Security news aggregator

Latest coverage for Threat Intelligence

Threat intelligence is analyzed information about cyber threats that helps defenders assess risk, prioritize action, and improve security controls.

24 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Threat intelligence is analyzed information about adversaries, their capabilities, targets, infrastructure, and methods, used to support security decisions. It can describe broad trends for leadership, likely actors and campaigns for defenders, or actionable details such as malicious domains, file hashes, vulnerabilities, and tactics, techniques, and procedures (TTPs). Practitioners obtain it from internal investigations, public reporting, telemetry, information-sharing communities, and other sources, then assess its reliability, relevance, and age.

Security teams use threat intelligence to prioritize vulnerability remediation, tune detection rules, investigate suspicious activity, and prepare incident-response playbooks. TTP-based intelligence generally remains useful longer than individual indicators, which can become obsolete or be changed by an attacker. Poorly sourced or context-free intelligence can create false positives, waste analyst time, or lead to unjustified attribution and defensive action. Collection and sharing may also expose sensitive organizational or personal information, so access controls, provenance, retention, and applicable privacy or legal requirements matter.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 24 Filtered view

Crims 'will do what gets them their objective easiest and fastest,' Microsoft threat intel boss tells The Reg interview AI agents allow cybercriminals and nation-state hackers to outsource the "janitorial-type work" needed to plan and carry out cyberattacks, according to Sherrod DeGrippo, Microsoft's GM of global threat intelligence. North Korea is taking advantage.…

Subpoena issued to former ShinyHunters member Resecurity offered its "congratulations" to the Scattered Lapsus$ Hunters cybercrime crew for falling into its threat intel team's honeypot – resulting in a subpoena being issued for one of the data thieves. Meanwhile, the notorious extortionists have since removed their claims of gaining "full access" to the security shop's systems.…

If at first you don’t succeed, patch and patch again More threat intel teams are sounding the alarm about a critical Windows Server Update Services (WSUS) remote code execution vulnerability, tracked as CVE-2025-59287 and now under active exploitation, just days after Microsoft pushed an emergency patch and the US Cybersecurity and Infrastructure Security Agency added the bug to its Known Exploited Vulnerabilities catalog.…

Chinese crew built 1,000+ device network that runs on home devices then targets critical infrastructure A stealthy, ongoing campaign to gain long-term access to networks bears all the markings of intrusions conducted by China’s ‘Typhoon’ crews and has infected at least 1,000 devices, primarily in the US and South East, according to Security Scorecard's Strike threat intel analysts. And it uses a phony certificate purportedly signed by the Los Angeles police department to try and gain access to critical infrastructure.…

GreyNoise says it is the kind of activity that typically precedes new vulnerability disclosures Ivanti VPN users should stay alert as IP scanning for the vendor's Connect Secure and Pulse Secure systems surged by 800 percent last week, according to threat intel biz GreyNoise.…

Will 'gutting' the civilian defense agency make American cybersecurity great again? Analysis Slashing staff at the US govt's Cybersecurity and Infrastructure Security Agency, aka CISA, and scrapping vital programs, isn’t exactly boosting national security, say infosec and national security officials watching America’s digital defenses unravel in real time.…

Cue deepening existential European dread as Rest of World contemplates Trump turning off the info tap If the United States stopped sharing cyber-threat intel with Ukraine, its European allies and the rest of the Five Eyes nations wouldn't be able to provide all the info Uncle Sam collects, according to former chief of US Cyber Command and the NSA General Paul Nakasone.…

Redmond threat intel maven talks explains this persistent pain to The Reg A Chinese government-linked group that Microsoft tracks as Storm-0227 yesterday started targeting critical infrastructures organisations and US government agencies, according to Redmond's threat intel team.…

PSA: Only accept updates via official channels ... ironically enough CrowdStrike is the latest lure being used to trick Windows users into downloading and running the notorious Lumma infostealing malware, according to the security shop's threat intel team, which spotted the scam just days after the Falcon sensor update fiasco.…

Online attack coincided with major military action, Mandiant says Blackouts in Ukraine last year were not just caused by missile strikes on the nation but also by a seemingly coordinated cyberattack on one of its power plants. That's according to Mandiant's threat intel team, which said Russia's Sandworm crew was behind the two-pronged power-outage and data-wiping attack.…

Countries signed on for India’s stack might watch out China-based scammers are using a combination of fake loan apps and India's real-time mobile payment system, Unified Payments Interface (UPI), to separate victims from their cash, according to a report by threat intel firm CloudSEK.…

Surprised there's no ChatGPT angle shoe-horned into this and that it's not called MalwareTotal Security researchers and analysts can now search Microsoft's Threat Intelligence Defender database using file hashes and URLs when pulling together information for network intrusion investigations and whatnot.…

Loading more headlines...