threat intelligence

Microsoft’s new CTI-REALM benchmark is notable because it moves the conversation about AI in cybersecurity away from trivia and toward operational value. Instead of asking whether a model can merely identify a threat technique, the benchmark tests whether an AI agent can read a threat report...

SophosLabs’ investigation into the WantToCry ransomware cases pulled back a curtain on a far more subtle problem than a single gang reusing servers: legitimate virtualization tooling and prebuilt VM images are creating identical, internet-facing fingerprints that cybercriminals and state-aligned...

Microsoft’s short and practical walkthrough for turning long, messy threat reports into actionable detection work promises a simple payoff: take days of manual analysis and compress the earliest, most tedious stages into minutes so defenders can get to validation and deployment faster...

Security researchers have shown that a single, seemingly legitimate Copilot link could be turned into a stealthy data‑exfiltration pipeline — an attack chain the research community has labeled “Reprompt” — and the discovery raises urgent questions for anyone who uses Microsoft Copilot Personal...

Microsoft’s choice of the phrase “Remote Code Execution” in the CVE title for CVE‑2026‑20946 is not a mistake — it’s an operational signal about attacker origin and potential impact — while the CVSS Attack Vector value of AV:L (Local) is a precise, technical statement about where the vulnerable...

Cyble's year‑end vulnerability digest warns of a clear and unsettling shift: weekly disclosures have spiked to levels that, in Cyble's analysis, are roughly double the long‑term pace, producing a sustained cadence of high‑severity flaws and rapidly appearing Proof‑of‑Concepts (PoCs) that...

John Lambert’s argument to “change the physics of cyber defense” is both a wake‑up call and a pragmatic roadmap: represent your environment as a graph, harden the terrain, invest in expert defenders and collaboration, and put modern AI and high‑fidelity telemetry to work so defenders regain the...

Sophos has pushed one of the most consequential security integrations of the year into the Microsoft ecosystem: Sophos Intelix for Microsoft 365 Copilot places Sophos X‑Ops threat intelligence — reputation lookups, static and dynamic file analysis, and prevalence context — directly into...

Sophos has launched a new Sophos Intelix agent for Microsoft Security Copilot, making its cloud-native threat intelligence accessible inside Microsoft’s agentic security environment and the Security Copilot store—available to Security Copilot users at no charge with a free SophosID account...

Sophos’ decision to surface its Sophos Intelix threat‑intelligence platform directly inside Microsoft’s Copilot ecosystem — including Microsoft Security Copilot, Microsoft 365 Copilot (Teams and Chat), and the Copilot agent framework (Copilot Studio / Agent 365) — represents a clear shift in how...

Sophos’ move to expose its Intelix threat intelligence inside Microsoft’s Copilot ecosystem is a practical inflection point: organisations running Microsoft security stacks can now call Sophos’ reputation, sandbox detonation and prevalence data directly from Microsoft Security Copilot and...

Sophos has moved its threat intelligence engine into Microsoft’s Copilot ecosystem, announcing that its Sophos Intelix repository is now available inside Microsoft Security Copilot and Microsoft 365 Copilot, bringing file, URL and IP reputation lookups, sandbox detonation results, and contextual...

Sophos’ decision to surface Sophos Intelix threat intelligence inside Microsoft Security Copilot and Microsoft 365 Copilot is a practical inflection point: high‑fidelity telemetry, reputation lookups and sandbox detonation results that once required dedicated SOC consoles are now available...

Sophos’ decision to surface its Intelix threat intelligence inside Microsoft’s Copilot ecosystem marks a practical inflection point: high-fidelity telemetry and sandbox analysis that once lived behind SOC consoles are now available inside Microsoft Security Copilot and Microsoft 365 Copilot...

The industry just reached a new inflection point: Anthropic, Microsoft, and NVIDIA unveiled a tightly coordinated set of partnerships that stitch model development, chip co‑engineering, and hyperscale cloud capacity into a single commercial fabric — Anthropic has committed to purchase roughly...

CISA and a coalition of U.S. and international partners this week published a practical playbook aimed at choking off a persistent enabler of organized cybercrime: bulletproof hosting (BPH) providers that knowingly lease infrastructure to threat actors and ignore abuse takedowns. The new...

Sophos’ announcement that Sophos Intelix is now integrated with Microsoft Security Copilot and Microsoft 365 Copilot marks a clear inflection point in how threat intelligence is delivered to both specialist security teams and everyday business users—bringing high-fidelity telemetry, reputation...

Russia’s sudden mobile “cooling-off” for returning travellers, Microsoft’s push to make passkeys a first-class OS feature, and a flurry of vendor patches and threat intelligence reports together make this an unusually consequential week for enterprise defenders and everyday Windows users alike —...

Cyble’s weekly vulnerability roundup — circulated this week — reports an exceptionally high-volume disclosure period that compresses the defender’s window for triage: hundreds to more than a thousand new CVEs in seven days, dozens of high‑severity flaws, and a growing list of public...

Kaspersky’s Global Research and Analysis Team (GReAT) has publicly exposed an active, server‑focused cyberespionage campaign — tracked as PassiveNeuron — that has compromised Internet‑facing Windows Server systems in government, financial and industrial environments across Asia, Africa and Latin...