Tag

threat intelligence

40 articles on threat intelligence.

← All blog posts
China Edge Device Campaigns: Passive DNS And Certificates For Early Warning
SecurityJul 11, 2026

China Edge Device Campaigns: Passive DNS And Certificates For Early Warning

Dutch intelligence warnings about Chinese cyber capability reinforce a practical defense priority: monitor edge devices, VPNs, routers, DNS history, and certificate reuse.

3 min read
Agentic AI Threat Mapping: MITRE ATT&CK Needs Evidence-Rich Workflows
AI & MLJul 8, 2026

Agentic AI Threat Mapping: MITRE ATT&CK Needs Evidence-Rich Workflows

Anthropic mapped AI-enabled cyber activity to MITRE ATT&CK and found gaps around autonomous orchestration. SOC teams need AI summaries tied to evidence, not unsupported verdicts.

4 min read
SOC Alert Fatigue In July 2026: Confidence Scoring Beats More Noise
SOCJul 7, 2026

SOC Alert Fatigue In July 2026: Confidence Scoring Beats More Noise

Vectra AI research shows alert overload remains a resilience problem. SOC teams need source quality, confidence scoring, enrichment, and SIEM workflows that suppress noise without hiding risk.

4 min read
AI-Enabled Cyberattacks and MITRE ATT&CK: Turning New Threat Maps Into SOC Action
SOCJun 4, 2026

AI-Enabled Cyberattacks and MITRE ATT&CK: Turning New Threat Maps Into SOC Action

AI-enabled threats are being mapped into ATT&CK language, but mapping is only useful when it drives enrichment, detection, triage, and response workflows.

8 min read
Cyber Extortion Now Includes Physical Threats: What Incident Response Teams Must Change
RansomwareJun 4, 2026

Cyber Extortion Now Includes Physical Threats: What Incident Response Teams Must Change

Cyber incidents are no longer always contained to systems and data. As extortion crews add physical threats, responders need ransomware intelligence, safety escalation, IOC enrichment, and executive-ready evidence.

8 min read
SOC Alert Fatigue: How Threat Intelligence Reduces False Positives Without Hiding Real Attacks
SOCJun 4, 2026

SOC Alert Fatigue: How Threat Intelligence Reduces False Positives Without Hiding Real Attacks

Alert fatigue is not a staffing problem alone. SOC teams need better evidence, source quality, confidence bands, and enrichment workflows that turn noisy alerts into defensible decisions.

8 min read
API CVE, dashboards et SIEM : automatiser la vulnérabilité sans perdre le contexte
APIMay 24, 2026

API CVE, dashboards et SIEM : automatiser la vulnérabilité sans perdre le contexte

Les données CVE deviennent plus puissantes lorsqu’elles alimentent API, dashboards, SIEM, alerting et workflows de remédiation avec un contexte complet.

5 min read
Sources de données CVE : comment construire une vision fiable du risque vulnérabilité
ResearchMay 24, 2026

Sources de données CVE : comment construire une vision fiable du risque vulnérabilité

NVD, OpenCVE, CISA KEV, GCVE, EPSS, CERT-FR, MSRC, GHSA, Exploit-DB, Nuclei et advisories fournisseurs : comprendre le rôle de chaque source dans une plateforme CVE exploitable.

6 min read
AI-Enabled Device Code Phishing: How OAuth Tokens Became the New Credential Theft Target
PhishingMay 10, 2026

AI-Enabled Device Code Phishing: How OAuth Tokens Became the New Credential Theft Target

Device code phishing turns a legitimate OAuth flow into a token theft path. Learn how AI-assisted lures, Entra ID abuse, and session token replay change phishing detection in 2026.

10 min read
MCP Security Risks: Tool Poisoning, Prompt Injection, and the New AI Agent Attack Surface
AI & MLMay 9, 2026

MCP Security Risks: Tool Poisoning, Prompt Injection, and the New AI Agent Attack Surface

Model Context Protocol integrations give agents access to tools, files, and services. That power creates new risks: tool poisoning, prompt injection, overbroad permissions, and untrusted server abuse.

