76,205 indicator observations across 154 adversary clusters. Tor anonymisation network surged to 17% of the catalogue, DPRK activity escalated six-fold, and the Velvet Ant network-appliance APT cluster reappeared. Full MITRE ATT&CK technique pressure, Sigma detection recipes, and platform-ready intelligence.
55,729 indicator observations across 91 adversary clusters this week — featuring Silent Ransom Group, DPRK-aligned activity, VShell, and a Mirai-class IoT seeder wave. Trend analysis, severity breakdown, detection recipes, and the platform to query it all.
A 2026 threat hunting playbook with seven battle-tested Sigma rules, a MITRE ATT&CK coverage matrix, and success metrics for SOC analysts, threat hunters, and detection engineers. Hunt the techniques, not the indicators.
A five-stage detection engineering framework — hypothesis, data inventory, logic, validation, metrics — with an AWS GuardDuty worked example, YAML rule template, and a failure-analysis playbook for noisy or silent detections.
A practitioner’s guide to the minimum viable cloud log set: CloudTrail, identity, DNS at tier one. Coverage matrix across AWS, Azure, GCP plus cost trade-offs.