100 matches found
GenTI: Benchmarking LLMs for Autonomous IDPS Rule Generation for Unseen Attacks
Rule-based Intrusion Detection and Prevention Systems IDPS offer precise attack detection as well as mitigation, however their manually crafted, signature-driven rules limit adaptability to emerging and zero-day threats. Additionally, existing public datasets e.g., CICIDS2017, UNSW-NB15 focus on...
TTPrint: Evidence-Grounded TTP Extraction Via Diverge-Then-Converge Verification
Extracting MITRE ATT&CK techniques from cyber threat intelligence CTI reports is an open-set, multi-label problem requiring both high recall not missing techniques and high precision not hallucinating unsupported ones. Existing methods--rule-based, supervised, and LLM-based--struggle to achieve...
Context-Aware Entity-Relation Extraction for Threat Intelligence Knowledge Graphs
Cybersecurity Knowledge Graphs CKGs unify diverse Cyber Threat Intelligence CTI sources into structured, queryable formats, offering scalable solutions for automating proactive and real-time security responses. Their increasing adoption has significantly enhanced the workflow and decision-making...
Beyond RAG for Cyber Threat Intelligence: A Systematic Evaluation of Graph-Based and Agentic Retrieval
Cyber threat intelligence CTI analysts must answer complex questions over large collections of narrative security reports. Retrieval-augmented generation RAG systems help language models access external knowledge, but traditional vector retrieval often struggles with queries that require reasonin...
ProHunter APT Hunting Tool / Paper
Advanced Persistent Threats APTs remain difficult to detect due to their stealthy nature and long-term persistence. To tackle this challenge, provenance-based threat hunting has gained traction as a proactive defense mechanism. This technique models audit logs as a whole-system provenance graph a...
CTI-REALM: A new benchmark for end-to-end detection rule generation with AI agents
Excerpt: CTI-REALM is Microsoft’s open-source benchmark for evaluating AI agents on real-world detection engineering—turning cyber threat intelligence CTI into validated detections. Instead of measuring “CTI trivia,” CTI-REALM tests end-to-end workflows: reading threat reports, exploring telemetr...
From Threat Intelligence to Firewall Rules: Semantic Relations in Hybrid AI Agent and Expert System Architectures
Web security demands rapid response capabilities to evolving cyber threats. Agentic Artificial Intelligence AI promises automation, but the need for trustworthy security responses is of the utmost importance. This work investigates the role of semantic relations in extracting information for...
CERTFR-2026-CTI-001
creationtimestamp| type| source ---|---|--- 2026-02-04 13:00:41+00:00| seen| https://social.numerique.gouv.fr/users/certfr/statuses/116012485069158031...
SCyTAG: Scalable Cyber-Twin for Threat-Assessment Based on Attack Graphs
Understanding the risks associated with an enterprise environment is the first step toward improving its security. Organizations employ various methods to assess and prioritize the risks identified in cyber threat intelligence CTI reports that may be relevant to their operations. Some methodologi...
Hesperus Is Phosphorus: Mapping Threat Actor Naming Taxonomies at Scale
This paper studies the problem of Threat Actor TA naming convention inconsistency across leading Cyber Threat Intelligence CTI vendors. The current decentralized and proprietary nomenclature creates confusion and significant obstacles for researchers, including difficulties in integrating and...
AthenaBench: A Dynamic Benchmark for Evaluating LLMs in Cyber Threat Intelligence
Large Language Models LLMs have demonstrated strong capabilities in natural language reasoning, yet their application to Cyber Threat Intelligence CTI remains limited. CTI analysis involves distilling large volumes of unstructured reports into actionable knowledge, a process where LLMs could...
Criminal IP to Showcase ASM and CTI Innovations at GovWare 2025 in Singapore
Torrance, United States, 14th October 2025, CyberNewsWire...
CTIArena: Benchmarking LLM Knowledge and Reasoning across Heterogeneous Cyber Threat Intelligence
Cyber threat intelligence CTI is central to modern cybersecurity, providing critical insights for detecting and mitigating evolving threats. With the natural language understanding and reasoning capabilities of large language models LLMs, there is increasing interest in applying them to CTI, whic...
EUVD-2025-21883
Malicious code in bioql PyPI...
EUVD-2025-13511
Malicious code in bioql PyPI...
EUVD-2024-23427
Malicious code in bioql PyPI...
EUVD-2024-41714
Malicious code in bioql PyPI...
EUVD-2025-15725
Malicious code in bioql PyPI...
EUVD-2024-41271
Malicious code in bioql PyPI...
POLAR: Automating Cyber Threat Prioritization through LLM-Powered Assessment
Large Language Models LLMs are intensively used to assist security analysts in counteracting the rapid exploitation of cyber threats, wherein LLMs offer cyber threat intelligence CTI to support vulnerability assessment and incident response. While recent work has shown that LLMs can support a wid...