Threat Intelligence

APTs, campaigns, IOCs, TTPs

50 stories

Bearish 8

10 AI models found censoring speech: A new threat vector for digital security

A Meta Oversight Board study reveals major LLMs refuse to criticize authoritarian leaders, creating a stealthy conduit for state-level speech suppression. For cybersecurity professionals, this asymmetric censorship introduces a novel attack surface—AI systems that silently propagate geopolitical controls, undermining trust in digital infrastructure.

Verified by 5 sources
Bearish 6

xAI Reports 73,604 Deepfake Incidents to NCMEC, Sues User After 244 Arrests

The cybersecurity implications of AI-generated deepfakes are stark as xAI reveals 73,604 reports to NCMEC in 2026. The lawsuit against a user for CSAM underscores the growing threat of generative AI misuse and the urgent need for robust content safety tools.

Verified by 2 sources
Bearish 8

149 Dead, 600 Injured: ISKP's Digital Planning Exposes Cyber‑Terror Gap

The Crocus City Hall massacre and a Kerman bombing were orchestrated entirely online via encrypted apps, dark web, and crypto. This marks a paradigm shift in terrorist operations, demanding a fusion of CT and cybersecurity defenses that is currently absent.

Verified by 9 sources
Neutral 5

5 Search Terms Costing UK Users £1K+: The Google Ad Malvertising Threat

Cybersecurity experts warn that common Google searches like 'bank customer service number' and 'HMRC refund' are being weaponised through fake ads. Scammers exploit user distress to steal bank details and induce fraudulent transfers, costing victims thousands. This shift to malvertising demands new threat intelligence monitoring.

Verified by 4 sources
Bearish 7

2 Sensitive Data Types Exfiltrated by Alleged Claude Code Backdoor

China's NVDB warns that Anthropic's Claude Code silently collects location and identity data without consent, raising a severe supply‑chain threat for developers. Alibaba bans the tool, and Anthropic’s vague response deepens the trust crisis.

Verified by 2 sources
Very Bearish 8

25,000 Fake Accounts Used in 'Largest Known Distillation Attack' on Claude AI

Anthropic's revelation of a massive, automated campaign targeting its Claude model underscores the escalating tradecraft behind AI intellectual property theft. The use of 25,000 fake accounts to conduct 29 million API exchanges represents a new benchmark in adversarial AI distillation and highlights systemic vulnerabilities in model access controls.

Verified by 2 sources
Bearish 7

6 Countries Hit: Spyware RAT Disguised as Senior Social Groups

A transnational spyware campaign is exploiting Facebook groups to deliver a hybrid RAT that targets older adults across six countries. ThreatFabric’s late-2025 discovery highlights how social engineering evolves from urgency to emotional grooming. Security leaders must recalibrate defenses for platform-scale social manipulation.

Verified by 3 sources
Neutral 5

Meta Content Seal Fails to Detect 55% of Cropped AI Images

Meta’s new AI image detection tool missed 55% of cropped deepfakes in Reuters tests, underscoring how easily watermarks can be defeated—a critical vulnerability for election security and disinformation defense.

Verified by 3 sources
Neutral 8

Boko Haram’s AI-Assisted Breach Exposes 2 Key AI Safety Failures

Terrorist groups increasingly exploit generative AI for battlefield tactics, as shown by Boko Haram using chatbots to modify motorcycles and jump a trench. The incident highlights critical gaps in AI safety and poses new challenges for counter-terrorism and cybersecurity defense.

Verified by 2 sources
Bullish 8

Intrusion Buys VigilAigent, $3.5M ARR, 1B Events/Day AI Platform

Intrusion Inc. acquires MSSP VigilAigent to integrate its Agentic AI engine 'The Oracle' with the TraceCop database, creating an AI-native cybersecurity platform. The combined system processes over 1 billion daily events and draws on 8.5 billion IP addresses, dramatically enhancing threat detection and automated response against AI-driven attacks.

