Skip to main content

Tag: threat intelligence

390 articles

Security expert standing in front of large screen display in a conference setting.

Microsoft Warns AI Adoption Exposes Organizations to New Malware Threats

Microsoft's senior security researcher warns that the AI tools making our jobs easier can also be exploited by threat actors, highlighting a new and urgent risk for organizations to manage. As AI adoption grows, companies must recognize it as both a valuable asset and a potential attack surface that requires careful protection.

Analyst 207
Laptop on a cluttered office desk with papers and supplies nearby.

China-Linked TA4922 Expands Phishing Attacks Globally

Meet TA4922, a China-linked group rapidly expanding its phishing attacks worldwide, with a financially motivated agenda to infiltrate and exploit victim environments for data theft, fraud, and more. This threat actor is now targeting organizations globally, from the UK to Germany, Italy, and South Africa.

Analyst 207
Cybersecurity professional works in modern operations center with computer screens and equipment.

Defensive Cyber Evolves to Counter AI-Driven Threats

The cyber threat landscape is undergoing a seismic shift, with AI-driven attacks now unfolding at a breathtaking pace and scale that traditional defenses can't keep up with. This exponential explosion of attacks is ratcheting up the stakes for data availability and integrity, and it's only getting worse.

Analyst 207
Vulnerability management team in high-tech operations room with large screens displaying data visualizations.

AI-Driven Exploitation Forces New Vulnerability Management Tactics

The threat landscape has changed: vulnerabilities are now being discovered, exploited, and weaponized in a matter of hours, leaving defenders scrambling to keep up. With AI-driven attacks accelerating, it's clear that traditional vulnerability management tactics just aren't fast enough.

Analyst 207
Modern office space divided, two sections separated by a gap.

Threat Intelligence Fails to Bridge Business Risk Gap

Threat intelligence falls short when it doesn't drive informed decision-making, often leaving a gap between analyst findings and senior leaders' priorities. Silobreaker and the SANS Institute are bridging this gap with a new study that explores how to turn threat intelligence into actionable business risk strategies.

Analyst 207
IT professionals gather around a large screen displaying a network diagram in a brightly-lit operations center.

Faster Vulnerability Alerts Disrupt Cyberattack Window

The time it takes for attackers to exploit a newly disclosed vulnerability has dramatically shrunk to just 1.6 days - leaving organizations scrambling to respond. In today's lightning-fast threat landscape, staying ahead of vulnerability alerts is crucial to preventing devastating cyberattacks.

Analyst 207
Discarded Android smartphones and tech components litter a dimly lit urban alleyway.

ESET Exposes BTMOB Android Malware Service

Meet BTMOB, a sneaky Android malware that's being sold as a subscription service - think $700/month or a one-time $5,000 fee for a lifetime license - making it easy for anyone to become a cyber threat actor. This malware-as-a-service platform even comes with a user-friendly APK builder, requiring zero coding skills.

Analyst 207
Concerned individuals walk down a modern office corridor lined with server racks and filing cabinets, with a focused laptop…

Cyber Extortion Economy Shifts Away From Ransomware Encryption

The cyber extortion landscape is undergoing a seismic shift, with threat actors ditching ransomware encryption in favor of data-only extortion - and they're moving at lightning speed, with one case seeing data exfiltration in just 39 seconds. This trend is driven by improved backup and recovery methods, leaving attackers to focus on stealing sensitive data.

Analyst 207
Security professionals monitor threat detection interface in a brightly-lit operations center.

SOCs Shut Down Incident Risks with Proactive Threat Detection

Stay ahead of incident risks with proactive threat detection from ANY.RUN's Threat Intelligence Feeds, which deliver a continuous stream of high-confidence threat data from a vast network of organizations and SOC professionals. By shrinking the time between detection and understanding, modern Security Operations Centers (SOCs) can effectively shut down threats before they cause harm.

Analyst 207
Brightly-lit software development workspace with multiple workstations and monitors.

CrowdStrike Disrupts GlassWorm Malware's Global Supply Chain Attack Infrastructure

In a major win for cybersecurity, CrowdStrike teamed up with Google and the Shadowserver Foundation to dismantle the global infrastructure behind the GlassWorm malware attack, crippling its ability to issue commands or deliver new payloads to infected machines. This coordinated operation targeted and neutralized the malware's command-and-control channels, protecting software developers from further exploitation.

Analyst 207
Network operations center interior with daylight streaming in through a large window and analysts at console stations…

Agentic AI Tames Network Detection's Alert Firehose

Imagine sifting through 847 network anomalies daily - that's like trying to find a needle in a haystack! With agentic AI triage, that overwhelming number is dramatically reduced to just 4 prioritized detections, complete with the evidence and suggested actions analysts need to take swift and effective action.

Analyst 207
Formula 1 fan with smartphone displaying suspicious live stream amidst crowd and counterfeit merchandise.

Fraudsters Target F1 Fans with Fake Streams, Counterfeit Merch Scams

When it comes to motorsports, speed is a double-edged sword - while the action is fast-paced and thrilling, it also creates opportunities for scammers to strike, as noted by Bogdan Botezatu, senior director of threat research at Bitdefender. Cybercriminals are now targeting F1 fans with fake streams and counterfeit merch scams, making it essential for fans to stay vigilant.

