“Predatory Sparrow” first emerged as a self-proclaimed hacktivist group in 2021 with pro-Israel intentions and operations focused on disruptive activity targeting Iranian entities and interests, although there a potential signs of even earlier operations against Syria. Of note, whereas most hacktivist entities or personas exhibit far more “bluster” than actual Read more
“Intelligence” is an overloaded concept in that the term may refer to a variety of items, actions, and deliverables. Attempts to define intelligence have existed for decades, and for a seemingly direct concept lead to extended discussion. As such, relatively new variations of this concept, such as “cyber threat intelligence” Read more
Computer science and particularly information security stories can occasionally “color” more general discourse, such as rampant speculation of cyber components of recent conflicts. But rarely do highly technical items reach true “escape velocity” to inundate popular media. The past few days have observed just this phenomenon with Anthropic’s announcement of Read more
On 30 January 2026, CERT.PL published findings concerning an electric sector attack on Poland in December 2025. This report, presumably the most complete on the incident covering multiple sources and coming from those directly responding to the total incident, arrived after earlier reporting from commercial organizations on elements of the Read more
A core part of my teaching at Paralus is guiding attendees towards mechanisms of fusing internal telemetry and understanding with external data sources and feeds to arrive at a more robust understanding of threat actor operations and behaviors. This perspective is reflected in my work on intelligence production and development Read more
In July 2025, NSA officials at a conference in New York City made a surprising claim: “The good news is, [Volt Typhoon] really failed. They wanted to persist in domestic networks very quietly for a very long time so that if and when they needed to disrupt those networks, they Read more
On 17 July 2025, Bloomberg (no stranger to interesting information security reporting) issued a gated report on a non–public Recorded Future item related to Salt Typhoon activity. As previously noted in this space, Salt Typhoon operations are both incredibly significant given their targeting and scope, while also poorly understood and Read more
The United States’ Cybersecurity and Infrastructure Security Agency (CISA) launched a campaign roughly aligned with Russia’s horrific invasion of Ukraine in 2022 called “Shields Up.” At its core, “Shields Up” was designed as a set of relatively straightforward security best practices to prepare for expected increases in threat actor operations. Read more
Salt Typhoon first emerged in the public consciousness with media reporting in late 2024. The previously unknown (or overlooked) threat actor was quickly linked to widespread intrusions in major US-based telecommunications companies, and targeting of both specific systems used to enable lawful intercept operations as well as the communications of Read more
On 04 June 2024, multiple hospitals in London declared a “critical incident” following a ransomware incident targeting a pathology services company called Synnovis. The incident resulted in multiple medical practices, including major hospitals, being unable to perform tasks such as blood transfusions or rapid testing of blood samples. Cascading impacts of Read more