🔧Our open source tool Cradle is built for the threat intelligence community and shared openly with everyone. What started as a public project is now being used by many major organizations to manage complex internal cases and critical knowledge at scale. We are pushing Cradle

Our seasoned manager, ACK, represented us at MaTeCC in Morocco as a speaker, sharing insights on AI-driven cyber threats and the latest cases we investigate. From Morocco's strong support for cybersecurity to the high-quality technical sessions and an inspiring student community

⏳After countless hours protecting critical organizations from breaches and supporting global cyber investigations 💪, we are taking a moment to recharge in Cappadocia (Kapadokya), a place that feels like home. ⛰️Here, hot air balloons rise with the sun, ancient valleys and

We are thrilled to see our work featured in a new WIRED piece on Google's lawsuit against the "Lighthouse" smishing operation. 📱 Huge shout-out to our team for their relentless work tracking Chinese-speaking smishing ecosystems and reporting the infrastructure behind these

Low upfront cost and predictable monthly payments for your solar and Powerwall.

🚀 Exciting Update from CATALYST! We're making it easier than ever to stay ahead of evolving cyber threats. With our new easy subscription model, you can now access TLP:AMBER reports directly on the CATALYST platform, simply complete your payment and start exploring. 🔐 What

Proud to participate in #OperationEndgame /w @Europol. The next phase represents a significant step toward dismantling cyber crime infrastructure worldwide. https://t.co/La2GyeZgb8

🚀 New in BLINDSPOT Ever wondered where your employees use corporate accounts, if they reuse passwords, or put their dog’s name into them? 🐶 Humans are still the weakest link. Now you can see how weak that link really is. https://t.co/OKzphxveQd #threatintelligence

This January

🛰️Historic CryptBot screenshot: infostealer quietly infected ~1.8M devices and ran a private shop selling access to compromised machines. Not active today. Do you know what they were dealing with? We do. Attribution matters. #threatintel #malware #cybersecurity

🫣

🚨 FIN7 (Savage Ladybug) still using the same Windows SSH backdoor with only small changes since 2022. install.bat + OpenSSH toolset → reverse SSH/SFTP for stealth & exfil. 📂Check recent IOCs: https://t.co/22WtpSC8H8 #CyberSecurity #ThreatIntelligence #Malware #IOC

💬 Privacy claims from ransomware groups are fiction. Files are never deleted. "Private" chats are visible to members, state sponsored actors, and third party providers. 💸 Don’t pay ransom. 🛡️ Protect, contain, investigate. #cybersecurity #ransomware

🕵️ SectopRAT (ArechClient2) is still active and gaining traction with cybercriminals. Obfuscated .NET RAT w/ HVNC remote control, C2 fallback & data theft (creds, wallets, VPNs, browser data). In case you missed our public report 👉 https://t.co/eLVgsuwvlJ #threatintel #malware

TR //

🔐 Patch ≠ Proof of Safety. Patching exposed appliances is essential, but not the finish line. Threat actors exploit, dump creds, stash them, then come back after triaging huge queues. Even after fixing, valid accounts/tokens keep the door unlocked. #threatintelligence

🛡️ New malware alert: stealth cloud C2, FUD, steals browser creds + runs commands. 🔍 TI dilemma: publish full analysis now for proactive prep, or wait for first victims to add stats, sectors, graphs/maps? #threatintelligence #IOC #malware #cybersecurity

🕵️ Phantom Mantis (ArmCorp), led by LARVA-368 (hastalamuerte), tested Qilin, Embargo, LockBit, Medusa and BlackLock, then built their own RaaS: The Gentlemen. 🇷🇺🏴‍☠️ Takeaway: monitor threat groups, not just RaaS names. Granular intelligence wins. 🔍🧠🎯 #threatintelligence

🚨 New phishing campaign incoming: As of Oct 6, 2025, LARVA-438 is targeting US credit unions and country banks using AI-generated bank themed sites on a fast flux network. 👉 IOCs available: https://t.co/1qcWYrIlwB #threatintel #IOC #phishing

Threat intelligence isn’t just “news.” 🧠 It keeps you updated and one step ahead. So when Qilin-affiliated actors execute ransomware with EDR active 📸, remember: security solutions are essential, but they need proper Threat Intelligence. Stay ready. 🔐 #ThreatIntelligence

🇮🇷 Iran’s IRGC hackers just breached 34 devices across 11 telecom giants—using fake LinkedIn job offers. 👥 They posed as HR, ran “interviews,” then secretly dropped a stealth backdoor called MINIBIKE hidden in Azure traffic. Read →