Analyst 207
Developer workstation with laptop, papers, and office supplies, cityscape visible through window.

Cyber Thieves Exploit SEO to Spread Infostealers via Fake AI Sites

Cyber thieves are using clever SEO tricks to spread infostealers through fake AI sites, targeting enterprise users and developer workstations with a potent mix of imitation and in-memory malware. This brief but potent campaign has been meticulously planned, with malicious domains deployed as early as March 2026.

Analyst 207
Rows of servers and equipment in a data center, some partially disassembled.

Microsoft Disrupts Malware-Signing Service Used in Ransomware Attacks

Microsoft swooped in to shut down a notorious malware-signing service, seizing the website signspace.cloud and taking down hundreds of virtual machines used to fuel ransomware attacks. This bold move, dubbed OpFauxSign, crippled a key operation run by the threat actor Fox Tempest, which had been using Microsoft's own system against them since May 2025.

Analyst 207
Brightly-lit server rack in a cybersecurity operations center against a mid-tone background.

Microsoft Disrupts Malware-Signing Service Used by Ransomware Gangs

Microsoft cracked down on a notorious malware-signing service used by ransomware gangs, disrupting the operations of Fox Tempest, a financially motivated group that generated millions of dollars in profits by selling trust to cybercriminals. The group had created over 1,000 code-signing certificates and hundreds of Azure tenants to support its industrial-scale scheme.

Analyst 207
Smartphone lies on a park bench surrounded by scattered papers and app icons, with a city street in the background.

Trapdoor Android Ad Fraud Scheme Exposes 455 Malicious Apps

Meet Trapdoor, a massive Android ad fraud scheme that used 455 malicious apps to generate a staggering 659 million daily bid requests, fueling a self-sustaining machine that turned innocent installs into big bucks. This complex operation was uncovered by HUMAN's Satori Threat Intelligence and Research Team, shedding light on a pipeline for multi-stage fraud.

Analyst 207
Modern security operations center with futuristic equipment and blank computer screen.

Torq Bolsters AI-Powered Security with Jit Context Graph Acquisition

Torq supercharges its AI-powered security with the acquisition of Jit's innovative context graph technology, enabling real-time understanding of business relationships between assets and alerts. This game-changing integration helps Torq deliver smarter, more effective security solutions.

Analyst 207
Modern office interior with robotic system component in foreground and blurred server room in background.

AI Agents Expose Blind Spots in APAC Enterprise Security

Attackers are now targeting AI agents embedded within APAC enterprises, exploiting weaknesses in non-human identities to gain access to sensitive systems, data, and workflows. This emerging threat highlights a significant blind spot in enterprise security, one that's ripe for exploitation by malicious actors.

Analyst 207
Cluttered office workspace with multiple computer screens and scattered papers.

AI-Powered Bug Reports Overwhelm Security Teams

GitHub is overhauling its bug report system after being inundated with AI-generated submissions that are often incomplete, unrealistic, or redundant, making it tough for security teams to keep up. The platform is tightening its definition of a "complete" bug report to help separate signal from noise.

Analyst 207
Windows 11 workstation on a clutter-free desk in an office setting.

Bitdefender Exposes Hidden Attack Surface in Trusted Tools

Did you know that 84% of high-severity incidents involve the abuse of trusted tools, making them nearly invisible to traditional security measures? This shocking statistic highlights the alarming ease with which attackers can hide in plain sight, using legitimate tools against you.

Analyst 207
Brightly-lit lab with a computer workstation and technical instruments.

AI-Developed Zero-Day Exploit Exposes New Threats

Google's discovery of the first AI-generated zero-day exploit is a game-changer, revealing a new level of threat sophistication. This historic finding shows that AI can now be used not just to identify vulnerabilities, but to create and deploy malicious code.

Analyst 207
Disarrayed computer network operations center with analysts at work amidst scattered papers and idle equipment.

Remediation Programs Often Fail to Validate Fixes

The alarming truth is that remediation programs often fall short, with a staggering mismatch between the speed of exploits and fixes - Mandiant's report reveals a mean time to exploit of just -7 days, while Verizon's data shows a median remediation time of 32 days.

Analyst 207
Modern tech lab with people in background and computer monitor on desk.

Google Exposes AI-Built Zero-Day Threat That Nearly Sparked Mass Attack

The game-changing moment came when a zero-day threat, nearly sparking a mass attack, was uncovered - and forensic evidence revealed its exploit code was astonishingly built by an AI model. This breakthrough highlights how AI is revolutionizing exploit development, making it faster and more accessible to malicious actors.

Analyst 207
Security professional stands before a cityscape window with looming digital threats.

Security Teams Overlook AI-Driven Threats in Cloud Risk Management

Stay ahead of the threats: are you managing cloud risk effectively, or is it still siloed and vulnerable to AI-driven attacks? Recent research from Google Threat Intelligence Group reveals a new wave of AI-augmented operations that are scaling and accelerating compromises.

Analyst 207