Threat Intelligence

APTs, campaigns, IOCs, TTPs

50 stories

Bearish 8

US Orders Anthropic to Block 2 AI Models from Foreign Access Over Cyber Threat

The US government has forced Anthropic to cut off foreign access to its Fable 5 and Mythos 5 AI models, citing the risk of them becoming cyberweapons. The sudden ban disrupts global vulnerability research and underscores the escalating dual-use dilemma in AI-driven cybersecurity.

Verified by 2 sources
Neutral 5

Doxxing via Lecture Hall: 971 Students Fuel Cyber Attacks

A professor’s account shows how classroom recordings become the first stage of a cyber kill chain: covert capture, viral launch, doxxing, and harassment. The education sector must treat these threats as serious cybersecurity incidents.

Verified by 2 sources
Very Bearish 9

G7 Iran War Summit Raises Cyber Threat Level for 5,000 Troops

The G7 summit’s focus on the Iran war heightens the risk of state-sponsored cyberattacks on critical infrastructure. The redeployment of 5,000 troops exposes new vectors for cyber disruptions, with NATO allies scrambling to secure networks.

Verified by 12 sources
Bearish 8

Fable 5 Jailbreak: 1 Vulnerability Halts Anthropic’s Global AI Access

Amazon researchers jailbroke Anthropic's seemingly secure Fable 5 model, extracting cyberattack-helper information. The CEO notified the Treasury, spurring a global ban on foreign use of Anthropic’s top-tier AI. This event exposes a critical gap in AI safety and signals that no frontier model is immune to adversary exploitation.

Verified by 2 sources
Bearish 7

Spy Tool Lapse Threatens Cyber Intel: 60% of President's Brief at Risk

The lapse of FISA Section 702 raises alarms for the cybersecurity community, which relies on intercepted foreign communications to detect state-sponsored hacking, terror plots, and critical infrastructure threats. The program's legal limbo could create intelligence blind spots just as global threat activity intensifies.

Verified by 11 sources
Very Bearish 7

First UK Case: Officer Probed for AI-Created Evidence in Multiple Cases

A Derbyshire officer’s alleged use of AI to fabricate evidence marks a new frontier in cyber threats to legal institutions. The incident exposes critical vulnerabilities in digital evidence integrity and forces a reexamination of authentication protocols across the justice system.

Verified by 4 sources
Bearish 7

9,000 Fake Sites, 2.5M Texts: Inside Google’s AI‑Phishing Lawsuit

The Outsider Enterprise case reveals the staggering metrics of an AI‑driven smishing campaign: 9,000 fake websites, one million domains, and 2.5 million texts in two weeks. It also highlights how Google and its telecom partners are using AI to intercept billions of scam messages.

Verified by 2 sources
Neutral 7

Claude Fable 5 restricts 4 query domains to shut down Chinese AI threat vectors

Anthropic’s Claude Fable 5 introduces a groundbreaking safeguard: a 4-domain classifier that automatically downgrades queries on cybersecurity, biology, chemistry, and frontier LLM development. This directly targets Chinese AI labs and redefines access control in the threat intelligence landscape.

Verified by 3 sources
Bearish 7

68% of Targets in Education: ShinyHunters Exploit Oracle Zero-Day Before Patch

An active extortion campaign by ShinyHunters exploited a zero-day vulnerability in Oracle PeopleSoft, with Google notifying over 100 organizations—68% in higher education. The attackers used customized MeshCentral agents for C2, actions occurring before Oracle’s June 10 advisory. This highlights the growing threat of zero-day exploitation in widely used enterprise software and the education sector’s vulnerability.

Verified by 2 sources
Very Bearish 8

Cybercrims' $389M Dark Web Laundry: 10,333 BTC Tracked, Servers Seized

The takedown of AudiA6 and Dark2Web reveals a sophisticated cybercrime ecosystem that processed $389 million in Bitcoin, leveraging layered transactions and a dedicated forum for customer acquisition. The operation underscores law enforcement's growing capability to trace and disrupt darknet infrastructure.

Verified by 9 sources
Bearish 7

FISA 702 Surveillance Gap After 198-218 Vote Threatens Cyber Defense

The imminent expiration of FISA Section 702 could strip U.S. cyber defenders of key foreign intelligence flows. With the World Cup and national celebrations underway, the gap may embolden state-sponsored threat actors and complicate incident response.

Verified by 3 sources
Bearish 8

Russia's Intelligence Blackmail: Zelenskiy Alleges Moscow-Tehran Data Swap

Ukrainian President Volodymyr Zelenskiy has revealed a Russian plot to blackmail the United States by threatening to provide sensitive intelligence to Iran. This development highlights a dangerous escalation in the military and intelligence nexus between Moscow and Tehran, posing significant risks to Western security interests.