Verified by 3 sources
Very Bearish 9

North Korea Expands Spy Agency: 3 Cyber Threat Vectors to Watch

North Korea's expansion of its military intelligence agency signals a shift to hostile-state posture, increasing cyber espionage risks against South Korea and allies. The reorganization of the General Reconnaissance and Intelligence Bureau likely enhances cyber reconnaissance capabilities, targeting critical infrastructure and defense networks.

Verified by 2 sources
Neutral 5

Reddit Blocks 25K Daily Spam Posts Amid 23M Views; AI Defenses Rise

Reddit’s AI-driven security systems are preventing 25,000 spam posts daily, but the platform still faces 23 million spam views. This escalation reflects an ongoing battle against coordinated inauthentic activity targeting the platform’s influence on AI models.

Verified by 2 sources
Bearish 7

202,013 Scam Connections Expose US Tech Infrastructure Risk

The AP/FRONTLINE investigation uncovers how US cloud, AI, and satellite internet services enable industrial-scale global scams, with over 200,000 logged connections from sanctioned scam compounds routing through American ISPs like Amazon, Cloudflare, and Akamai.

Verified by 13 sources
Neutral 8

Kick’s 100M-User Platform Admits Hate Speech Detection Is ‘Art Not Science’

Kick’s general counsel told a royal commission that identifying anti-Semitic hate speech on its platform of over 100 million users is “more an art than a science,” exposing critical gaps in automated threat detection and outsourced moderation that threat actors can exploit for radicalization.

Verified by 10 sources
Bearish 7

Anthropic's Mythos 5 Cleared for Cyber Defenders After 2-Week Ban

Anthropic's cybersecurity-focused Mythos 5 model, previously banned by the Trump administration, has been approved for limited release to cyber defenders and infrastructure providers. The move highlights the dual-use nature of AI in cybersecurity.

Verified by 24 sources
Neutral 5

WhatsApp's username shift puts 2B+ users at impersonation risk, India warns

WhatsApp's move to replace phone-number-based identity with optional usernames has drawn a sharp government notice in India, with experts warning it could dismantle the trust anchor that secures over 2 billion users. The shift threatens to amplify impersonation, phishing, and social-engineering attacks at a scale never before seen on an encrypted messaging platform.

Verified by 2 sources
Bearish 6

£20M Lost: Martin Lewis Weeps as AI Deepfakes Fuel Organized Cyber Fraud

Cybercriminals using AI-generated deepfakes to impersonate Martin Lewis stole over £20 million in 2024, exposing the escalating threat of synthetic media in social engineering attacks and prompting his emotional admission that he is 'losing' the fight.

Verified by 2 sources
Bearish 7

316 Threat Clusters Hit as Google, FBI Dismantle 2M-Node NetNut Proxy

Google and the FBI disrupted NetNut, a massive residential proxy botnet with over 2 million infected devices, cutting off 316 distinct threat clusters in a single week. The operation, targeting Alarum-linked operators, highlights the proxy-as-a-service threat to enterprise security.

Verified by 2 sources
Bearish 8

First Confirmed: Pegasus Reuses Attack Email to Hack EU Spyware Investigator

The reuse of a Pegasus-loaded email address across multiple campaigns, including the hack of a PEGA committee member, highlights the operational persistence of state-linked spyware customers and the inadequacy of current defenses. This incident provides a critical case study for cybersecurity professionals analyzing zero-click exploit chains and infrastructure tracking.

Verified by 2 sources
Bullish 7

Amazon Found Fable 5 Bypass; Mythos 5 Still Restricted to 30% of U.S. Orgs

The Trump administration lifted bans on Anthropic's Claude models after a cybersecurity alert from Amazon researchers, but the most powerful model remains under tight federal control. This incident underscores AI's growing role as a zero-day discovery engine and signals a new tiered access regime for national security.

