Updated Daily

Daily Cyber Threat Intelligence
for Security Teams

In-depth analysis on malware, threat actors, SOC operations, and vulnerability research — published daily.

Browse Latest Posts

71 Articles

5,000+ Monthly Readers

Updated Daily

CTI Wiki

32 entries across 6 categories

Explore All

Attack Techniques 4 Compliance & Standards 2 Defense & Detection 8 General 14 Threats 2 Tools & Frameworks 2

Tools & Frameworks

YARA Rules: Writing and Deploying Detection Signatures

Learn how to write, test, and deploy YARA rules for malware detection, threat hunting, and automated triage across files...

56 5 min

General

Threat Intelligence Platforms (TIP): MISP and OpenCTI

A Threat Intelligence Platform (TIP) is a software system used to aggregate, correlate, and analyze threat data from mul...

145 2 min

Defense & Detection

Geopolitical Cyber Intelligence: State-Sponsored Threats

Geopolitical Cyber Intelligence analyzes how nation-states use cyber capabilities to achieve political, military, or eco...

140 2 min

Attack Techniques

Business Email Compromise (BEC): The Billion Dollar Scam

Business Email Compromise (BEC) is a type of cybercrime where an attacker compromises legitimate business email accounts...

106 2 min

General

Vulnerability Intelligence

Vulnerability Intelligence is the process of analyzing software vulnerabilities not just by their technical severity (CV...

94 2 min

Defense & Detection

Deception Technology: Honeypots and Canary Tokens

Deception Technology involves deploying decoys (traps) within a network to trick adversaries into revealing their presen...

96 2 min

Free Tools & Resources

Research tools, the weekly Digest, and a free detection pack

CTI Digest

Every Monday, the 5 threats SOC teams can't afford to miss — with analyst commentary.

Get the Digest

SOC Detection Pack

Free starter pack of Sigma & YARA rules from our analysis — mapped to MITRE ATT&CK.

Get the Pack

CTI Wiki

32 entries covering attack techniques, defense methods, and compliance standards.

Explore Wiki

Ransomware Map

Interactive map tracking active ransomware groups and global attack patterns.

View Map

Victims Database

Searchable database of ransomware victims and breach records.

Search Database

Latest Posts

Threat Intelligence Jun 21, 2026

Incident Response Tabletop Exercise Example

A practical incident response tabletop exercise example for security teams, with scenario design, injects, roles, metrics, and common failure points.

8 min read 4 0

Threat Intelligence Jun 19, 2026

Vulnerability Intelligence Workflow Guide

A vulnerability intelligence workflow guide for SOC and CTI teams to prioritize exploitable risk, reduce noise, and drive faster remediation decisions.

8 min read 8 0

Threat Intelligence Jun 18, 2026

The First npm Malware With Valid SLSA Provenance: How Mini Shai-Hulud Hijacked TanStack Without Stealing a Credential

A signed, attested npm package shipped malware. Inside the Mini Shai-Hulud worm, the Pwn Request chain that hijacked TanStack's CI, and why provenance isn't tr

12 min read 47 0

Threat Intelligence Jun 17, 2026

How to Analyze Phishing Headers

Learn how to analyze phishing headers to trace sender paths, spot spoofing, validate auth results, and improve email triage in SOC workflows.

8 min read 14 0

Threat Intelligence Jun 15, 2026

12 Phishing Email Indicators to Watch

Learn 12 phishing email indicators that matter to SOC teams, analysts, and defenders, from header anomalies to payload behavior and sender spoofing.

9 min read 24 0

SOC & SIEM Jun 15, 2026

How to Detect ClickFix Attacks in 2026: RunMRU, Process Lineage, and the Variants Breaking Your Rules

ClickFix is the top initial access method of 2025. Here's how to detect it through RunMRU, process lineage, and PowerShell telemetry, including the 2026 variants.

13 min read 75 0