threat-intelligence

Russian Satellites. Iranian Missiles. A U.S. AWACS. Three Sources Now Document the Same Kill Chain.

John Z Black Apr 13, 2026

Threat Intelligence #russia #iran #threat-intelligence #awacs #satellite-isr #cyber-operations #state-actors #geopolitical

A Russian satellite imaged Prince Sultan Air Base before the March 27 strike. Iran hit a U.S. E-3 Sentry AWACS. A Russian satellite returned the next day for damage assessment. A Ukrainian intelligence assessment, a Western military source, and a U.S. orbital analytics firm all now document pieces of that sequence.

A Hacker Claims the Biggest Military Breach in History. Experts Think It Might Be Real.

John Z Black Apr 12, 2026

Incidents & Breaches #flamingchina #china #tianjin #nscc #military-breach #supercomputer #threat-intelligence #unverified

FlamingChina claims to have stolen 10 petabytes from China's National Supercomputing Center in Tianjin, including missile schematics and weapons testing data. CNN showed samples to cybersecurity experts. They declined to dismiss it. This has not been confirmed.

Three Ransomware Gangs Own a Third of North America's Cybercrime. What That Means for Your Risk Model.

John Z Black Mar 30, 2026

Ransomware & Cybercrime #ransomware #qilin #akira #clop #north-america #threat-intelligence #risk-management

Qilin, Akira, and Clop together claimed roughly 34% of all recorded North American ransomware incidents in 2025 -- and that concentration is actually something defenders can use.

The Progress We Thought We Were Making Against Hackers? It Just Went Backward.

John Z Black Mar 30, 2026

Threat Intelligence #m-trends #dwell-time #mandiant #espionage #ransomware #north-korea #threat-intelligence

Dwell time reversed in 2025, and the reason why tells you exactly which threats most security programs are not built to catch.

The Week the Infrastructure Fought Back (and Lost)

John Z Black Mar 23, 2026

Weekly Recap #the-week-in-cyber #mobile-security #supply-chain #identity #iran #dprk #ransomware #ai-fraud #threat-intelligence

The week of March 16-22 hit management planes, identity infrastructure, and security tooling itself -- and North Korea kept hiring.

Inside the North Korean IT Worker Playbook: IBM and Flare's New Research Shows Exactly How They Get In

John Z Black Mar 23, 2026

Threat Intelligence #north-korea #threat-intelligence #insider-threat #identity-fraud #dprk #remote-work-security

IBM and Flare published the most detailed technical breakdown yet of how North Korean IT workers infiltrate US companies, including specific detection controls security and HR teams can actually use.

Handala, Publicly Attributed: What the FBI Seizure Changes About Iran Cyber Signaling

John Z Black Mar 21, 2026

Threat Intelligence #iran #handala #mois #fbi #attribution #nation-state #wiper #threat-intelligence

The FBI seized Handala's sites and released a 40-page warrant formally linking the group to Iran's intelligence ministry. Attribution just moved from analyst opinion to federal court filing.

The 31.4 Tbps Botnet Crackdown Signals a New DDoS Enforcement Phase

John Z Black Mar 21, 2026

Ransomware & Cybercrime #ddos #botnet #iot #law-enforcement #takedown #aisuru #kimwolf #threat-intelligence

US, German, and Canadian authorities dismantled four major DDoS botnets spanning 3 million IoT devices and record-setting attacks. The how matters as much as the what.

DarkSword Spread Beyond One Campaign. Mobile Risk Has to Follow.

John Z Black Mar 19, 2026

Threat Intelligence #darksword #ios #mobile-exploitation #threat-intelligence #enterprise-security #high-risk-users #incident-response

Google threat intelligence ties DarkSword-linked iOS exploitation to a broader actor picture than earlier reporting suggested. The bigger signal isn't the exploit chain. It's that the capability is spreading across actors and channels.

iPhone Exploit Chains Are Becoming a Market, Not a One-Off

John Z Black Mar 18, 2026

Threat Intelligence #ios #darksword #iphone #spyware #threat-intelligence #mobile-security #webkit

DarkSword iOS exploit capability is showing up across multiple actor sets -- state-linked groups, commercial spyware vendors, and infostealer campaigns. The old 'rare nation-state' framing doesn't hold anymore.

Ransomware Is Getting Less Profitable and More Prolific

John Z Black Mar 17, 2026

Threat Intelligence #ransomware #mandiant #threat-intelligence #qilin #akira #wef #enterprise-risk

Mandiant's latest report shows ransomware payments declining while victim counts hit record highs. The ecosystem isn't dying. It's fragmenting faster than defenders can track.

Two Spy Campaigns, Two Completely Different Playbooks

John Z Black Mar 16, 2026

Threat Intelligence #espionage #apt #china #russia #signal #asean #military #threat-intelligence

A Chinese APT has been sitting inside Southeast Asian military networks for six years. Meanwhile, Russian hackers are stealing Signal accounts with fake support messages. Same goal, wildly different approaches.

Iran Hit a Medical Device Giant, a NATO Parliament, and Your Instagram Feed on the Same Day

John Z Black Mar 12, 2026

Threat Intelligence #iran #handala #stryker #wiper-attack #critical-infrastructure #influence-operations #nato #threat-intelligence

March 11 wasn't three separate cyberattacks. It was one coordinated Iranian campaign across three fronts: a wiper on Stryker, a breach of Albania's parliament, and an influence op on Instagram. All in 24 hours.

APT28's Covenant Trick and North Korea's AirDrop Hack: How Nation-States Borrow Their Tools

John Z Black Mar 11, 2026

Threat Intelligence #apt28 #north-korea #nation-state #covenant #airdrop #threat-intelligence

Russia's APT28 hijacked an open-source red-team tool to hit Ukraine. North Korea's UNC4899 used Apple AirDrop to break into a crypto firm. Both attacks exploit the trust we put in legit software.