Verified by 2 sources
Bearish 8

Iran Rejection of US Ceasefire Plan Signals Escalated Cyber Threat Landscape

Tehran's formal dismissal of a U.S.-proposed ceasefire plan on March 25, 2026, has triggered immediate warnings of heightened state-sponsored cyber activity. Security analysts anticipate a surge in retaliatory operations from Iranian-aligned threat actors targeting Western critical infrastructure and government networks as diplomatic channels fail.

Verified by 4 sources
Bearish 8

Israel-Iran Cyber Attrition: The Strategic Cost of Netanyahu’s Hollow Victory

Netanyahu's 2025 military promises against Iran have failed to yield a decisive strategic shift, yet domestic support for conflict remains high. This persistent tension is driving a surge in state-sponsored cyber operations targeting critical infrastructure across the Middle East.

Verified by 2 sources
Bearish 8

IRGC Launches 'Wave 80' Strikes Against Israeli Strategic Command Centers

The Islamic Revolutionary Guard Corps (IRGC) has initiated its 80th wave of retaliatory strikes against Israel, specifically targeting strategic military command centers. This escalation signals a high-intensity phase of regional conflict with significant implications for critical infrastructure and cyber-kinetic warfare.

Verified by 2 sources
Neutral 5

Intrusion Inc. Reports FY 2025 Results Amid AI-Driven Threat Intel Pivot

Intrusion Inc. (INTZ) has released its fourth quarter and full-year 2025 financial results, marking a pivotal moment in its transition toward an AI-powered security model. The report comes as the threat intelligence market faces increasing pressure to provide autonomous, real-time mitigation solutions.

Verified by 3 sources
Bearish 8

Trump-Netanyahu Accord on Khamenei Operation Signals Cyber-Kinetic Escalation

President Donald Trump has reportedly approved a high-stakes joint operation with Israel targeting Iranian Supreme Leader Ali Khamenei. This shift toward direct leadership targeting marks a significant escalation in regional tensions with profound implications for global cybersecurity and state-sponsored threat activity.

Verified by 2 sources
Neutral 8

Trump’s Iran Pivot: Cybersecurity Implications of a Diplomatic Reversal

President Trump has executed a dramatic policy shift toward Iran, moving from a stance of 'Maximum Pressure' to potential diplomatic engagement. This strategic U-turn is expected to fundamentally alter the cyber threat landscape, shifting Iranian state-sponsored activity from destructive attacks toward long-term industrial espionage.

Verified by 2 sources
Bearish 8

Russia-Iran Intel Sharing: Ukraine Claims 'Irrefutable' Evidence of Alliance

President Volodymyr Zelenskiy has announced that Ukraine possesses definitive evidence of Russia providing sensitive intelligence to Iran. This development signals a deepening of the military-technical alliance between the two nations, potentially merging their cyber and signals intelligence capabilities against Western and regional targets.

Verified by 2 sources
Bearish 8

GPS Spoofing Escalates in Strait of Hormuz as Iran Projects Electronic Power

Iran has significantly increased GPS spoofing and jamming operations across the Middle East, targeting critical maritime corridors like the Strait of Hormuz. This systematic interference is creating severe navigational hazards for commercial vessels and civil aviation, marking a new phase in regional electronic warfare.

Verified by 2 sources
Very Bearish 9

Iran Targets Gulf Power Grid as Israel Strikes Tehran: A New Era of Cyber Risk

Following a new wave of Israeli military strikes on Tehran, Iran has issued direct threats against power plants across the Gulf region. This escalation signals a significant shift toward targeting critical infrastructure, raising the specter of high-impact cyber-physical operations against regional energy grids.

Verified by 12 sources
Neutral 8

US Military Campaign Against Iran 'Ahead of Plan' Triggering Global Cyber Alerts

A top US commander has confirmed that the military campaign against Iran is proceeding ahead of schedule, signaling a successful initial phase of hybrid operations. Cybersecurity experts warn that this escalation will likely trigger a wave of retaliatory state-sponsored cyberattacks against Western critical infrastructure.

Verified by 4 sources
Very Bearish 9

Trump Threatens Kinetic Strikes on Iranian Power Grid Amid Hormuz Crisis

President Trump has issued a direct ultimatum to Tehran, threatening the total destruction of Iran's electrical infrastructure unless the Strait of Hormuz is reopened for international shipping. This escalation significantly raises the risk of retaliatory cyber operations against U.S. critical infrastructure and maritime navigation systems.

Verified by 2 sources
Very Bearish 9

US-Iran Nuclear Site Strikes Trigger High-Alert for Global Cyber Warfare

Kinetic strikes near nuclear-linked facilities have pushed the US and Iran toward an expanded conflict, prompting immediate warnings of retaliatory cyberattacks. Cybersecurity analysts expect a surge in state-sponsored operations targeting critical infrastructure and the energy sector as the 'cyber-kinetic loop' intensifies.