10 min read
LLMjacking Explained: How Attackers Abuse Cloud Credentials to Steal AI Compute
CloudMay 8, 2026

LLMjacking Explained: How Attackers Abuse Cloud Credentials to Steal AI Compute

LLMjacking combines cloud credential theft with expensive AI workloads. Learn how attackers find exposed keys, abuse model APIs, hide compute costs, and how defenders can detect the pattern.

10 min read
OAuth Consent Phishing: Detecting Malicious App Grants Before Data Exfiltration
PhishingMay 6, 2026

OAuth Consent Phishing: Detecting Malicious App Grants Before Data Exfiltration

OAuth consent phishing tricks users into granting access instead of giving up passwords. Learn how malicious app grants work, which permissions matter, and how to detect abuse early.

10 min read
Session Token Theft: Why Infostealers Bypass MFA and How Defenders Respond
MalwareMay 5, 2026

Session Token Theft: Why Infostealers Bypass MFA and How Defenders Respond

Infostealers increasingly target browser cookies, session tokens, and refresh tokens. Learn why MFA is not enough, what token theft looks like, and how to detect replay.

9 min read
Cloud Control Plane Attacks: Why Identity Is the New Kill Chain
IdentityMay 4, 2026

Cloud Control Plane Attacks: Why Identity Is the New Kill Chain

Cloud breaches increasingly target the control plane: identities, tokens, policies, APIs, and automation. Learn how attackers move from one credential to full cloud control.

10 min read
Security LLM and Agent Workflows: When (and How) to Check Malicious Domains, IPs, and URLs Before Acting
AI & MLMay 4, 2026

Security LLM and Agent Workflows: When (and How) to Check Malicious Domains, IPs, and URLs Before Acting

AI assistants in SOAR, IDEs, and browser extensions can exfiltrate data or run malicious code if they fetch the wrong link. This guide gives guardrails: schema for tool calls, policy tiers, and where threat intelligence checks belong in the loop.

5 min read
Malicious npm Packages: Detecting Open-Source Supply Chain Compromise
Supply ChainMay 3, 2026

Malicious npm Packages: Detecting Open-Source Supply Chain Compromise

Malicious npm packages use typosquatting, dependency confusion, install scripts, and maintainer compromise to steal secrets and backdoor builds. Learn practical detection and response.

10 min read
Malicious Infrastructure Clustering: How Passive DNS, TLS Certificates, and ASNs Reveal Shared Campaigns
SecurityMay 3, 2026

Malicious Infrastructure Clustering: How Passive DNS, TLS Certificates, and ASNs Reveal Shared Campaigns

A single C2 IP is a clue; shared signing patterns and DNS co-occurrence are a map. This guide explains how defenders cluster infrastructure without chasing ghosts—and how to document findings for IR, threat intel, and law enforcement handoffs.

6 min read
Compromised Domains in Phishing: When Trusted Sites Become Attack Infrastructure
PhishingMay 2, 2026

Compromised Domains in Phishing: When Trusted Sites Become Attack Infrastructure

Attackers increasingly host phishing pages, redirects, and malware on compromised legitimate domains. Learn why reputation bypass works and how to detect hidden malicious paths.

10 min read
DPRK Remote IT Worker Threat: Identity, Insider Risk, and Cloud Access Abuse
Insider ThreatMay 1, 2026

DPRK Remote IT Worker Threat: Identity, Insider Risk, and Cloud Access Abuse

DPRK remote IT worker schemes blend fraud, identity deception, and insider access. Learn how hiring, endpoint, SaaS, and cloud controls can reduce the risk.

10 min read
SIEM and SOAR Threat Intelligence Enrichment: Workflows, Field Mapping, and the Metrics That Keep Teams Sane
ResearchMay 1, 2026

SIEM and SOAR Threat Intelligence Enrichment: Workflows, Field Mapping, and the Metrics That Keep Teams Sane

A SOAR playbook without enrichment is a ticket printer. A SIEM with unbounded threat feeds is a bill. Here is a practical way to design enrichment for Splunk, Sentinel, or Elastic-style stacks—what to store, when to run playbooks, and what to report upward.

