Synthetic APTs: The Collapse of TTP-Based Attribution

Cyber Threat Intelligence CTI attribution relies on identifying the Tactics, Techniques, and Procedures TTPs that distinguish one threat actor from another. This approach presupposes that each adversary leaves a recognizable operational fingerprint. This work investigates whether AI driven...

AthenaBench: A Dynamic Benchmark for Evaluating LLMs in Cyber Threat Intelligence

Large Language Models LLMs have demonstrated strong capabilities in natural language reasoning, yet their application to Cyber Threat Intelligence CTI remains limited. CTI analysis involves distilling large volumes of unstructured reports into actionable knowledge, a process where LLMs could...

Cyber Threat Hunting: Non-Parametric Mining of Attack Patterns from Cyber Threat Intelligence for Precise Threats Attribution

With the ever-changing landscape of cyber threats, identifying their origin has become paramount, surpassing the simple task of attack classification. Cyber threat attribution gives security analysts the insights they need to device effective threat mitigation strategies. Such strategies empower...

Zero-Trust Foundation Models: a New Paradigm for Secure and Collaborative Artificial Intelligence for Internet of Things

This paper focuses on Zero-Trust Foundation Models ZTFMs, a novel paradigm that embeds zero-trust security principles into the lifecycle of foundation models FMs for Internet of Things IoT systems. By integrating core tenets, such as continuous verification, least privilege access LPA, data...

Modeling Behavioral Preferences of Cyber Adversaries Using Inverse Reinforcement Learning

This paper presents a holistic approach to attacker preference modeling from system-level audit logs using inverse reinforcement learning IRL. Adversary modeling is an important capability in cybersecurity that lets defenders characterize behaviors of potential attackers, which enables attributio...

Wordfence Intelligence Launches New Malware Hash Feed!

Today, the Wordfence team is launching a Malware Hash Feed as part of our Wordfence Intelligence API. This gives our Enterprise users another way to rapidly and definitively identify malware targeting web applications. As the world’s foremost WordPress security provider, Wordfence has an expertly...

Afternoon Cyber Tea: Learn how to stop misinformation threats from nation-state bad actors

Information has long been wielded as an instrument of national power and influence. In today’s digital world, misinformation can also be just as powerful. On a special episode of Afternoon Cyber Tea with Ann Johnson, Sandra Joyce, Executive Vice President and Head of Mandiant Intelligence at...

Afternoon Cyber Tea: Learn how to stop misinformation threats from nation-state bad actors

Information has long been wielded as an instrument of national power and influence. In today’s digital world, misinformation can also be just as powerful. On a special episode of Afternoon Cyber Tea with Ann Johnson, Sandra Joyce, Executive Vice President and Head of Mandiant Intelligence at...

China Chopper still active 9 years later

By Paul Rascagneres and Vanja Svajcer. Introduction Threats will commonly fade away over time as they're discovered, reported on, and detected. But China Chopper has found a way to stay relevant, active and effective nine years after its initial discovery. China Chopper is a web shell that allows...