Verified by 4 sources
Bearish 8

Iran Claims Israeli Air Defenses Compromised Following Dimona Strike

Iran has issued a provocative claim asserting that Israel's air defense network is currently 'defenceless' following a reported attack on the Dimona nuclear facility. The statement signals a potential escalation in state-sponsored kinetic and electronic warfare operations in the region.

Verified by 2 sources
Bearish 9

Israel Strikes Iranian Nuclear Site: Cyber-Kinetic Escalation Risks Surge

Israel has launched intensified kinetic strikes against a critical Iranian nuclear facility, prompting a defiant response from Tehran. This escalation signals a shift from shadow cyber-warfare to direct military action, likely triggering massive retaliatory cyberattacks against global infrastructure.

Verified by 2 sources
Bearish 8

Kremlin Warns of Gulf Conflict Expansion: Escalating Cyber Risks to Global Energy

A senior Kremlin official has issued a stark warning regarding the potential expansion of conflict in the Gulf region, signaling a shift in geopolitical stability. For the cybersecurity sector, this escalation raises the immediate threat of state-sponsored attacks on critical energy infrastructure and maritime logistics.

Verified by 2 sources
Very Bearish 8

Iranian Strikes on Diego Garcia: A Critical Threat to Global SIGINT Networks

UK Home Secretary Yvette Cooper has condemned a series of reckless Iranian strikes targeting the strategic military outpost of Diego Garcia. The attack on this critical communications and logistics hub represents a significant escalation, threatening vital Western signals intelligence and satellite tracking infrastructure.

Verified by 7 sources
Bearish 9

Natanz Strike: Kinetic Escalation Signals Imminent Cyber Retaliation Cycle

A joint US-Israeli airstrike targeted Iran's Natanz nuclear facility on March 21, 2026, marking a major escalation in the long-standing conflict over Tehran's nuclear program. While the IAEA and Iranian officials report no radiation leaks, the transition from digital sabotage to kinetic force is expected to trigger a massive wave of retaliatory cyber operations against Western critical infrastructure.

Verified by 2 sources
Bearish 8

Cyber-Kinetic Stalemate: Congress Demands Iran Exit Plan from Trump

As the conflict with Iran enters a protracted and costly phase, U.S. lawmakers are intensifying pressure on the Trump administration to produce a comprehensive exit strategy. The demand comes amid a surge in Iranian state-sponsored cyberattacks targeting domestic critical infrastructure, highlighting the risks of a prolonged digital war.

Verified by 4 sources
Very Bearish 9

Kinetic Strike on Natanz: Geopolitical Escalation and Cyber Retaliation Risks

A major airstrike, designated 'Operation Epic Fury,' has targeted Iran's Natanz nuclear facility, significantly damaging its uranium enrichment infrastructure. This kinetic escalation triggers immediate concerns regarding asymmetric cyber retaliation against Western critical infrastructure and global energy markets.

Verified by 6 sources
Neutral 8

Trump Signals De-escalation in Iran: Analyzing the Cyber Security Pivot

President Trump has indicated the U.S. is considering winding down the conflict with Iran, a move that could fundamentally alter the digital threat landscape. Cybersecurity experts are now bracing for a shift in Iranian state-sponsored cyber operations from kinetic support to long-term strategic espionage.

Verified by 2 sources
Bearish 8

Israel Escalates Iran Threats Following Long-Range Strike on Diego Garcia

Israel has signaled a significant escalation in offensive operations against Iran following a long-range missile strike on the joint US-UK Diego Garcia air base. The attack reveals a previously undisclosed Iranian missile capability reaching 4,000 kilometers, forcing a massive reassessment of regional defense and cyber-physical security.

Verified by 2 sources
Very Bearish 9

Operation True Promise 4: IRGC Strikes Trigger Global Cyber-Kinetic Alert

The Islamic Revolutionary Guard Corps (IRGC) has initiated 'Operation True Promise 4,' targeting U.S. and Israeli military installations with kinetic strikes. This escalation marks a critical shift in the regional conflict, prompting cybersecurity agencies to warn of imminent state-sponsored cyber offensives and infrastructure targeting.

Verified by 2 sources
Very Bearish 9

IRGC Launches 70th Wave of Attacks Against Five US Military Installations

The Islamic Revolutionary Guard Corps (IRGC) has initiated its 70th wave of strikes against five U.S. military installations, reporting significant explosions and fire. This escalation in the ongoing conflict signals a critical shift in regional kinetic operations with immediate implications for hybrid warfare and cyber-retaliation.

Verified by 3 sources
Bearish 7

Google Threat Intel Identifies Ghostblade: A New iOS Crypto-Stealing Threat

Google Threat Intelligence has uncovered Ghostblade, a sophisticated malware variant targeting Apple iOS users to steal cryptocurrency assets. Part of the broader DarkSword malware family, this discovery highlights an escalating trend of mobile-specific threats aimed at digital asset holders.

