Synthetic APTs: The Collapse of TTP-Based Attribution

Cyber Threat Intelligence CTI attribution relies on identifying the Tactics, Techniques, and Procedures TTPs that distinguish one threat actor from another. This approach presupposes that each adversary leaves a recognizable operational fingerprint. This work investigates whether AI driven...

Accelerating detection engineering using AI-assisted synthetic attack logs generation

In this article 1. Core Idea: From TTPs to Logs 2. Approaches for Synthetic Attack Log Generation 3. Evaluation Datasets 4. References 5. Learn more Logs and telemetry are the foundation of modern cybersecurity. They enable threat detection, incident response, forensic investigation, and complian...

Identifying Adversary Tactics and Techniques in Malware Binaries with an LLM Agent

Understanding TTPs Tactics, Techniques, and Procedures in malware binaries is essential for security analysis and threat intelligence, yet remains challenging in practice. Real-world malware binaries are typically stripped of symbols, contain large numbers of functions, and distribute malicious...

Turning threat reports into detection insights with AI

Security teams routinely need to transform unstructured threat knowledge, such as incident narratives, red team breach-path writeups, threat actor profiles, and public reports into concrete defensive action. The early stages of that work are often the slowest. These include extracting tactics,...

Code Agent Can Be an End-To-End System Hacker: Benchmarking Real-World Threats of Computer-Use Agent

Computer-use agent CUA frameworks, powered by large language models LLMs or multimodal LLMs MLLMs, are rapidly maturing as assistants that can perceive context, reason, and act directly within software environments. Among their most critical applications is operating system OS control. As CUAs in...

On Technique Identification and Threat-Actor Attribution Using LLMs and Embedding Models

Attribution of cyber-attacks remains a complex but critical challenge for cyber defenders. Currently, manual extraction of behavioral indicators from dense forensic documentation causes significant attribution delays, especially following major incidents at the international scale. This research...

CISA and Partners Release Advisory on RansomHub Ransomware

Today, CISA—in partnership with the Federal Bureau of Investigation FBI, Multi-State Information Sharing and Analysis Center MS-ISAC, and Department of Health and Human Services HHS—released a joint Cybersecurity Advisory, StopRansomware: RansomHub Ransomware. This advisory provides network...

CISA and Partners Release Advisory on Akira Ransomware

Today, CISA, the Federal Bureau of Investigation FBI, Europol’s European Cybercrime Centre EC3, and the Netherlands’ National Cyber Security Centre NCSC-NL released a joint Cybersecurity Advisory CSA, StopRansomware: Akira Ransomware, to disseminate known Akira ransomware tactics, techniques, and...

CISA, FBI, and HHS Release an Update to #StopRansomware Advisory on ALPHV Blackcat

Today, CISA, the Federal Bureau of Investigation FBI, and the Department of Health and Human Services HHS released an update to the joint advisory StopRansomware: ALPHV Blackcat to provide new indicators of compromise IOCs and tactics, techniques, and procedures TTPs associated with the ALPHV...

CISA, FBI, MS-ISAC, and ASD’s ACSC Release Advisory on LockBit Affiliates Exploiting Citrix Bleed

Today, the Cybersecurity and Infrastructure Security Agency CISA, Federal Bureau of Investigation FBI, Multi-State Information Sharing & Analysis Center MS-ISAC, and Australian Signals Directorate’s Australian Cyber Security Center ASD’s ACSC released a joint Cybersecurity Advisory CSA,...

CISA Releases Update to Royal Ransomware Advisory

Today, the Federal Bureau of Investigation FBI and the Cybersecurity and Infrastructure Security Agency CISA released an update to joint Cybersecurity Advisory CSA StopRansomware: Royal Ransomware. The updated advisory provides network defenders with additional information on tactics, techniques,...

FBI and CISA Release Update on AvosLocker Advisory

Today, the Federal Bureau of Investigation FBI and the Cybersecurity and Infrastructure Security Agency CISA released a joint Cybersecurity Advisory CSA, StopRansomware: AvosLocker Ransomware Update to disseminate known indicators of compromise IOCs, tactics, techniques, and procedures TTPs, and...

CISA and FBI Release #StopRansomware: CL0P Ransomware Gang Exploits MOVEit Vulnerability

CISA and FBI released a joint Cybersecurity Advisory CSA CL0P Ransomware Gang Exploits MOVEit Vulnerability in response to a recent vulnerability exploitation attributed to CL0P Ransomware Gang. This joint guide provides indicators of compromise IOCs and tactics, techniques, and procedures TTPs...

DeftTorero: tactics, techniques and procedures of intrusions revealed

Earlier this year, we started hunting for possible new DeftTorero aka Lebanese Cedar, Volatile Cedar artifacts. This threat actor is believed to originate from the Middle East and was publicly disclosed to the cybersecurity community as early as 2015. Notably, no other intelligence was shared unt...

#StopRansomware: MedusaLocker

CISA, the Federal Bureau of Investigation FBI, the Department of the Treasury Treasury, and the Financial Crimes Enforcement Network FinCEN have released a joint Cybersecurity Advisory CSA, StopRansomware: MedusaLocker, to provide information on MedusaLocker ransomware. MedusaLocker actors target...

FBI Releases Indicators of Compromise Associated with Hive Ransomware

The Federal Bureau of Investigation FBI has released a Flash report detailing indicators of compromise IOCs and tactics, techniques, and procedures TTPs associated with ransomware attacks by Hive, a likely Ransomware-as-a-Service organization consisting of a number of actors using multiple...

Effective Threat-Hunting Queries in a Redacted World

A decade ago, hunting for adversary infrastructure was often as simple as monitoring a domain registrant’s name or phone number in public WHOIS records. As bad actors have moved first toward privacy protection services and then gained further obscurity behind laws such as the General Data...

Strategies, tools, and frameworks for building an effective threat intelligence team

How to think about building a threat intelligence program The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia...

Strategies, tools, and frameworks for building an effective threat intelligence team

How to think about building a threat intelligence program The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia...

NSA Releases Advisory on Chinese State-Sponsored Actors Exploiting Publicly Known Vulnerabilities

The National Security Agency NSA has released a cybersecurity advisory on Chinese state-sponsored malicious cyber activity. This advisory provides 25 Common Vulnerabilities and Exposures CVEs known to be recently leveraged, or scanned-for, by Chinese state-sponsored cyber actors to enable...