Real-Time Threat Intelligence
Emerging threats, vulnerabilities, and regulatory shifts — published 2-3 times per week.
No paywalls. No registration required.
Alert Types: THREAT ALERT · VULNERABILITY · SECTOR ALERT · TECHNIQUE · REGULATORY · TREND · FILING INTEL
All INTEL
INTEL-12: The Defender's Window
April 3, 2026
| TREND
Red Canary says AI benefits defenders more than adversaries. IBM warns the advantage is temporary. The organizations that deploy AI defensively now will have a structural advantage when the window closes.
INTEL-11: 850% Identity Surge
April 2, 2026
| THREAT ALERT
Red Canary recorded an 850% increase in identity threat detections. IBM confirms 300,000+ ChatGPT credentials on dark web markets. Six consecutive reports confirm identity as the dominant attack vector.
INTEL-10: The Ransomware Swarm
April 1, 2026
| TREND
IBM X-Force identified 109 active ransomware groups — a 49% increase. The cartel model is being replaced by a swarm of smaller operators using leaked toolkits and commoditized playbooks.
INTEL-9: 22 Seconds
March 28, 2026
| THREAT ALERT
The median handoff from initial access broker to ransomware operator collapsed from 8+ hours in 2022 to 22 seconds in 2025. A 1,300x compression. Low-impact browser infections are now full ransomware events.
INTEL-8: The Breach Starts With a Phone Call
March 27, 2026
| THREAT ALERT
Voice phishing surged to 11% of initial infection vectors — nearly double email phishing at 6%. For cloud-specific breaches, voice phishing is #1 at 23%. Scattered Spider researched help desk staff by name before calling.
INTEL-7: A New Risk Has Entered the Top 5
March 26, 2026
| TREND
Ransomware encryption dropped 38% in one year. Credential theft at 23% is now double encryption at 13%. Undetected long-term access has become a top-5 risk that most organizations haven't added to their risk registers.
INTEL-6: The Malware That Does Math to Prove You're Human
March 25, 2026
| TECHNIQUE
LummaC2 malware calculates the Euclidean distance and angles of mouse cursor paths using trigonometry to detect sandboxes. Sandbox evasion surged into the top 5 most prevalent techniques for the first time.
INTEL-5: Your Microsoft Login Page Is the Phishing Page
March 11, 2026
| THREAT ALERT
Nation-state adversaries from Russia and Iran are weaponizing Microsoft's own authentication infrastructure — Entra ID, OAuth 2.0, and device code flows — to gain persistent access that traditional security controls cannot detect.
INTEL-4: Your Cloud APIs Are the Attack Infrastructure
March 4, 2026
| THREAT ALERT
Muddled Libra doesn't bring malware. They call your help desk, reset a password, and use Microsoft Graph API to own your cloud from the inside. Unit 42's 2026 report flags them across aerospace, finance, tech, and telecom.
INTEL-3: 91,000 Sessions — Threat Actors Are Mapping Your AI Infrastructure
February 11, 2026
| TREND
GreyNoise documented 91,000+ reconnaissance sessions against LLM deployments in January 2026. If your AI endpoints are reachable without authentication, assume they've been mapped.
INTEL-2: The Human-in-the-Loop Imperative for AI Security
February 4, 2026
| TREND
NIST built its detection framework around one assumption: AI detects, humans validate. Fully automated security is a design flaw.
INTEL-1: Law Firms Are Now Premium Ransomware Targets
January 29, 2026
| SECTOR ALERT
Law firms paid ransoms at a 41% rate in 2025—about 14% more often than the cross-sector average.
Stay Ahead
Get INTEL alerts and FIR Risk Tuesday delivered to your inbox via LinkedIn.
Subscribe on LinkedIn