecticiq.com
Ist ja schön, dass wir im ersten Artikel "Modern Honeypot Network – Teil 1: Kommandozentrale auf DigitalOcean" eine Kommandozentrale eingerichtet haben, um unsere Honeypots zu kontrollieren. Aber wie bekommen wir es nun hin, dass hier auch wirklich Daten ankommen? Wir müssen dazu unseren ersten Honeypot einrichten bzw. unseren ersten "Sensor" installieren. Ich habe mich dafür […]| Tizian Kohler
Letztens kam mir die Idee einen Honeypot aufzusetzen, um Daten über das Vorgehen von Hackern zu sammeln. Also habe ich mich damit beschäftigt und mir mit Modern Honeypot Network (MHN) ein passendes Framework gesucht. Da ich keinen lokalen Honeypot aufsetzen wollte, habe ich eine cloudbasierte Variante mit DigitalOcean realisiert. In diesem Beitrag beschreibe ich kurz […]| Tizian Kohler
Kaspersky's CTI analysts recently released their Asian APT groups report, including details on behavior by different adversaries. Followin...| blog.virustotal.com
EclecticIQ analysts identified a threat actor that utilized information stealer HackBrowserData to target Indian government entities and energy sector.| blog.eclecticiq.com
This post is the fifth of a series on Threat Intelligence Automation topic. Post 1: Architecture and Hardening of MineMeld Post 2: Foundation: write a custom prototype and SOC integration Post 3: E…| Scubarda
MD5 is known to be broken for more than a decade now. Practical attacks have been shown since 2006, and public collision generator tools are also available since that time. The dangers of the developed collision attacks were demonstrated by academia and white-hat hackers too, but in case of the Flame malware we’ve also seen malicious parties exploiting the weaknesses in the wild.| Silent Signal Techblog
Explore how curated threat intelligence offers a strategic, cost-effective solution in the face of cybersecurity budget cuts.| zvelo
AI-fueled social engineering tactics are a potent initial infection vector for ransomware as well as a myriad of other cyber threats.| zvelo
This post explores Defense-in-Depth, a comprehensive strategy with a multi-layered approach to modern threat protection.| zvelo
