< ciso
brief />
Tag Banner

All news with #threat intelligence tag

123 articles

Forg365 PhaaS Targets Microsoft 365 with AI

🛡️ Forg365 is a phishing-as-a-service platform that targets Microsoft 365 accounts by combining adversary-in-the-middle (AiTM) and device-code phishing with integrated AI-assisted lure generation. The service offers an admin dashboard for campaign management, OAuth and SMTP configuration, token handling, and a browser extension called ForgCookie for persistent cookie harvesting. Researchers at ZeroBEC found the operation uses legitimate delivery services like Amazon SES and SendGrid-hosted resources to blend malicious emails into normal traffic.
read more →

Verify threat indicators before acting on feeds

🔍 The author recounts multiple cases where threat intelligence feeds and advisories mischaracterized malware or buried stronger indicators in machine-readable files. They describe a commercial feed mislabeling a Windows DonutLoader variant as the Linux Chalubo RAT, an official advisory whose PDF lacked stronger hashes present in the STIX bundle, and a CERT report with binary-level discrepancies. The piece stresses that labels and pipeline metadata are guesses until validated and urges analysts to open structured files and detonate samples when stakes are high.
read more →

Google Disrupts NetNut Residential Proxy Network

🛡️ Google says its Threat Intelligence Group, working with FBI and industry partners, has degraded NetNut (aka Popa), a large residential proxy network that turns home devices into rented relays. GTIG estimates NetNut controlled at least 2 million devices, including smart TVs and streaming boxes, which can be used to route criminals' traffic through private home connections. NetNut is linked to publicly traded Alarum Technologies, which denies wrongdoing and says its software provides consented bandwidth sharing. Researchers found many apps did not show consent prompts, and Google warns the network is resilient through reseller arrangements and may reappear under different brands.
read more →

Detection engineering rises as a core SOC capability

🔍 Detection engineering has moved from a niche role to a strategic imperative for many organizations, focused on building tailored, behavior-driven alerts that reduce false positives and improve response. It emphasizes threat modeling, SDLC/CI-CD practices, and integration of threat intelligence to craft detections specific to an organization’s environment. A SANS-Anvilogic survey found broad investment and leadership support, while AI and automation are increasingly used to tune rules and scale workflows.
read more →

Cloudflare launches Attribution Business Insights dashboard

📊 Cloudflare introduces the Attribution Business Insights dashboard to help publishers and business leaders distinguish valuable human referrals from extractive AI crawler traffic. The dashboard provides site-wide and per-operator crawl-to-referral ratios, top bot breakdowns, and updated crawler classifications like Training, Search, and Agent. Available to Cloudflare Bot Management customers, it centralizes visibility so decision-makers can evaluate impact before acting via existing security rules.
read more →

Lessons from underground: combating BEC threats

📣 Flare researchers examined underground forum discussions and tools used to orchestrate Business Email Compromise (BEC) campaigns, finding that attacks extend beyond email to include remote access, cash-out networks, and call centers. Actors target finance and leadership SaaS accounts, increasingly using AI to craft realistic messages and scale operations. Defenders should monitor exposed credentials, enforce MFA, train high-risk staff, and treat multi-channel contacts cautiously.
read more →

Pre-positioned cyber threats around FIFA 2026 event

⚠️ Check Point Research found that cybercriminals pre-built and partially deployed fraud infrastructure targeting FIFA World Cup 2026 before the June 11 kickoff, focusing on financial services, transportation, hospitality, and gambling. Pre-tournament research highlighted weak DMARC enforcement among partners, a 60x surge in fake sportsbook apps concentrated on Google Play, and large volumes of lookalike travel and hotel domains created two months prior. Check Point's exposure, brand protection, and dark web monitoring capabilities flagged the activity and report rapid remediation metrics.
read more →

US offers $10M for info on hackers targeting Signal and WhatsApp

🔔 The U.S. Department of State is offering up to $10 million through its Rewards for Justice program for information identifying members of UNC5792 and UNC4221, two groups tied to Russian intelligence and military services. The bounty follows FBI and CISA updates that these groups conducted phishing campaigns targeting Signal and WhatsApp users, including attempts to steal Signal Backup Recovery Keys by impersonating support agents. Targets included U.S. and NATO officials, journalists, NGOs, and researchers.
read more →

Fortinet Supports INTERPOL Operation CyberProtect III

🔎 Fortinet contributed to INTERPOL’s Operation CyberProtect III by providing intelligence and analysis through its role in the World Economic Forum’s Cybercrime Atlas. The four-day initiative helped identify dozens of suspicious cases, suspect profiles, and potential victims on content subscription platforms. The operation highlighted trends such as encrypted messaging, coded language, cryptocurrency payments, and AI-generated profiles used to facilitate exploitation.
read more →

VisionHeight managed rules added for AWS Network Firewall

🛡️ AWS Network Firewall now offers two new managed rule groups from VisionHeight in AWS Marketplace: Zero-Day Threat Protection and Noisy Scanners and Tor Protection. These rule groups use VisionHeight's Pulse telemetry to provide proactive blocking of malicious IP infrastructure and suppression of noisy Tor and scanner traffic. Daily refresh cycles reduce SOC alert volume and SIEM ingestion costs while improving protection for targeted workloads.
read more →

