Endigest

About
Privacy
Terms
Contact
RSS

Threat Intelligence Articles

10 articles

Related Tags

vSphere and BRICKSTORM Malware: A Defender's Guide

This post provides a defender's framework for securing VMware vSphere environments against BRICKSTORM malware, which establishes persistence at the virtualization layer beneath traditional security tools.

North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack

Google Threat Intelligence Group (GTIG) details an active supply chain attack on the axios NPM package attributed to North Korea-linked threat actor UNC1069.

M-Trends 2026: Data, Insights, and Strategies From the Frontlines

Mandiant's M-Trends 2026 report analyzes over 500,000 hours of frontline incident investigations in 2025, revealing major shifts in adversary tactics and cyber threat trends.

The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors

Google Threat Intelligence Group (GTIG) details DarkSword, a full-chain iOS exploit leveraging six zero-day vulnerabilities, adopted by multiple threat actors since November 2025.

Ransomware Under Pressure: Tactics, Techniques, and Procedures in a Shifting Threat Landscape

This Mandiant report analyzes the ransomware threat landscape and observed TTPs from 2025 incident response engagements.

Proactive Preparation and Hardening Against Destructive Attacks: 2026 Edition

This post provides proactive recommendations to defend against destructive cyberattacks, wipers, and modified ransomware.

Look What You Made Us Patch: 2025 Zero-Days in Review

Google Threat Intelligence Group (GTIG) tracked 90 zero-day vulnerabilities exploited in-the-wild in 2025, highlighting structural shifts toward enterprise targeting and evolving threat actor techniques.

Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit

Google Threat Intelligence Group (GTIG) identified "Coruna," a powerful iOS exploit kit targeting iPhones running iOS 13.0 through 17.2.1, containing 23 exploits across five full exploit chains.

Evolving Cloudflare’s Threat Intelligence Platform: actionable, scalable, and ETL-less

Cloudflare evolved its Threat Intelligence Platform to eliminate ETL pipelines using a sharded, SQLite-backed Durable Objects architecture with GraphQL running at the edge.

Introducing the 2026 Cloudflare Threat Report

Cloudflare's 2026 Threat Report details a shift from brute-force attacks to high-trust exploitation, measured by attacker Measure of Effectiveness (MOE).

Threat Intelligence

Cloudforce One

Threats