AttackIQ

An Iran-linked group claims it wiped 200K+ systems at one of the world's largest medical device makers. Surgeries disrupted. EMS systems down. Our Adversary Research Team broke this down for @TechRepublic. 👇 techrepublic.com/article/news-s…

Nation-state iOS exploits don't stay exclusive anymore. DarkSword hit 220M+ iPhones and is already in multiple hands — espionage and crypto theft baked into one kit. The secondary exploit market is maturing fast. Read our take in @DarkReading. 👇 darkreading.com/threat-intelli…

Dumb things that smart security teams do: Assume more alerts, scans, & testing automatically means security is improving. 😵‍💫 Tomorrow we’re breaking down a better way to measure progress in Session 1 of our CTEM Masterclass. Last chance to register: attackiq.com/webinars/ctem-…

“100% MITRE ATT&CK coverage.” Sounds great. But what does it really mean? Different vendors calculate it differently. Different tests measure different depth. After our AMA with former MITRE leaders, we broke down the myths. Read & watch the replay: attackiq.com/2026/03/10/wha…

Operation Epic Fury began in cyberspace before the first missile ever launched. If history repeats, Iranian threat groups will respond with phishing, espionage, and destructive malware. The retaliation clock is already ticking. Read the full analysis: attackiq.com/2026/03/05/ope…

Before AI assistants, you had to go find the answer yourself. And if you were lucky, it came in black and yellow.📚 We brought that same simplicity to CTEM + MITRE INFORM For Dummies. If CTEM feels big, this breaks it down how to use it. Get the guide: attackiq.com/resources/eboo…

Some ransomware demands payment. Some just want opertional impact. LokiLocker: 🔐 Encrypts files 🧹 Kills recovery paths 💥 Can wipe systems completely Would your defenses hold up? Test them using the last assessment 👉 attackiq.com/2026/02/26/emu…

Watching The Pitt’s cyberattack episode felt a little too real 👀🩺 When ransomware can’t be contained, hospitals have no choice but to shut everything down. Lateral movement + unvalidated segmentation = chaos. We broke it down 🔗 bit.ly/46vMtIJ

Early activity from this ransomware strain caught the attention of both the FBI and U.S. Secret Service 👀 Enter: BlackByte. ProxyShell exploitation. LoLBins for lateral movement. Vulnerable drivers to disable defenses. Make sure your defenses hold up👇 attackiq.com/2026/02/25/emu…

Security teams: 📊 “Here are the test results.” Leadership: 🤔 “What does this mean for risk?” That gap is where programs stall. CTEM tests defenses against real attackers. MITRE INFORM turns results into decisions. Read the full breakdown 👇 attackiq.com/2026/02/24/fro…

⚡ TOMORROW | Live AMA w/ Jonathan Baker @OneRSAC @AdversaryVillag Thursday, February 19th | 7 AM PT/10 AM ET Get your threat-informed defense questions answered by someone who's been rethinking how defenders approach the problem from the ground up. 🔗 rsaconference.registration.goldcast.io/series/c54ffa3…

Cybersecurity is entering its next phase, shifting from exposure visibility to better decision-making. We’re excited to welcome Derek A. Whigham as Senior Advisor and Advisory Board member at AttackIQ. Read his perspective on attack path thinking: attackiq.com/2026/02/18/why…

You asked: What does Continuous Threat Exposure Management (CTEM) actually look like in practice? We built a course to answer it. Our new Foundations of CTEM course walks through running a practical CTEM loop using tools you already have. Free training: academy.attackiq.com/courses/founda…

Vendors love claiming “100% MITRE ATT&CK coverage.” But is that even possible? Former MITRE experts go behind the claims and explain what coverage really means in a live AMA. 📅 Feb 19 Bring your toughest questions. 👉 Save your spot: attackiq.com/resources/webi…

The bad news: your phishing tests are probably outdated. The good news: evergreen scenarios keep them fresh with the latest threat intel. ART is creating new runnable tests every week so you're validating against active attackers. Learn more: attackiq.com/2026/02/09/eve…

Exposed RDP without MFA remains one of the easiest paths to ransomware. Cephalus uses it to gain access, steal data, disable defenses, & undermine recovery before encryption ever begins. This sequence matters more than the payload itself. Full breakdown: attackiq.com/2026/02/05/emu…

What started as M3TID has evolved into MITRE’s threat-informed defense maturity model, focused on measuring progress, not just understanding attacks. We walked through what’s new and how teams can use it in practice. 🎥 Watch the replay: attackiq.com/resources/webi…

Nike is investigating a potential breach after WorldLeaks claimed access to 1.4 TB of internal data. Exposure of logistics & production data can dramatically increase supply chain risk, enabling fraud & partner compromise. Breakdown by @InfosecurityMag infosecurity-magazine.com/news/worldleak…

🔍 Guess That Adversary Think you know ransomware? Let’s see. Which ransomware family became infamous for targeting large enterprises and hospitals following widespread TrickBot and Emotet infections?

Threat intel tells you what threats exist. Not which ones target you. Not what your environment is exposed to. Not what to test next. That’s where CTEM breaks down. 📅 Jan 29 | 8 AM PT | 11 AM ET 🎯 CTI Overload: Making Threat Intel Work for CTEM 👉 attackiq.com/resources/webi…