Threat Intelligence

Threat-Informed Defence: Focusing Cybersecurity on the Threats That Matter threat-informed-defense-triangle

Threat-Informed Defence: Focusing Cybersecurity on the Threats That Matter

threatinfo June 15, 2026

What Is Threat-Informed Defence? Threat-Informed Defence (TID) is the systematic application of an understanding of adversary tactics,...

Credential Stealer Malware Trends 2026 2026_cred_q1

Credential Stealer Malware Trends 2026

threatinfo June 14, 2026

So far this year Vidar malware is taking the podium spot for both quarters of 2026. 1st...

Attackers Increasingly Abuse Google Services to Bypass Email Security Controls

threatinfo June 14, 2026

Attackers Increasingly Abuse Google Services to Bypass Email Security Controls Over the past several weeks, we have...

From Patch Release to Botnet Attack in 38 Hours: The Lifecycle of a Modern Vulnerability

threatinfo April 14, 2026

From Patch Release to Botnet Attack in 38 Hours: The Lifecycle of a Modern Vulnerability The Race...

Your Brand New Firewall Was Scanned in 0 Seconds: What Happened in the First Three Hours Online

threatinfo March 14, 2026

The Internet Is Constantly Looking Many people imagine cyberattacks as targeted events where hackers discover a company...

Unusual user agent VPN attempts CitrixReceiver/23.11.1.41 Windows/10.0 AuthManager/23.11.0.9 (Release) X1Class CWACapable CWA/23.11.1.41

threatinfo December 26, 2024

We’re seeing unusual patterns of login attempts against our customers netscalers with the only thing in common...

Netscaler Credential Stuffing Attack citrix_netscaler

Netscaler Credential Stuffing Attack

threatinfo December 24, 2024

Ongoing Citrix NetScaler Credential Stuffing Activity Observed Using Fresh Infostealer Credentials We have recently identified another persistent...

Credential stuffing attacks against Azure Portal from Set User Agent and Device credstuffingcodes

Credential stuffing attacks against Azure Portal from Set User Agent and Device

threatinfo December 17, 2024

We have recently identified a persistent credential stuffing attack against some of our customers. Credential stuffing is...

Pushing Bulk Indicators to Multiple Sentinel Instances for a MSSP sentinel-nifi-api

Pushing Bulk Indicators to Multiple Sentinel Instances for a MSSP

threatinfo November 29, 2024

Problem We manage a MISP instance which receives over 130,000 IOCs every day from multiple sources which...

Actor targeting Palo Alto VPN systemhacked

Actor targeting Palo Alto VPN

threatinfo May 12, 2024

User names used by actor seen using VPNs with Canadian source IP addresses 10/05/2024. Replace targetDomain below...

Threat-Informed Defence: Focusing Cybersecurity on the Threats That Matter

Credential Stealer Malware Trends 2026

Attackers Increasingly Abuse Google Services to Bypass Email Security Controls

From Patch Release to Botnet Attack in 38 Hours: The Lifecycle of a Modern Vulnerability

Your Brand New Firewall Was Scanned in 0 Seconds: What Happened in the First Three Hours Online

Unusual user agent VPN attempts CitrixReceiver/23.11.1.41 Windows/10.0 AuthManager/23.11.0.9 (Release) X1Class CWACapable CWA/23.11.1.41

Netscaler Credential Stuffing Attack

Credential stuffing attacks against Azure Portal from Set User Agent and Device

Pushing Bulk Indicators to Multiple Sentinel Instances for a MSSP

Actor targeting Palo Alto VPN

You may have missed

Vulnerability-Informed Defence: Rethinking Patch Management in the Age of AI

Threat-Informed Defence: Focusing Cybersecurity on the Threats That Matter

Credential Stealer Malware Trends 2026

Attackers Increasingly Abuse Google Services to Bypass Email Security Controls