The Threats That Matter. Weekly.
We synthesize intelligence from government agencies and industry leaders into actionable insights — so you can stay ahead without drowning in noise. No paywalls. No registration required.
Latest Editions
E86 - Castles on Quicksand
March 31, 2026 | IBM X-Force Threat Intelligence Index 2026 & Red Canary Threat Detection Report 2026
IBM X-Force and Red Canary's 2026 reports converge on an uncomfortable truth: sophisticated attacks are succeeding through basic failures. With 109 active ransomware groups, an 850% surge in identity attacks, and AI currently favoring defenders — the security industry is optimizing for the wrong threats.
E85 - The Responder's Report
March 24, 2026 | Mandiant M-Trends 2026 — March 2026
Mandiant M-Trends 2026 — built on 500,000+ hours of incident response across 83 campaigns and 73 countries. Voice phishing surges to #2 vector, ransomware operators industrialize recovery denial, and the first AI-powered malware families are confirmed in the wild.
E84 - The Digital Parasite
March 17, 2026 | Picus Red Report 2026 — March 2026
Picus Labs analyzed 1.1 million malicious files and 15.5 million adversarial actions. 80% of the top 10 MITRE ATT&CK techniques are now dedicated to evasion and persistence — not disruption. Ransomware encryption declined 38%. Credential theft is now twice as prevalent. The adversary's primary success metric is no longer impact — it's dwell time.
E83 - The Convergence
March 13, 2026 | CrowdStrike 2026 Global Threat Report — February 2026
CrowdStrike tracks 281 adversaries. The fastest breakout time: 27 seconds. 82% of intrusions are malware-free. Three major 2026 threat reports in three weeks converge on one conclusion — identity is the perimeter, cloud is the battlefield, and traditional security models are defending against yesterday's threat landscape.
E82 - Blending In
March 9, 2026 | 2026 Cloudflare Threat Report — March 3, 2026
Cloudflare processes 20% of global internet traffic and blocks 230 billion threats daily. Their inaugural threat report reveals attackers have stopped breaking in — they're blending in. 94% of login attempts are bots. 63% of human logins use compromised credentials. Living off XaaS is the new attack model.
E81 - 72 Minutes
March 3, 2026 | Unit 42 Global Incident Response Report 2026 — February 2026
Unit 42 analyzed 750+ incidents in 2025. 90% were preventable. Exfiltration in 72 minutes. Identity is the skeleton key. AI compresses the kill chain. Supply chains are nation-state highways. A presidential-level debrief on the report that should reshape every security strategy.
E80 - From Knowing to Doing
February 24, 2026 | World Economic Forum — February 2026
WEF Roundup: Three reports in one week expose the same gap — organizations know the risks but aren't acting fast enough. 87% flag AI vulnerabilities. Fewer than 1% govern AI responsibly. Quantum harvest-now-decrypt-later is already underway. What leaders need to hear to close the gap.
E79 - Same AI, Different Mission
February 16, 2026 | GTIG AI Threat Tracker — February 12, 2026
GTIG AI Threat Tracker: Seven state-sponsored groups weaponize Gemini across the full attack lifecycle. HONESTCUE malware calls AI APIs at runtime. Model extraction at 100K+ prompts. ClickFix campaigns hosted on trusted AI platforms.
E78 - Three Flags, One Target
February 10, 2026 | CERT-EU Cyber Brief — January 2026
CERT-EU's January 2026 Cyber Brief: China, Russia, and North Korea converged on Western critical infrastructure simultaneously. Salt Typhoon, Sandworm, Contagious Interview, 6 zero-days, and LLM targeting.
E77 - The Threat Your Security Stack Can't See
February 3, 2026 | Wiz CISO Budget Survey Report 2026
Wiz CISO Budget Survey 2026: 85% of CISOs increased cloud security spending—56% say it's still not enough. Shadow AI is the new blind spot.
E76 - Ransomware's Profit Problem (And Why That Makes It Worse)
January 30, 2026 | GuidePoint 2026 Ransomware and Cyber Threat Report
GuidePoint 2026 Ransomware Report: When profits shrink, attackers don't quit. They industrialize. 7,515 organizations were publicly posted as ransomware victims in 2025.
E75 - When Attackers Move Faster Than You Can Think
January 27, 2026 | Fortinet 2026 Threat Predictions Report
Fortinet's 2026 Threat Predictions: Attackers aren't just using AI—they're deploying autonomous agents that hunt, breach, and monetize without human intervention.
E74 - Welcome to 2026
January 2, 2026 | Google Cybersecurity Forecast 2026
Google's Cybersecurity Forecast 2026: AI isn't just accelerating cybersecurity—it IS cybersecurity.
E73 - Six Threat Vectors. One Action Plan.
November 11, 2025 | Microsoft Digital Defense Report 2025
Microsoft processes 100 trillion signals daily. Their 2025 Digital Defense Report distills it into six threat vectors every security leader should track.
