threat intelligence Return of Shai-Hulud: The “Second Coming” of the NPM Supply Chain Compromise This blog walks through the malicious code present in the second iteration of the Shai-Hulud compromise.
malware Dissecting the Infection Chain: Technical Analysis of the Kimsuky JavaScript Dropper This blog analyzes a Kimsuky sample, how the dropper downloads additional stages, and network traffic observed within the infection chain.
threat intelligence NPM Compromise: The Wrath of the Shai-Hulud Supply Chain Attack A walkthrough of two major NPM supply chain compromises in September 2025: the Shai-Hulud worm and cryptocurrency wallet hijacking.
threat intelligence Thorium 101: Inside CISA’s Open Source Malware Analysis Platform CISA’s new open-source malware analysis tool Thorium is designed for customization, safety, and real-world security team workflows. This post introduces its core features and how to get started.
threat intelligence Unpacking KiwiStealer: Diving into BITTER APT’s Malware for File Exfiltration Learn about KiwiStealer capabilities and malware analysis of how it exfiltrates data via HTTP POST requests.
threat intelligence Collection through Correlation: Operationalizing IP and Domain Indicators of Compromise IP addresses and domains aren’t just for blocklists; when analyzed with the right tools, they can be operationalized to enrich alerts, support threat hunting, and uncover risk.
threat intelligence Albabat 2.0.0 Decoded: A Config-Driven Design This blog analyzes Albabat ransomware, exploring its config file, executed ransomware commands, and ransom note.
malware Rilide - An Information Stealing Browser Extension Learn about the information stealing browser extension Rilide, its delivery methods, and intrusion chain.
threat intelligence Compromised Browser Extensions - A Growing Threat Vector Learn how threat actors leverage browser extensions as an attack vector, including examples for Cyberhaven and GraphQL Network Inspector.
threat intelligence Featured Assemblyline 101 - Open Source Malware Triage Learn how to install and use Assemblyline, the open-source malware triage tool. This 101 includes an overview, deployment walkthrough, example use case, and resources.
threat intelligence Leveraging Threat Intelligence in Security Operations Explore the essential role of Cyber Threat Intelligence (CTI) in understanding and mitigating cybersecurity threats - detailing its types, processes, and effective implementation in enhancing security operations and incident response.
threat intelligence Cronus: Ransomware Threatening Bodily Harm This technical research analyzes Cronus Ransomware. We examine how the ransomware encrypts files, establishes persistence, and deviates from other ransom notes.
threat intelligence CrowdStrike BSOD Outage: What We Know What we know about the CrowdStrike BSOD outage.
threat intelligence Phishing Kits 101 & V3B Phishing Kit Phishing kits are "as-a-service" tools that help threat actors rapidly deploy phishing pages and campaigns. This blog examines key components, how they work, helpful resources, and a dive into the V3B phishing kit.
threat intelligence Sharing, Compared Part 4: Where Do We Go From Here? Quantitative and qualitative insights inform our roadmap and best practices to achieve success in CTI networking.
malware Latrodectus Loader This research examines the distribution mechanisms, C2 traffic patterns, and functionality of Latrodectus loader.
threat intelligence Sharing, Compared Part 3: How Can We Improve? In part 3, we examine the challenges, organizational context, and issues with methods used for cyber threat intelligence sharing.
threat intelligence Sharing, Compared Part 2: Where Do We Share? In part 2 of this series, discover where practitioners share during CTI collaboration - from peer to peer trust groups to paid memberships.
threat intelligence Featured Tool Guide: CyberChef 101 Learn how to use the versatile, open source utility CyberChef. This 101 includes an overview, operations, real-world walkthrough, and resources.
threat intelligence Sharing, Compared Part 1: How and Why Do We Connect? In the first of our four-part series, learn why practitioners prioritize human-to-human sharing and its benefits.
threat intelligence Balada Injector Dive into how Balada exploits vulnerabilities within WordPress plugins. This research blog analyzes how Balada injects malicious code and the functionality of the scripts used in the campaign.
threat intelligence CTI Networking Report 2024 "Sharing, Compared: A Study on the Changing Landscape of CTI Networking" is now available online.
threat intelligence PikaBot Rising Dive into the distribution methods and capabilities of Pikabot, a loader that has been growing in prevalence since early 2023.
pulsedive 2023 In Review Here's our 2023 roundup of cyber threat intelligence news: key exploited vulnerabilities, ransomware, and Pulsedive updates over the last year.
