#threat intelligence
16 stories taggedthreat intelligence.
Harvest Now, Decrypt Later: Why Credentials Are the First Casualty of Q-Day
Captured ciphertext today becomes plaintext tomorrow. Credentials sit at the top of the target list.
ASIO Found State Hackers Pre-Positioned for Sabotage Inside Australian Critical Infrastructure
Australia's domestic intelligence agency says a foreign state actor had stolen valid credentials from IT staff at a critical infrastructure operator — and was staging for disruption, not just espionage.
Turla's STOCKSTAY: A Fresh .NET Backdoor Aimed at Kyiv and Rome
Google's threat hunters tie the Russian FSB-linked crew to a previously undocumented Windows implant hitting Ukrainian military targets and Italy-focused diplomatic entities.
Non-Admin macOS Accounts Can Chain Native OS Features to Blind Endpoint Security Tools
No exploit required. Researchers found that standard user privileges are enough to chain macOS weaknesses and silently kill endpoint security agents — no vulnerability needed.
Agentic AI Runs on Context. Feed It the Wrong Kind and Decisions Go Sideways Fast.
The core vulnerability in agentic AI systems isn't the model — it's the context window. Bad inputs, machine-speed outputs.
FortiBleed: Russian-Speaking Broker Tied to 430K FortiGate Credential Harvest
Researchers attribute the long-running operation to a financially motivated IAB, with credential lists feeding brute-force runs against exposed FortiGate appliances since February.
Five Eyes to CSOs: AI Has Already Changed Your Threat Model — Act Now
A joint advisory from CISA and four allied agencies demands strategic action on AI-amplified threats. Experts say the advice is late, vague, and misses the real risk sitting inside your own network.
Weekly Threat Roundup: EDR Killers, Browser Bugs, and an Android Trojan With Too Many Hands
Another week of recycled tradecraft — abused integrations, poisoned WordPress, and ransomware crews still gunning for endpoint sensors.
INTERPOL Flags Sharp Rise in Phishing, Ransomware and AI Scams Across Asia-Pacific
A new INTERPOL assessment maps a region where cybercrime is outpacing defensive capacity, with phishing leading the volume charts and ransomware crews exploiting the gap.
Anonymized Infrastructure Now Touches 94% of Incidents, and Most SOCs Are Still Playing Catch-Up
Survey data points to a persistent gap between IP enrichment volume and the analyst's ability to answer a simple question: who's actually on the other end?
Tracing 'The Gentlemen' RaaS: OPSEC Trail Points to an Izhevsk Operator
A 90/10 affiliate split rocketed the crew to second place by victim count. The administrator's forum breadcrumbs are less impressive.
Corporate Cyber Readiness Is a Compliance Exercise. The Military Treats It as Combat.
Enterprise incident response still runs on annual tabletops and audit checkboxes. That gap between posture and practice is exactly what attackers count on.
TA4922 Broadens European Targeting With ValleyRAT, Atlas RAT Loadouts
A China-nexus cluster tracked as TA4922 is hitting orgs in the UK, Germany, Italy, and South Africa, mixing known RATs with newer tooling.
ShinyHunters Hits Canvas LMS: 275 Million Records, a Defaced Login Page, and a Free-Tier Attack Vector
The extortion group's May 2026 strike on Instructure exposed how peripheral, lower-security environments can become the entry point that compliance badges never covered.
SideCopy Hits Afghan Finance Ministry With Xeno RAT in Pashto-Lure Phish
A new spear-phishing run tracked to the Pakistan-aligned cluster pairs LNK-laced ZIPs with an open-source RAT, in what looks like a continuation of the group's South and Central Asia espionage focus.