6 min read
Threat Intelligence Risk Scoring: How to Calibrate Reputation, Reduce False Positives, and Defend Your Decisions
ResearchApr 30, 2026

Threat Intelligence Risk Scoring: How to Calibrate Reputation, Reduce False Positives, and Defend Your Decisions

A noisy score is worse than no score. Learn what makes a reputation model trustworthy, how to combine multi-source evidence, and how to communicate uncertainty to your SOC and your executives.

5 min read
Cloud IP Reputation: What AWS, Azure, and GCP Defenders Should Track in 2026
CloudApr 28, 2026

Cloud IP Reputation: What AWS, Azure, and GCP Defenders Should Track in 2026

Cloud IP addresses are shared, recycled, and abused at scale. Learn how to interpret reputation signals, reduce false positives, and align network security with platform-native controls across the three major hyperscalers.

5 min read
ASN Reputation for Threat Intelligence: How Autonomous System Intelligence Improves Prioritization and Hunt Programs
GuideApr 27, 2026

ASN Reputation for Threat Intelligence: How Autonomous System Intelligence Improves Prioritization and Hunt Programs

An IP address is a snapshot; an autonomous system (ASN) is a neighborhood. Learn how to use ASN context safely for triage, fraud, and security operations—without mistaking a giant cloud for a monolithic "bad host".

5 min read
Threat Intelligence Platforms: Architecture, Data Quality, and High-Signal Feeds
ResearchApr 26, 2026

Threat Intelligence Platforms: Architecture, Data Quality, and High-Signal Feeds

Design TIPs and intel pipelines that scale: normalization, confidence scoring, deduplication, API-first delivery, and how to pair platform investments with analyst workflows.

9 min read
Building IOC Pipelines: From Raw Indicators to Operational Threat Intelligence in 2026
ResearchApr 26, 2026

Building IOC Pipelines: From Raw Indicators to Operational Threat Intelligence in 2026

A practical engineering guide to building indicator of compromise (IOC) pipelines—ingestion, normalization, deduplication, enrichment, scoring, distribution, and feedback—to turn raw threat feeds into operational defense.

10 min read
Supply Chain CVE Response: SBOMs, Dependency Risk, and Coordinated Vulnerability Disclosure
Supply ChainApr 25, 2026

Supply Chain CVE Response: SBOMs, Dependency Risk, and Coordinated Vulnerability Disclosure

Build a modern supply-chain security program: generate SBOMs, map CVEs to components, integrate EPSS and KEV, and coordinate fixes across vendors and open-source maintainers.

9 min read
Initial Access Brokers and Ransomware: Mapping Attack Vectors Across the Cybercrime Supply Chain
RansomwareApr 24, 2026

Initial Access Brokers and Ransomware: Mapping Attack Vectors Across the Cybercrime Supply Chain

Understand how access brokers monetize footholds, how ransomware affiliates purchase them, and which defensive controls break the supply chain—from phishing to exposed services.

9 min read
Spear Phishing and Social Engineering: The Top Attack Vectors Targeting Enterprises in 2026
PhishingApr 24, 2026

Spear Phishing and Social Engineering: The Top Attack Vectors Targeting Enterprises in 2026

A complete guide to modern spear phishing and social engineering attack vectors—how threat actors plan, lure, and pivot, with detailed defensive controls for email, identity, training, and infrastructure reputation.

10 min read
Strategic, Tactical, and Operational Threat Intelligence: Frameworks for Modern Security Programs
ResearchApr 23, 2026

Strategic, Tactical, and Operational Threat Intelligence: Frameworks for Modern Security Programs

Align CTI outputs with audience needs: executive risk narratives, SOC-ready IOCs, and MITRE-mapped TTPs—plus governance models that keep intelligence timely and measurable.

9 min read
OSINT for SOC Analysts: Turning Open Source Intelligence Into Actionable Threat Intelligence
SOCApr 23, 2026

OSINT for SOC Analysts: Turning Open Source Intelligence Into Actionable Threat Intelligence

A complete guide to open source intelligence (OSINT) for security operations—tools, techniques, workflows, and legal considerations for collecting, analyzing, and operationalizing open threat data in a modern SOC.

