From Scanner to Stealer: Inside the trivy-action Supply Chain Compromise

Next-Gen Identity Security

CrowdStrike FalconID Brings Phishing-Resistant MFA to Falcon Next-Gen Identity Security

Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse

CrowdStrike Flex for Services Expands Access to Elite Security Expertise

CrowdStrike Achieves NCSC CIR Assurance for Incident Response

CrowdStrike Named a Customers’ Choice in 2026 Gartner® Peer Insights™ Voice of the Customer for User Authentication

CrowdStrike to Acquire Seraphic to Secure Work in Any Browser

Next-Gen SIEM & Log Management

Falcon Next-Gen SIEM Supports Third-Party EDR Tools, Starting with Microsoft Defender

Falcon Next-Gen SIEM Simplifies Onboarding with Sensor-Native Log Collection

CrowdStrike Falcon Platform Achieves 441% ROI in Three Years

CrowdStrike 2026 Global Threat Report: The Evasive Adversary Wields AI

The Art of Deception: How Threat Actors Master Typosquatting Campaigns to Bypass Detection

Endpoint Security & XDR

Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management

Enhanced Network Visibility: A Dive into the Falcon macOS Sensor's New Capabilities

Falcon for XIoT Extends Asset Protection to Healthcare Environments

Engineering & Tech

EMBER2024: Advancing the Training of Cybersecurity ML Models Against Evasive Malware

Falcon Platform Prevents COOKIE SPIDER’s SHAMOS Delivery on macOS

CrowdStrike’s Approach to Better Machine Learning Evaluation Using Strategic Data Splitting

CrowdStrike Researchers Develop Custom XGBoost Objective to Improve ML Model Release Stability

Executive Viewpoint

Frontier AI Is Collapsing the Exploit Window. Here’s How Defenders Must Respond.

Frontier AI for Defenders: CrowdStrike and OpenAI TAC

Anthropic Claude Mythos Preview: The More Capable AI Becomes, the More Security It Needs

The Architecture of Agentic Defense: Inside the Falcon Platform

From The Front Lines

Introducing the CrowdStrike Shadow AI Visibility Service

CrowdStrike Named a Leader in Frost & Sullivan 2026 Radar for Cloud-Native Application Protection Platforms

CrowdStrike Expands Real-Time Cloud Detection and Response to Google Cloud

CrowdStrike Falcon Cloud Security Delivered 264% ROI Through Unified Cloud Protection

Cloud & Application Security

Video Highlights the 4 Key Steps to Successful Incident ResponseDec 02, 2019

Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VIDEO]Feb 21, 2019

Analyzing Targeted Intrusions Through the ATT&CK Framework Lens [VIDEO]Jan 22, 2019

Qatar’s Commercial Bank Chooses CrowdStrike Falcon®: A Partnership Based on Trust [VIDEO]Aug 20, 2018

How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem

CrowdStrike Services and Agentic MDR Put the Agentic SOC in Reach

4 Ways Businesses Use CrowdStrike Charlotte AI to Transform Security Operations

Inside the Human-AI Feedback Loop Powering CrowdStrike’s Agentic Security

CrowdStrike Advances CNAPP with Industry-First Adversary-Informed Risk Prioritization

Threat Hunting & Intel

STARDUST CHOLLIMA Likely Compromises Axios npm Package

Tycoon2FA Phishing-as-a-Service Platform Persists Following Takedown

CrowdStrike Expands ChatGPT Enterprise Integration with Enhanced Audit Logging and Activity MonitoringApr 28, 2026

Google Cloud Products

Threat IntelligenceLook What You Made Us Patch: 2025 Zero-Days in ReviewBy Google Threat Intelligence Group • 23-minute read

Transform with Google Cloud

GTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial Use

Threat IntelligenceNorth Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain AttackBy Google Threat Intelligence Group • 16-minute read

Threat IntelligenceRansomware Under Pressure: Tactics, Techniques, and Procedures in a Shifting Threat LandscapeBy Google Threat Intelligence Group • 53-minute read