E72 - When Insurance Becomes a Security Tool
October 29, 2025 | CLTC White Paper — Economics of Cyber Policies for Critical Care
UC Berkeley's CLTC studied cyber insurance economics — 80% of organizations improved security specifically to qualify for coverage.
E71 - When AI Becomes the Attacker
September 30, 2025 | Anthropic Threat Intelligence Report — Detecting & Countering Misuse
Anthropic published transparent data on how their AI models are being weaponized — from ransomware development to employment fraud to automated extortion.
E70 - Identity Is Your Security Nerve Center
September 18, 2025 | SailPoint — The Horizons of Identity Security 2025
63% of enterprises remain in the lowest two identity maturity horizons. Less than 40% govern AI agent identities. SailPoint's data tells the story.
E69 - The Cloud Is Now the Battleground
September 9, 2025 | Orca Security — 2025 State of Cloud Security Report
Orca Security analyzed billions of cloud assets. 84% run AI workloads, 62% with vulnerable packages. 32% of assets unpatched. 85% embed plaintext secrets in code.
E68 - Your Code Is Aging Faster Than You're Fixing It
August 26, 2025 | Veracode — 2025 State of Software Security
Veracode's 15th annual report: 80% of apps contain security flaws, median fix time ballooned to 252 days, 74% carry security debt, and 70% of critical debt lives in open-source dependencies.
E67 - Attackers Are Running Like a Business
August 19, 2025 | CrowdStrike 2025 Threat Hunting Report
CrowdStrike's threat hunting team found interactive intrusions up 27%, 81% malware-free, cloud intrusions surged 136%, and vishing exploded 442%. Electronic crime represents 73% of all interactive activity.
E66 - Shadow AI Is Already Costing You $670,000
August 6, 2025 | IBM — 2025 Cost of a Data Breach Report
IBM's 2025 Cost of a Data Breach Report: U.S. breaches hit $10.22M average, shadow AI adds $670K to breach costs, 1 in 6 breaches involve AI-powered attacks, and security AI saves $1.9M.
E65 - 110 CISOs Told Us What Keeps Them Up at Night
July 29, 2025 | Team8 — 2025 CISO Village Survey
Team8's 2025 CISO Village Survey: #1 pain point is securing AI agents (39%). 5 of top 9 priorities are AI-related. 67% deploying agentic AI in 2025. Budgets tightening — 52% saw increases, down from 70%.
E64 - A Billion Accounts Without MFA
July 23, 2025 | Trend Micro — 2025 Cyber Risk Report
Trend Micro's 2025 Cyber Risk Report: CRI averages 38.4 (medium risk). Over 1 billion accounts lack MFA. 57M high-risk emails blocked (+27% YoY). Mean patch time 41.3 days for large enterprises.
E63 - 90% of Organizations Can't Counter AI-Enabled Threats
July 16, 2025 | Accenture — State of Cybersecurity Resilience 2025
Accenture surveyed 2,286 executives: 90% lack maturity to counter AI-enabled threats. Only 10% reach Reinvention-Ready status. Cyberattacks surged 75% YoY. 4.8 million unfilled cybersecurity positions globally.
E62 - Identity Crime Is Now a Mental Health Crisis
July 8, 2025 | ITRC — 2025 Trends in Identity Report
ITRC's 2025 Trends in Identity Report: identity misuse is expanding into prolonged victimization, support systems aren't keeping up, and the emotional toll is turning identity crime into a mental health crisis.
E61 - Cybersecurity's Last Mile Problem
July 1, 2025 | UC Berkeley CLTC — The Roadmap to Community Cyber Defense
UC Berkeley CLTC's roadmap for community cyber defense: hospitals, schools, utilities, and local governments face enterprise-grade threats with minimal resources. Five building blocks for community resilience.
E60 - The Identities You're Not Managing Are the Ones Getting Compromised
June 24, 2025 | CyberArk — 2025 State of Machine Identity Security
CyberArk's 2025 report: 50% of orgs had machine identity security incidents. 79% expect 150% growth. Only 23% prioritize them. Certificate outages tripled since 2022.
E59 - 150,000 Incidents Prove Time Is the Variable That Matters
June 17, 2025 | Cyentia Institute — IRIS 2025
Cyentia Institute's IRIS 2025: 150,000+ incidents over 15 years. Sixfold increase in significant incidents. Large firms 620x more likely to be targeted. Median loss $2.9M, tail risk $32M.
E58 - Can AI Agents Tip the Scales Toward Defenders?
June 11, 2025 | World Economic Forum — AI Agents and Cybersecurity
World Economic Forum: autonomous AI agents can shift cybersecurity advantage toward defenders — proactive vulnerability remediation, self-healing networks, and coordinated global defense at microsecond speed.
