All news with #threat intelligence tag

🏆 Fortinet received two 2025 Crime Stoppers International awards—the Cybersecurity Leadership Award and the Corporate Leadership in Crime Prevention Award—for its global efforts to disrupt cybercrime through intelligence sharing, partnership, and workforce development. FortiGuard Labs and the Fortinet Training Institute are cited for delivering actionable threat intelligence and scalable education. The honors validate more than a decade of sustained public‑private collaboration and data‑driven prevention.

🔎 Proton and Constella Intelligence have launched the Data Breach Observatory, a real‑time dark‑web monitoring service that has identified more than 300 million compromised records tied to 794 incidents so far this year. The service combines automated crawlers, curated feeds and human analysts to surface breached data and alert affected parties. Proton says small and medium businesses are heavily targeted, with email addresses, names and contact details the most commonly exposed items. If aggregated datasets are included, Proton reports incidents rise to 1,571 and exposures reach hundreds of billions of records.

🔎 Early detection turns cybersecurity from a reactive cost into a business enabler. Investing in continuous visibility, threat intelligence, and rapid detection reduces incident costs, preserves uptime, and protects revenue and reputation. Solutions such as ANY.RUN's Threat Intelligence Feeds and TI Lookup deliver real-time IOCs, context-enriched analyses, and STIX/TAXII-ready integrations so SOCs can prioritize and act faster, lowering MTTR and operational burden.

📡 The Resilience Risk Operations Center (ROC) reframes cyber defense by fusing technical, business and financial intelligence into a single operating environment. Rather than relying solely on a traditional SOC that reacts to alerts, the ROC prioritizes threats using actuarial and claims data to show potential financial impact and guide urgent decisions. Inspired by the US Air Force AOC, it co-locates multidisciplinary experts to anticipate attacks and accelerate response. Early use, including response to an April 2024 VPN zero-day, showed faster mitigation and reduced losses.

🔎 Google Threat Intelligence Group (GTIG) observed coordinated pro-Russia information operations responding to reported Russian drone incursions into Polish airspace on Sept. 9–10, 2025. Actors amplified narratives denying Russian culpability, blaming NATO or Poland, and seeking to erode domestic and international support for Ukraine. GTIG documented activity across multiple networks and languages and noted these operations leveraged both long-standing and recently developed influence infrastructure.

🔒 Google Threat Intelligence Group (GTIG) reports that a DPRK-aligned threat actor tracked as UNC5342 has employed EtherHiding since February to host and deliver malware via smart contracts on Ethereum and the BNB Smart Chain. Campaigns begin with fake technical interviews that trick developers into running a JavaScript downloader named JADESNOW, which fetches a JavaScript build of InvisibleFerret for in-memory espionage and credential theft. The method offers anonymity, takedown resistance, and low-cost, stealthy payload updates.

🔎Citizen Lab reports a coordinated AI-enabled influence operation, dubbed PRISONBREAK, that used more than 50 inauthentic X profiles to push narratives aimed at inciting revolt within Iran. Created in 2023, the network became active mainly from January 2025 and produced bursts of activity synchronized with IDF operations in June 2025. Citizen Lab notes limited organic engagement, though some posts reached tens of thousands of views, and assesses the most consistent attribution is to an Israeli government agency or a closely supervised subcontractor.

🛡️ Citizen Lab has identified a coordinated network of more than 50 inauthentic accounts on X, labeled PRISONBREAK, conducting an AI-enabled influence operation aimed at provoking Iranian audiences to revolt against the Islamic Republic. The network was created in 2023, with most observable activity beginning in January 2025 and intensifying around June 2025, partially synchronized with Israeli military actions. Organic engagement was limited overall, though some posts achieved tens of thousands of views after seeding to large public communities and likely paid promotion. After reviewing alternatives, Citizen Lab assesses the most consistent hypothesis is direct involvement by an unidentified Israeli government agency or a closely supervised subcontractor.

🔎 Microsoft’s Incident Response (IR) team emphasizes calm, clarity, and rapid action when customers encounter major breaches. Adrian Hill explains how IR establishes trust within the first 30 seconds and coordinates with other vendors and stakeholders to stabilize compromised environments. Field discoveries are fed back into Microsoft Threat Intelligence, enabling new detections and product protections. Follow-up recovery, containment, and strategic guidance turn response into lasting partnership.

🔒 The 2015 Cybersecurity Information Sharing Act (CISA 2015) has expired after lawmakers failed to extend legal safe-harbors for voluntary threat sharing via the Automated Indicator Sharing program (AIS). Amid a congressional funding standoff and a resulting partial government shutdown, industry leaders warn the lapse exposes companies to litigation and may deter intelligence exchange. Security executives say reduced sharing could create blind spots, elevate software supply-chain risk and slow development of AI-driven defenses.