Verified by 2 sources
Bearish 7

Inside Job: 2 EY Grads Allegedly Bypass CBA Controls to View PM's Data

With two EY graduate consultants charged for unauthorised access, the incident serves as a real-world case study of insider threat detection and access control failures. The cybersecurity community can draw lessons on monitoring, privilege management, and the importance of layered defences even against vetted insiders.

Verified by 2 sources
Bearish 7

50,000 victims in 30 days: US AI tech fuels global romance scam surge

An AP investigation uncovers how trafficked scammers abuse American AI models and cloud infrastructure to industrialize romance fraud, with a single operator targeting 50,000 individuals monthly. This upstream exploitation presents a novel threat vector that cybersecurity defenders must urgently address.

Verified by 7 sources
Very Bearish 8

FulcrumSec's 2-Month Intrusion at Novo Nordisk Yields 1TB Data, $25M Ransom

Cyber extortion group FulcrumSec executed a sophisticated, two-month-long network intrusion at Novo Nordisk, exfiltrating 1TB of sensitive data and demanding $25 million. The group's tactics and the refusal to pay offer a detailed case study for threat intelligence and incident response teams.

Verified by 3 sources
Bearish 8

200+ Intel Jobs Cut at ODNI: Cyber Threat Analysis at Risk, Warns Congress

The abrupt dismissal of hundreds of ODNI personnel could decimate the agency’s cybersecurity and counterterrorism analysis teams, according to a Democratic letter. With expertise in cyber threat detection, signals intelligence, and information sharing on the line, the cuts may create a dangerous intelligence gap at a time of heightened digital threats.

Verified by 6 sources
Neutral 6

UAE Banks Run 350+ Expert Cyber Wargame to Test Real-World Attack Response

The UAE Banks Federation concluded its 5th National Cyber Wargaming with over 350 participants simulating real-world attack scenarios. The exercise, supervised by CBUAE and the Cybersecurity Council, focused on improving threat actor TTP understanding and cross-sector incident response, reinforcing financial sector cyber resilience.

Verified by 6 sources
Bearish 7

5-Nation Intel Alliance Warns AI Cyber Threats Will Escalate in Months

The Five Eyes alliance issued a joint alert emphasizing that AI is supercharging existing cyber attacks, making phishing, social engineering, and malware more effective and scalable. Experts stress that defensive adoption of AI is now critical as the threat window narrows to months, not years.

Verified by 5 sources
Neutral 5

$250 Crypto Scam Baiting GTA 6 Fans With Fake Early Access

A new wave of phishing websites is exploiting Grand Theft Auto VI hype by offering fake early access for cryptocurrency payments. These sites use social engineering and premium design to trick victims into sending $250 in Bitcoin, USDT, or Ethereum, with irreversible losses. Cybercriminals capitalize on the massive anticipation for the game, highlighting the need for user awareness and official channel verification.

Verified by 2 sources
Bearish 8

100x faster vulnerability finding: China’s defenders face ‘cyber nuclear gap’

Anthropic’s Mythos AI makes vulnerability discovery 100x faster and cheaper, prompting 360 founder Zhou Hongyi to warn that China’s exclusion from the Project Glasswing alliance leaves its digital infrastructure dangerously exposed. He calls for a homegrown equivalent to restore strategic balance.

Verified by 4 sources
Bearish 7

5-Nation Intel Alliance: AI Will Surpass Cyber Defenses in 'Months, Not Years'

The Five Eyes alliance warns that frontier AI models like Anthropic’s Mythos are accelerating the cyber threat landscape so fast that existing defenses will be obsolete within months. Security leaders must immediately integrate AI into operations and prepare for inevitable breaches.

Verified by 2 sources
Neutral 5

Meta’s Hate Speech Removals Plunge 78% as AI Gives Way to User Reporting

Meta’s shift from proactive AI detection to user-reported hate speech slashed removals by over 78%, raising concerns about online radicalization and harassment. TikTok’s 96.3% pre-report removal rate, meanwhile, masks unresolved accuracy issues—both trends signal a fractured digital security landscape.