E57 - 93,000 Threats Across 4 Million Endpoints
June 3, 2025 | Red Canary — 2025 Threat Detection Report
Red Canary's 2025 Threat Detection Report: 93,000 threats detected (+33% YoY), identity attacks surged 4x, ransomware demands hit $75M, and initial access is evolving beyond email phishing.
E56 - 48 Minutes to Breakout
May 27, 2025 | SANS — Threat Analysis Rundown with Katie Nickels
SANS analyst Katie Nickels synthesizes Mandiant, CrowdStrike, and Verizon DBIR: 48-minute breakout time, ransomware surged 37%, dwell time down to 11 days, 79% of detections involve legitimate tool misuse.
Best of the Best
Our most impactful editions — deep analysis of the industry's most-cited annual reports. Consolidated and updated for lasting reference value.
Best of E52 - 450,000 Hours on the Front Lines
April 29, 2025 | Mandiant M-Trends 2025
Mandiant M-Trends 2025: 450K+ hours of incident response. Exploits lead at 33%, stolen credentials surpass phishing, North Korean IT workers at 5% of attack vectors, and dwell time drops to 11 days — but not because defenders are faster.
Best of E51 - 12,000 Breaches and the Year Everything Doubled
April 23, 2025 | Verizon 2025 Data Breach Investigations Report (DBIR)
Verizon 2025 DBIR: 12,000+ breaches analyzed. Third-party risk doubled, ransomware surged 37%, zero-day edge exploitation up 800%, and SMBs face 88% ransomware rate. The most-cited cybersecurity report of the year.
Best of E45 - 51 Seconds to Breakout
March 11, 2025 | CrowdStrike 2025 Global Threat Report
CrowdStrike 2025 Global Threat Report: Breakout time averages 48 minutes with a 51-second floor. 79% of attacks are malware-free. Vishing surged 442%. China-nexus espionage spiked 150%. The speed benchmark for the threat landscape.
Best of E39 - 900 Million Attacks and the List That Missed 73%
January 28, 2025 | Forescout 2024 Global Threat Roundup
Forescout 2024 Global Threat Roundup: 900M attacks observed. 73% of exploited vulnerabilities NOT in CISA KEV. Critical infrastructure attacks up 668% since 2022. State-sponsored at 48%. The OT/IoT threat landscape most reports miss.
Best of E36 - 66% Say AI Will Reshape Cybersecurity. Only 37% Are Ready.
January 14, 2025 | World Economic Forum — Global Cybersecurity Outlook 2025
WEF Global Cybersecurity Outlook 2025: The 29-point gap between AI expectation and readiness defines 2025. 60% cite geopolitical risk, 54% name supply chain #1 challenge, 35% of SMBs lack resilience, 69% cite regulatory complexity, $12.5B in cybercrime costs.
Best of E32 - 19 Vendors Tested. Most Missed Over Half the Attack.
December 17, 2024 | MITRE ATT&CK Enterprise Evaluation 2024
MITRE ATT&CK Enterprise Evaluation 2024: 19 endpoint vendors tested against LockBit and CL0P ransomware behaviors. Most detected fewer than 50% of attack steps. Cynet and Cortex XDR achieved 100%. First macOS testing and false positive tracking.
Best of E30 - A Five Eyes Intelligence Agency Shows Its Cards
December 3, 2024 | Australian Signals Directorate — Annual Cyber Threat Report 2023-24
Australian Signals Directorate Annual Cyber Threat Report: 36,700 hotline calls, 82M malicious domains blocked, 250% surge in high-priority taskings. PRC pre-positioning confirmed. SMB cybercrime costs rising. A government intelligence perspective on the threat landscape.
Best of E24 - $1 Trillion in Fraud and 775 Million Malware Emails
October 22, 2024 | Microsoft Digital Defense Report 2024
Microsoft Digital Defense Report 2024: $1 trillion global fraud losses, 775M malware emails, 4,500 DDoS attacks daily, 83% of orgs hit multiple times. The fraud-cybercrime convergence — synthetic identities, PhaaS, and patch windows compressed to hours.
Best of E23 - The War You Can't See
October 15, 2024 | Atlantic Council Freedom and Prosperity Center
Atlantic Council research on Information Influence Activities: the IIA taxonomy (disinformation, misinformation, malinformation, propaganda), Russia's documented playbook, AI as force multiplier for information warfare, and why your SOC isn't built to detect the threat that costs more than ransomware.
Best of E21 - Europe's Threat Map and the Seven Threats That Define the Landscape
October 1, 2024 | ENISA Threat Landscape 2024
ENISA Threat Landscape 2024: Seven prime threats mapped to MITRE ATT&CK, ISO 27001, and NIST CSF v2.0. Public administration absorbs 19% of attacks. Living Off Trusted Sites (LOTS) abuses legitimate cloud services. FraudGPT operational. $25M deepfake loss. The regulatory authority's threat assessment IS the NIS2 compliance preview.