Flash CTI

CrowdStrike just dropped their 2026 Global Threat Report and the numbers are staggering. Average eCrime breakout time fell to just 29 minutes, with the fastest at 27 seconds, while 82% of detections were completely malware-free. Attackers are living off trusted credentials, approved SaaS integrations, and legitimate identity flows to blend into normal activity. AI-enabled adversary attacks surged 89% year-over-year, with threat actors using AI for social engineering, prompt injection, and even targeting enterprise AI systems themselves. China-nexus intrusions jumped 38% across all sectors, cloud-conscious intrusions rose 37%, and supply chain attacks enabled the largest single financial theft ever reported at $1.46 billion in crypto. The message is clear: identity is the new perimeter, speed is the new weapon, and if your security strategy isn't evolving as fast as the adversaries, you're already behind. If only there were someone who could map emerging threats to your actual business and tell you about them in plain English... 🤔 Hit me up. I'd love to chat and show you how I do it. 🙂 https://lnkd.in/ecnTMw2U

I’ve been watching the rise of device code vishing attacks against Microsoft Entra accounts, and they’re a good reminder that attackers don’t always need to “break in.” Sometimes they just ask for access and walk people through granting it. The login is real. The MFA is real. The compromise is real too. We need to adjust how we think about detection. On the defensive side, start by monitoring device code sign ins and OAuth token issuance like you would privileged access. Alert on device code flows that are unusual for the user, coming from new geographies, or happening outside normal work patterns. Correlate successful device code authentication with risky IP addresses, impossible travel, or first time app access. If your users do not legitimately need device code flow, disable or restrict it through conditional access. And don’t ignore the human layer. Make sure employees know that no legitimate IT team will ask them to read off a device code from a login page they did not initiate. Encourage reporting of suspicious calls without fear of blame. The goal is simple: reduce the blast radius, increase visibility, and make social engineering much harder to turn into persistent access. https://lnkd.in/eqSv3_qH

Very cool analysis of modern QR Code Phishing... https://lnkd.in/e4e5gBwN

Major update to what Known Exploited Vulnerabilities (KEVs) Ransomware groups are actively using... https://lnkd.in/g329zPDi

These are the kind of edge cases that make you raise an eyebrow. Let's say a whole project, or a vendor gets hijacked... how are you going to know? Are you in their logs? Did they think to notify you? Other crazy IT security scenarios are going to be out there, the question is, are you oblivious to them? Or do you know about them quick enough to take action? With good CTI you're going to know. And knowing is half the battle. https://lnkd.in/enVZQHp3

Do I have to remind you why Cyber Threat Intelligence is so important? New and novel attack vectors are emerging. You need to be ready, because your controls will not be unless you are paying attention. tl;dr - JUMP SCARE - proof of concept (POC) for LLM generating polymorphic malware client side in real time. https://lnkd.in/d9A6Zzgr

Voice phishing attacks, known as vishing, are surging and everyone needs to stay sharp. Cybercriminals are calling people while impersonating trusted figures, offering help with account setup or password issues, then directing victims to fake login pages that steal their credentials in real time. These aren't your typical robocall scams. The attackers do their homework, learning the right jargon and processes to sound completely legitimate on the phone. Cloud services like email platforms, file storage, and CRM tools are prime targets because they often sit outside traditional company security controls and can be accessed from anywhere with the right credentials. Once attackers have those login details, they can access sensitive data within minutes. If you receive an unexpected call from someone asking you to visit a website or share login information, be skeptical and verify through official channels you trust. A healthy dose of caution on phone calls could be the difference between a normal day and a serious data breach. https://lnkd.in/eh8hVefa

Ransomware as a Service: What Small Businesses Need to Know (complete with jump scare). Not long ago, running a ransomware attack required real technical skill, but that has changed quickly. Today, ransomware is sold on underground markets like packaged software, complete with instructions, dashboards, and built-in payment systems, allowing almost anyone to launch an attack. These Ransomware-as-a-Service (RaaS) kits are advertised on dark web forums, and some operators actively recruit new affiliates, pouring millions of dollars into recruitment drives. The price of RaaS kits ranges from $40 per month to several thousand dollars, trivial amounts given potential payouts. According to Verizon’s 2025 Data Breach Investigations Report, ransomware was involved in 88% of breaches affecting small and midsize businesses, compared to 39% for larger organizations. These kits are cheap, easy to use, and often aimed at small businesses because attackers assume defenses are lighter and recovery pressure is higher. Small businesses often do not have the resources to defend against devastating cyber threats like ransomware. The result is a steady rise in opportunistic attacks that start with simple mistakes like a clicked phishing link or an exposed remote login. Many small businesses can get by with practical solutions: lock down remote access, use multifactor authentication everywhere, patch systems promptly, test backups, and train staff to slow down and question unexpected emails. You are not trying to outsmart elite hackers, you are closing the easy doors that rented ransomware tools depend on. Now as I promised... If you want a little jump scare, you should really take a peek at https://lnkd.in/exzWgFee [ransomware live] to see what I am talking about. Ransomware is COOKING in 2026, with no slowdown in sight. This is why I preach the value of CTI so much, and why you should have a Cyber Threat Intelligence function in your org. Relevant intelligence leads to proper action. Some HIGHLY suggested further reading: https://lnkd.in/eigbf2Pe [great cyber guidance advice] https://lnkd.in/gc5kVu2M [RaaS info 1] https://lnkd.in/efMTJjyS [RaaS info 1] https://lnkd.in/g-Ct9j8G [Ransomware trends for 2026]