Verified by 4 sources
Bullish 7

Army's 5-domain command fuses cyber, EW into Pacific net

The 7th Infantry Division's Cross Domain Contact Layer connects intelligence, electronic warfare, and AI into a single network spanning land, air, sea, space, and cyberspace. This integration greatly expands the attack surface and makes cybersecurity a foundational requirement for mission success.

Verified by 2 sources
Bearish 8

AI-Generated Identities Fuel $3.1B Synthetic Fraud Surge

Synthetic identity fraud losses hit $2.94B in 2025 and are projected to top $3.1B in 2026 as AI makes it possible to fabricate entire personas. Cybersecurity teams face a threat with no real victim to report, challenging traditional detection systems.

Verified by 3 sources
Bullish 7

Cyber-Resilient Networks See $42.7B Boost as DoD Hardens C5ISR Against Threats

The $42.7 billion C5ISR budget request emphasizes cyber-resilient architectures, zero-trust models, and encrypted communications to counter advanced threats. The DoD’s move toward open architectures creates both opportunities and new attack surfaces for cybersecurity innovators.

Verified by 2 sources
Bullish 8

Twenty’s $100M raise creates first offensive cyber unicorn at $1B

Cybersecurity professionals must now reckon with the commercial industrialization of offensive AI cyber weapons, as Twenty achieves a $1 billion valuation with fresh funding to expand its attack capabilities for government clients.

Verified by 2 sources
Very Bearish 9

FulcrumSec Spent 2 Months Inside Novo Nordisk Networks Before $25M Demand

Cybersecurity experts assess FulcrumSec as a serious threat actor, and its two-month dwell time inside Novo Nordisk before making a $25 million extortion demand reflects advanced persistent threat tactics. The breach highlights growing risks to critical infrastructure and the evolution of cyber extortion with a harm-reduction narrative.

Verified by 2 sources
Bearish 7

Connected cars harvest 2TB daily, ASIO warns of 'spy car' eavesdropping

ASIO’s alert reveals that modern vehicles are data-harvesting machines, with sensors generating up to 2 terabytes of raw data every day. The cybersecurity implications are profound: unencrypted telemetry, biometric data sharing, and always-on microphones create an attack surface that threat actors—including nation-states—can exploit.

Verified by 4 sources
Very Bearish 8

5 GB Data Theft Claimed in Iran-Linked Hack on 6 California Water Systems

Iran-linked group Handala claims it breached six California water utilities, posting screenshots and alleging 5 GB of exfiltrated data as retaliation for a US strike. Experts dismiss the claim as a psychological operation, but the incident highlights the persistent threat to critical infrastructure.

Verified by 2 sources

About Cybersecurity Threat Intelligence coverage

According to our own tracking database, this category has accumulated 174 threat intelligence stories since coverage began. This page aggregates the latest threat intelligence stories within our cybersecurity coverage area. Every story is cross-referenced across multiple primary sources, scored for sentiment and operational impact, and timestamped so fresh developments surface first. We track apts, campaigns, iocs, ttps and surface the angles a domain expert would actually read.

Story selection follows our editorial methodology — impact scoring weights regulatory, financial, and operational developments distinctly. Sentiment is classified across five tiers via supervised classification trained on labeled industry corpora. See our glossary for term definitions and our trends index for longitudinal patterns across the cybersecurity beat.

SignalWhat it tells you
Verified by N sourcesConfidence the story isn't a single-source rumor — N≥2 means the development is independently corroborated.
Impact score (1-10)Estimated regulatory, financial, or operational impact. 8+ indicates a story experienced operators should act on.
SentimentFive-tier classification (very bullish through very bearish) trained on labeled cybersecurity-specific corpora.
Time stampRecency. Fresh stories (under 1h) render with a highlighted timestamp; stale stories (≥24h) render dimmed.