AttackIQ

MITRE ATLAS™ is ATT&CK for AI. The latest release adds 45+ new techniques, expanded LLM and agentic AI coverage, and the first Rapid Response Report for AI security incidents. Check the matrix: atlas.mitre.org Explore all the new updates: ctid.mitre.org/blog/2026/05/0…

Attackers scan newly disclosed CVEs within 15 minutes. Federal ATO timelines run 6-18 months. The authorization cycle wasn't built for an adversary moving at machine speed. Register to hear from practitioners on the frontlines of federal cyber defense. attackiq.com/resources/webi…

"Critical" CVEs aren't what's getting exploited most—high & medium vulnerabilities are. In our opinion, your SLAs are built on math the data no longer supports. If your program runs on CVSS scores & calendar cycles, this Gartner report is worth a read. attackiq.com/resources/repo…

Your vulnerability backlog will never be zero. AI-speed exploitation made sure of that. Threat debt is what accumulates when adversaries find paths faster than you break them. Learn what it is, what drives it, and how to pay it down on May 21: attackiq.com/resources/webi…

Is it too early to pack our bags for Infosecurity Europe...? Asking for a friend. ✅ Live CTEM demos all three days ✅ Happy hour Tuesday evening at the Aloft ✅ Free shirt for a 5-minute demo (seriously) See you in London. 👋 attackiq.com/lp/infosecurit…

Threat debt is accumulating in your environment right now, whether you're tracking it or not. Unbroken attack paths create adversary opportunity, and CTEM gives you a framework to quantify it and pay it down by breaking the paths that matter most. 🔗 attackiq.com/2026/04/30/thr…

If you can't measure your defensive maturity, you can't improve it. The AttackIQ INFORM Assessment gives you the score, the gaps, and the roadmap to improve coverage where it matters most. See where you stand: attackiq.com/inform-tool/?u…

The window from vulnerability discovery to weaponized exploit used to be measured in months. By early 2026, it had crossed one day. Mythos made that impossible to ignore. We put together an executive brief on what changed and what to do about it. 📄 attackiq.com/resources/whit…

Lazarus Group just stole $290M from KelpDAO. Not a smash-and-grab. A multi-stage operation: poisoned RPC nodes, DDoS-forced failover, forged cross-chain message. Groups like Lazarus are not just walking away richer, they are walking away better. infosecurity-magazine.com/news/north-kor…

Final session of our CTEM Masterclass Series. We're tackling the hardest question: how do you make CTEM operational? Plus, one live attendee will win a guided threat-informed maturity assessment. Must attend live to qualify. Register: attackiq.com/webinars/ctem-…

45M records. No exotic malware. Just a misconfigured Salesforce instance. 😲 ShinyHunters' playbook isn't sophisticated. It's opportunistic. Identity and configuration hygiene aren't "set it and forget it" — and this breach proves it. 🔗 securitymagazine.com/articles/10223…

"Only $150k. That's 3% of your yearly revenue." NightSpire did the math on your ransom for you. They also threw in a 50% early payment discount! How thoughtful! Our ART pulled apart their TTPs. Test your defenses before you get this note: 🔗 attackiq.com/2026/04/14/nig…

We want YOU to be a part of it — New York, New York 🗽🍕 May 7th, AttackIQ + Accenture are bringing CTEM + MITRE INFORM to One Manhattan West. 📅 May 7 | 10 AM – 4 PM 📍 One Manhattan West, NYC Grab your spot 👉 attackiq.com/lp/roadshow-ny…

⏱️ Initial access to full encryption: under 24 hours. Medusa is exploiting vulnerabilities up to 7 days before public disclosure. 300+ critical infrastructure orgs hit -- healthcare, finance, airlines. Read more: bleepingcomputer.com/news/security/…

DragonBreath is back. The threat group behind a modified gh0st RAT variant is now deploying RoningLoader, a multi-stage malware targeting cryptocurrency and gaming platforms. We broke down the TTPs and what your team needs to know. Read it here: attackiq.com/2026/04/07/ron…

London-based ✔️ Senior security leader ✔️ Thinking about modernising SecOps ✔️✔️ This one's for you. On 23 April, we're hosting a private CISO Roundtable in London. Closed-door. Peer-only. No pitches. Seats are limited: attackiq.com/lp/ciso-roundt…

Lynx is dead. Meet Sinobi. This RaaS group inherited its code from Lynx (and INC before it), making it more refined than its mid-2025 debut suggests. No preferred targets. Encryption built to prevent recovery without the attacker's keys. TTP breakdown: attackiq.com/2026/04/02/sin…

Session 2 of our CTEM Masterclass Series is tomorrow. One attendee wins a private MITRE INFORM assessment with Jon Baker, VP of Threat-Informed Defense. A real read on your program's maturity from someone who knows it inside out. Register today: attackiq.com/webinars/ctem-…

BYOVD lets adversaries load legitimate, vulnerable kernel drivers to strip EDR protections before payload deployment. LockBit, Medusa, BlackCat, and others are already doing it. Read more: attackiq.com/resources/repo…

Your EDR looks healthy on the dashboard. Meanwhile, attackers are using legitimate Windows components to silently blind it. Our Adversary Research Team just dropped a deep dive into EDR Inhibitors — the utilities, drivers, and techniques behind it. attackiq.com/2026/03/23/edr…