Verified by 2 sources
Bearish 8

Trump Rejects Iran Truce: Cyber Threat Levels Rise Amid Military Escalation

President Trump has officially ruled out a truce with Iran, signaling a shift toward a confrontational posture as additional U.S. Marines deploy to the Middle East. This geopolitical escalation is expected to trigger a surge in state-sponsored cyber activity targeting U.S. critical infrastructure and financial systems.

Verified by 2 sources
Bearish 8

Russia's Looming Offensive Signals Surge in Hybrid Cyber Operations

As Russia prepares a major spring offensive against Ukraine, cybersecurity experts warn of a coordinated surge in hybrid warfare tactics. These operations are expected to target critical infrastructure and communication networks to destabilize Ukrainian defenses ahead of kinetic movements.

Verified by 2 sources
Bearish 8

Trump Rejects Iran Ceasefire: Cyber Experts Warn of 'Scorched Earth' Retaliation

President Trump has officially rejected calls for a ceasefire in the conflict with Iran, stating the U.S. is 'obliterating' the opposition. Cybersecurity analysts warn this 'total victory' stance may trigger unprecedented destructive cyberattacks against Western critical infrastructure.

Verified by 2 sources
Bearish 8

US-Iran Conflict Escalates: Troop Surge and Cyber-Physical Threats to Tourism

The United States has initiated a massive deployment of thousands of troops following specific Iranian threats against global tourism sites. This military escalation signals a shift toward hybrid warfare, placing the cybersecurity community on high alert for retaliatory strikes against critical infrastructure and the travel sector.

Verified by 3 sources
Bearish 8

US Cyber Defense Gaps Widen Amid Iran Conflict and Federal Staffing Shortages

Critical vacancies and administrative downsizing are severely hampering the United States' ability to coordinate a unified response to the escalating conflict with Iran. In the cybersecurity domain, these staffing gaps at the State Department and across the federal government create dangerous vulnerabilities that state-sponsored threat actors are poised to exploit.

Verified by 3 sources
Neutral 5

Stamus Networks Debuts Suricata Language Server 2.0 with AI and CI Integration

Stamus Networks has released version 2.0 of its Suricata Language Server, introducing AI-driven rule development and native support for continuous integration pipelines. The update aims to streamline the creation and validation of network threat detection signatures through automation and intelligent assistance.

Verified by 2 sources
Bearish 8

AI and Hypersonic Integration Redefine Global Strategic Stability

The convergence of artificial intelligence, hypersonic missile technology, and intensifying geopolitical rivalries is fundamentally altering the global security architecture. This shift necessitates a transition from traditional deterrence models to high-speed, AI-augmented defensive postures capable of countering autonomous threats.

Verified by 2 sources
Bearish 8

Israel Eliminates Iranian Intelligence Chief: Cyber and Security Implications

The reported assassination of Iranian Minister of Intelligence Esmaeil Khatib by Israel marks a major escalation in regional tensions. This development is expected to disrupt Iran's intelligence hierarchy and likely trigger a surge in retaliatory state-sponsored cyber operations.

Verified by 2 sources
Bearish 7

Google Reports Ransomware Pivot to Data Theft as Extortion Profits Wane

Google's latest threat intelligence reveals a strategic shift among ransomware operators, who are increasingly abandoning file encryption in favor of pure data exfiltration. This transition, driven by diminishing returns from traditional ransom demands, forces a critical reassessment of corporate defense strategies focused on data privacy over mere system recovery.

Verified by 2 sources

About Cybersecurity Threat Intelligence coverage

According to our own tracking database, this category has accumulated 174 threat intelligence stories since coverage began. This page aggregates the latest threat intelligence stories within our cybersecurity coverage area. Every story is cross-referenced across multiple primary sources, scored for sentiment and operational impact, and timestamped so fresh developments surface first. We track apts, campaigns, iocs, ttps and surface the angles a domain expert would actually read.

Story selection follows our editorial methodology — impact scoring weights regulatory, financial, and operational developments distinctly. Sentiment is classified across five tiers via supervised classification trained on labeled industry corpora. See our glossary for term definitions and our trends index for longitudinal patterns across the cybersecurity beat.

SignalWhat it tells you
Verified by N sourcesConfidence the story isn't a single-source rumor — N≥2 means the development is independently corroborated.
Impact score (1-10)Estimated regulatory, financial, or operational impact. 8+ indicates a story experienced operators should act on.
SentimentFive-tier classification (very bullish through very bearish) trained on labeled cybersecurity-specific corpora.
Time stampRecency. Fresh stories (under 1h) render with a highlighted timestamp; stale stories (≥24h) render dimmed.