10 min read
Hash Reputation at Scale: Building Detection Rules That Survive Real Networks
ResearchApr 22, 2026

Hash Reputation at Scale: Building Detection Rules That Survive Real Networks

Move beyond one-off hash blocks: design reputation pipelines, reduce false positives, and integrate file intelligence with IP and domain context for enterprise-grade detection engineering.

9 min read
File Hash Reputation Lookups: Accelerating Incident Response With IOC Enrichment
Incident ResponseApr 22, 2026

File Hash Reputation Lookups: Accelerating Incident Response With IOC Enrichment

A practitioner's guide to file hash reputation lookups—how they work, which data sources power them, how to build automated IOC enrichment pipelines, and how to integrate hash intelligence into SOC, SOAR, and incident response workflows.

10 min read
EPSS vs CVSS vs KEV: How to Prioritize CVEs When Everything Looks Critical
ResearchApr 21, 2026

EPSS vs CVSS vs KEV: How to Prioritize CVEs When Everything Looks Critical

Cut through scoring confusion: compare CVSS severity, EPSS exploit probability, and CISA KEV active exploitation—and learn a practical model for patch and compensating-control decisions.

9 min read
Threat Actor Attack Vectors in 2026: Mapping TTPs to Real-World Defenses
Threat IntelApr 20, 2026

Threat Actor Attack Vectors in 2026: Mapping TTPs to Real-World Defenses

Explore how adversaries gain initial access, move laterally, and exfiltrate data—and how security teams map attack vectors to MITRE ATT&CK, detection engineering, and threat-informed defense.

8 min read
Initial Access Brokers: How Threat Actors Breach Enterprise Perimeters in 2026
ResearchApr 20, 2026

Initial Access Brokers: How Threat Actors Breach Enterprise Perimeters in 2026

A deep dive into initial access brokers (IABs)—the cybercrime specialists who sell footholds into corporate networks—covering their techniques, pricing, detection signals, and how to defend against the top attack vectors they exploit.

10 min read
Operational Threat Intelligence: Turning IOCs into Prioritized Security Actions
GuideApr 19, 2026

Operational Threat Intelligence: Turning IOCs into Prioritized Security Actions

Define operational CTI that SOC teams can use daily: IOC lifecycle, confidence scoring, feed hygiene, and how to align indicators with detection engineering and incident response.

9 min read
Strategic, Operational, and Tactical Threat Intelligence: A Practitioner's Framework for 2026
ResearchApr 19, 2026

Strategic, Operational, and Tactical Threat Intelligence: A Practitioner's Framework for 2026

A complete guide to the three levels of threat intelligence—strategic, operational, and tactical—with practical examples of consumers, outputs, feeds, and how to connect them into a coherent CTI program.

9 min read
File Hash Analysis for Malware Detection: SHA-256, Reputation, and Threat Intel Workflows
MalwareApr 18, 2026

File Hash Analysis for Malware Detection: SHA-256, Reputation, and Threat Intel Workflows

Learn how cryptographic file hashes power malware identification, why SHA-256 dominates security tooling, and how to combine hash lookups with broader threat intelligence for fewer false positives.

8 min read
IP and Domain Intelligence: Building a Proactive Cyber Threat Defense
AI & MLApr 11, 2026

IP and Domain Intelligence: Building a Proactive Cyber Threat Defense

Reactive security leaves organizations perpetually one step behind attackers. Learn how combining IP and domain intelligence transforms your security posture from reactive incident response to proactive threat prevention that stops attacks before they start.

9 min read
IP Lookup for Cyber Threat Detection: A Complete Security Guide
GuideApr 7, 2026

IP Lookup for Cyber Threat Detection: A Complete Security Guide

Learn how IP lookup works as a frontline defense against cyber threats. Discover how to use IP reputation data, threat intelligence feeds, and automated checks to block malicious actors before they reach your systems.

8 min read