Flare

The 2026 World Cup is right around the corner, but the cybercrime infrastructure around it is already running at scale. Our researcher Assaf Morag uncovered a coordinated Chinese-language gambling network exploiting FIFA branding across nearly 9,000 domains. What we found: → 4,800+ domains registered in 2026 alone, accelerating into the tournament → 4 operator clusters account for the majority of activity → Shared DNS, templated deployment, bulletproof hosting Full research from Assaf linked in the comments! #CyberThreatIntelligence #WorldCup2026 #ThreatResearch

Flare sera à Monaco pour Ready For IT 2026!   Visitez notre kiosque pour rencontrer les équipes Justin Gist P. et Thomas Boudon afin d’apprendre comment les identités exposées sont à l’origine des atteintes d’aujourd’hui, et comment la plateforme de renseignement sur les menaces de Flare les détecte et y remédie avant que les attaquants puissent agir.   Au plaisir de vous y voir!   🗓️ 2 au 4 juin 📍 Stand F018 — Flare will be in Monaco for Ready For IT 2026! Visit our booth to meet the team Justin Gist P. and Thomas Boudon to learn how exposed identities are driving today's breaches, and how Flare's threat intelligence platform detects and remediates them before attackers can act. See you there! 🗓️ June 2-4 📍Booth F018 #ReadyForIT

"It's always DNS." 😜 ... well, sure, sometimes -- but DNS is a helluva lot more than an IT outage crutch... it doubles as a really interesting forensic trail to map out infrastructure. Especially for hunting threat actors and cybercriminals 😎 My friends at Flare are continuing their streak of online training with their Flare Academy (completely free, by the way): this time you'll learn how you can pivot from just one single indicator to illuminate an entire adversary network (!!) using passive DNS, certificate hashes, JARM fingerprinting, and other slick tricks. Their Senior Cybercrime Researcher Adrian Cheek is running the show, live from 12pm to 2pm ET TODAY May 28th! Oh, and you can snag some CPE credits too 😁 Registration link below in the comments for ya: (ps, this post is a sponsored #ad, thank you Flare for your support)

65% of consumers say fraud concerns are the top reason they would abandon a website entirely. Account takeover rose 37% in 2025, even as overall digital fraud rates declined globally. The attack chain is well-established: breached credentials flow into criminal marketplaces within hours, get tested at scale, and compromise accounts before customers even know a breach occurred. ATO is not just a fraud team problem. It is a churn problem and a profitability problem. Our latest blog written by William Bradley breaks down how organizations can fight it across the full lifecycle, before the attacker acts, not after the damage is done. 🔗 Link in comments. #AccountTakeoverPrevention #FraudPrevention #Cybersecurity

Healthcare data is the most valuable commodity on the dark web. Andréanne Bergeron, PhD analyzed 348 real data breach listings spanning 2008 to 2026 from dark and clear web marketplaces to determine what threat actors actually pay for stolen data. Personal health records command approximately $300 per record, more than 4x the next closest category and nearly 18x the value of a credit card number. Read the full breakdown linked in the comments👇 #HealthcareSecurity #CyberThreatIntelligence

DNS is the backbone of the internet, and a primary source of forensic artifacts for threat intelligence researchers. In our next Flare Academy training, Adrian Cheek, Senior Threat Intelligence Researcher at Flare, demonstrates how investigators can use passive DNS, resource record analysis, and infrastructure fingerprinting to map criminal networks from a single initial indicator. 🗓️ Thursday, May 28th | 12–2 PM ET | Virtual Register: https://bit.ly/4cTtOcf #ThreatIntelligence #Cybersecurity #FlareAcademy

Anthropic Mythos is the first model to fully complete a cyber range end-to-end, meaning it can autonomously take over a poorly defended network with minimal scaffolding. The immediate risk to organizations is low, no public reporting indicates cybercriminals have access to Mythos-level models today. But within 12-18 months, open-weight models with equivalent capabilities will likely be available at a cost effective for cybercriminals to deploy at scale. We wrote a primer for CISOs and security teams on what Mythos means, how AI-driven cybercrime is evolving across social engineering, vulnerability exploitation, and agentic attacks, and what to do now before the window closes. Full article in the comments. #AICybersecurity

The finale of our Evolution of Identity Security Workshop is here. Part III: The Future of Identity-Driven Cybercrime, featuring special guests Derek Banks from Black Hills Information Security and Astrix Security's Jonathan Sander. Cybercriminals are moving beyond credential theft to targeting non-human identities at machine speed. In this session we cover how origin-bound passkeys make traditional credential theft structurally impossible, the inherent risks in vibe-coded applications, and how DPoP and CAEP ensure stolen tokens can't be weaponized. New to the series? Parts I & II are available on-demand, and all registrants receive the recordings and slides. Register: https://bit.ly/4nFt3IC

New Flare research: Adrian Cheek analyzed publicly indexed scan data across 15,885 internet-facing healthcare hosts spanning 1,175 organizations in all 50 US states to understand what the sector's external attack surface looks like from an adversary's perspective. 311 hosts carry at least one critical-rated CVE (CVSS 9.0+). 77 hosts across 24 organizations match the exact tradecraft identified in a joint CISA, FBI, and NSA advisory issued April 2026. Over 1,000 hosts are running cleartext FTP on the public internet, and six expose DICOM medical imaging protocols on routable addresses. No active scanning was performed. Every finding in this research is derived from passive, publicly available data, the same data accessible to any threat actor today. Full analysis in the comments ⬇️ #HealthcareCybersecurity #AttackSurfaceManagement #CyberThreatIntelligence