AI-Augmented Threat Intelligence: Beyond IOCs

🛡️ The article examines how AI, particularly large language models, can bridge the gap between atomic indicators of compromise (IOCs) and richer strategic threat intelligence by indexing and relating unstructured reports. It highlights opportunities to retrieve relevant intelligence and generate tailored defensive advice while warning about data veracity and confidentiality. The piece also emphasizes practical Windows threats abusing COM and recommends tooling and hunting practices to detect such misuse.
read more →

Microsoft named Leader in Forrester XDR Wave 2026

🛡️ Microsoft has been named a Leader in The Forrester Wave™: Extended Detection and Response Platforms, Q2 2026, earning the top Strategy and Vision scores. The report highlights Microsoft Defender and Microsoft Threat Intelligence for high marks across identity detection, cloud detection, SIEM replacement, threat hunting, and more. Microsoft emphasizes an XDR foundation that unifies signals across identities, endpoints, email, SaaS, and cloud workloads to enable coordinated, AI-assisted attack disruption and faster SOC operations.
read more →

Survey Finds AI Attacks Top Concern for Security Leaders

🔍 A Filigran survey of 168 security leaders at Infosecurity Europe 2026 found AI-powered attacks are the leading worry, cited by 41% of respondents, outpacing supply chain and unknown threats. Teams report alert fatigue as a major time sink, with chasing false positives (26%) and validating risks (25%) common. Trust in threat intelligence and AI decision-making remains low, and only 28% have a continuous exposure management program.
read more →

Staffing and AI Shape Modern SOC Challenges

🛡️ The SANS 2026 SOC Survey of 513 security professionals highlights staffing as the top operational challenge for SOCs, with a marked perception gap between practitioners and cyber leaders about hiring and retention. The report shows widespread AI/ML adoption (79%) but limited operational integration (36%), with most teams using vendor tools without customization. It also flags maturity issues in CTI use, OT/IoT coverage, and SOC measurement practices.
read more →

Survey Finds Anonymized IPs Drive Modern Incidents

🔍 A recent study of over 200 security practitioners by Spur Intelligence shows anonymizing infrastructure—VPNs and residential proxies—appears in nearly every incident, yet many teams lack the context and workflows to act on IP data. Analysts increasingly face noisy enrichment feeds without attribution, behavioral signals, or automation to inform real-time decisions. Organizations remain reactive, applying IP intelligence mainly during investigations, while internal risks from employee VPNs and proxy usage add blind spots that zero-trust must address.
read more →

Fortinet and MITRE CTID Strengthen Threat-Informed Defense

🔍 Fortinet highlights its role as a research partner with the MITRE Center for Threat-Informed Defense (CTID), contributing threat intelligence, operational expertise, and research to practical R&D projects. The CTID impact report (2019–2025) demonstrates collaborative efforts to map adversary behavior to detection, controls, and cloud security. Fortinet’s contributions focus on operationalizing ATT&CK-based frameworks, improving detection quality, and advancing program maturity across cloud, identity, and AI-driven workflows.
read more →

Cloudflare adds realtime threat intel to WAF

🛡️ Cloudflare now exposes live Threat Events signals directly to its WAF engine, enabling security teams to create proactive rules using attacker names, target industries, countries, attack types, and dataset sources. The integration enriches HTTP request metadata in real time without adding noticeable latency, supporting both UI and Infrastructure-as-Code workflows via API and Terraform. Matches are logged in Security Analytics for auditing, and Saved Views can be exported directly into WAF rules for streamlined operations.
read more →

Gap Between Threat Intelligence and Business Risk

🔍 A new paper from Silobreaker and the SANS Institute warns that business leaders often misunderstand threat intelligence and its value, creating an "intelligence–stakeholder gap." The report, launched at Infosecurity Europe 2026, finds that intelligence outputs can be overlooked or misinterpreted, limiting funding and visibility for intelligence teams. To close the gap, teams must tailor briefings to senior leaders, provide forward-looking exposure analysis, prioritise speed and seek regular stakeholder feedback to ensure intelligence changes decisions and drives risk-informed actions.
read more →

Six critical security gaps every CISO must address

🔒 CISOs admit many organizations remain underprotected, with surveys showing gaps in data protection, incident preparedness, and resourcing. As adversaries adopt automation and AI, security programs must close six core gaps: perception, speed versus attackers, business‑security alignment, skills, AI security, and legacy systems. Experts urge CISOs to shift toward resilience, accelerate operations with automation and CTEM, and invest in workforce and governance.
read more →

Less Panic Patching, More Precision in Remediation

🔍 This edition of Threat Source argues for smarter patch prioritization, pairing CVSS severity with EPSS likelihood to focus scarce operations on vulnerabilities being actively exploited. It contrasts centralized KEV visibility with emerging decentralized GCVE enrichment and highlights Cisco Talos' new open-source EvidenceForge for generating realistic synthetic logs to train defenders. The newsletter also summarizes recent incidents, vulnerability research, and tooling updates.
read more →