🔒 Congress allowed CISA 2015 to lapse on Sept. 30, 2025 amid a US government shutdown, removing statutory liability shields for private-sector cyber threat information sharing. The expiration reduces government visibility into corporate threat data and is likely to make companies and CISOs more cautious about exchanging indicators and defensive measures. Experts urge immediate legal review and expect Congress may pursue a temporary reauthorization, though the timing and duration remain uncertain.

🛡️ CISA has ended its cooperative agreement with the Center for Internet Security, terminating federal funding for the MS-ISAC on September 30 and placing the program's future in doubt. The MS-ISAC supports more than 18,000 state, local, territorial and tribal members with services such as advisories, secure information sharing, tabletop exercises and the Albert intrusion detection system. CIS has been temporarily subsidizing operations at over $1m per month but plans to phase out that support and is pushing members toward a paid membership model. CISA says it will move to a "new model" to support SLTT partners with tools, grant access and regional advisors.

🌐 Cloudflare Radar now offers regional traffic insights and expanded Certificate Transparency data to provide more granular, localized visibility into Internet health and trust. Regional views break traffic down by first-order administrative divisions (ADM1), showing bytes, requests, device (mobile/desktop) and bot/human splits, and can be joined with ASN filters in the Data Explorer. The CT dashboard, built on prior Merkle Town work, surfaces certificate volumes, CA and log-level metrics, issuance trends, signature and key algorithm distributions, and richer domain certificate details accessible via the Radar UI and API.

⚽ As the 2026 FIFA World Cup approaches, threat actors are already preparing by registering thousands of event-related domains and staging deception campaigns. In the two months since 1 August 2025, researchers identified over 4,300 newly registered domains referencing FIFA, the World Cup, or host cities; many look innocuous but present risks including phishing, fake ticketing, and malware delivery. The findings underline the need for proactive domain monitoring, stronger email and web defenses, and coordinated threat intelligence sharing among organizers, sponsors, and security teams to protect fans and partners.

🔍 CISA released a technical analysis of malware used in attacks exploiting two Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities, CVE-2025-4427 and CVE-2025-4428. The agency details two distinct malware sets that used a common web-install.jar loader and malicious listener classes to inject and execute code, exfiltrate data, and maintain persistence. Attackers targeted the /mifs/rs/api/v2/ endpoint via HTTP GET requests with a ?format= parameter, delivering segmented, Base64-encoded payloads. CISA published IOCs, YARA and SIGMA rules and advises immediate patching and treating MDM systems as high-value assets.

🔎 The article explains why Dark Web monitoring is essential for CISOs and security teams, focusing on the discovery of leaked credentials, sensitive corporate data, and brand-abuse used in fraud and phishing. It profiles ten leading solutions and contrasts commercial Digital Risk Protection services with open-source intelligence platforms. The piece emphasizes integration with XDR/MDR, API access, takedown capabilities, and VIP and supply‑chain monitoring to prioritize responses and reduce business risk.

🔒 In this Humans of Talos interview, Alex Ryan, an Incident Commander with Cisco Talos Incident Response, reflects on her unconventional path from liberal arts degrees to a career in cybersecurity and threat intelligence. She describes the technical and emotional realities of incident response—triaging IOCs, conducting forensic analysis, and quickly building customer trust—while managing high stress and business risk. Ryan also discusses recovering from burnout after parenthood, learning to set boundaries, and how a supportive team helps sustain long-term performance.

🔒 The UK's National Crime Agency will chair the Five Eyes Law Enforcement Group (FELEG) and concentrate on disrupting cybercrime, money laundering and online sexual abuse of children over the next two years. The NCA singled out loosely affiliated native-English networks known as 'The Com', which operate across messaging apps, gaming platforms and forums and share violent and child-abuse material. It also linked these groups to data-theft and extortion campaigns involving actors such as Scattered Spider, ShinyHunters and Lapsus$, citing incidents affecting retailers and luxury brands. FELEG has promoted the UK's Counter Terrorism Policing to full member status to strengthen responses to hybrid threats.

🔍 CrowdStrike unveiled Threat AI, described as the industry’s first agentic threat intelligence system, built on the Falcon platform to reason, hunt, and act across adversary activity. The initial agents — a Malware Analysis Agent and a Hunt Agent — automate complex workflows like reversing, classification, retrohunting, and continuous threat hunting to surface actionable recommendations. CrowdStrike also released a Threat Intelligence Browser Extension for Chrome to provide intelligence in analysts’ workflows, aiming to accelerate investigations and help SOCs respond at machine speed.

🤖 At the Google Cloud CISO Community event in Singapore, APAC security leaders highlighted accelerating investment in cybersecurity AI to scale operations and enable business outcomes. They emphasized priorities: getting AI implementation and governance right, securing the AI supply chain, and translating cyber risk into board-level impact. Practical wins noted include reduced investigation time, agentic SOC automation, and strengthened threat intelligence sharing.