Google Maps Platform

Google Workspace

Developers & Practitioners

Threat Intelligence RSS feed URL

Threat IntelligenceSnow Flurries: How UNC6692 Employed Social Engineering to Deploy a Custom Malware SuiteBy Mandiant • 26-minute read

Threat IntelligenceDefending Your Enterprise When AI Models Can Find Vulnerabilities Faster Than EverBy Francis deSouza • 13-minute read

Threat IntelligenceThe German Cyber Criminal Überfall: Shifts in Europe's Data Leak LandscapeBy Google Threat Intelligence Group • 5-minute read

Threat IntelligencevSphere and BRICKSTORM Malware: A Defender's GuideBy Mandiant • 62-minute read

Threat IntelligenceM-Trends 2026: Data, Insights, and Strategies From the FrontlinesBy Jurgen Kutscher • 8-minute read

Threat IntelligenceThe Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat ActorsBy Google Threat Intelligence Group • 34-minute read

Threat IntelligenceProactive Preparation and Hardening Against Destructive Attacks: 2026 EditionBy Mandiant • 222-minute read

Security & Identity

SAP on Google Cloud

Inside Google Cloud

Google Cloud Next & Events

Google Cloud Consulting

Chrome Enterprise

Containers & Kubernetes

Maps & Geospatial

Threat Intelligence

Infrastructure Modernization

Productivity & Collaboration

Storage & Data Transfer

Financial Services

Healthcare & Life Sciences

Media & Entertainment

Telecommunications

Training & Certifications

Jump to Content

Get started for free

AI & Machine Learning

Application Development

Application Modernization

该情报条目标题为“京公网安备 11000002002063号”，来源标注为360CERT安全报告，但实际链接指向中国公安备案查询页面。摘要内容为空，未提供任何攻击活动、漏洞或威胁情报信息。本条目无法解析具体事件，可能为错误输入或占位内容。

该情报来源为360CERT发布的一份安全报告，标题为“（总）网出证（京）字第281号”，实际指向360公司的ICP许可证页面，并非一篇典型的威胁情报文章。报告标签包含APT、恶意软件、360和报告，但摘要、CVE、威胁行为者、恶意软件家族、受影响行业和地区、ATT&CK技术及IOC均未提供。由于缺乏实质性内容，无法提取任何攻击活动、战术、工具链或受害者特征。可能该页面是360CERT报告的占位符或误引用。分析师需进一步核实原始报告内容。

该条目为京网文〔2020〕6051-1195号的记录，来源为360CERT安全报告。文章标题本身为网络文化经营许可证编号，摘要为空，未提供任何具体的威胁情报内容、攻击活动、漏洞或恶意软件信息。标签包含APT、恶意软件、报告等，但缺乏实质性描述，无法判定实际威胁。可能为文档分类错误或无关数据。

该输入来源可疑，标题为ICP备案号，URL为ICP备案查询页面，但被标记为360CERT安全报告，标签包含apt、malware、360、report。摘要内容为空，未提供任何具体威胁情报信息。无法确认攻击活动、技术细节或影响范围。

Embracing strong proactive security is something we can all do to mitigate our increased exposure to security threats. The post 8 best practices for CISOs conducting risk reviews appeared first on Microsoft Security Blog.

美国网络安全和基础设施安全局（CISA）联合国防部、能源部、联邦调查局和国务院发布了《将零信任原则应用于运营技术》指南。该指南旨在帮助运营技术（OT）所有者和操作员应对将零信任（ZT）安全架构应用于OT环境的独特挑战。随着信息技术（IT）与OT的融合，传统的隔离或手动操作的OT系统日益互联、数字化监控和远程控制，带来了新的网络安全风险，使得基于边界的安全模型和隐式信任不再适用于保护OT系统和其控制的物理过程。指南强调了建立全面的资产可见性、主动解决供应链风险、实施稳健的身份和访问管理，以及采用分层安全措施（包括网络分段、安全通信协议和漏洞管理）的重要性。该指南不针对特定攻击活动，而是提供通用安全架构建议。

Learn how Microsoft Sentinel UEBA helps defenders distinguish benign AWS activity from attacker behavior by enriching raw CloudTrail logs with clear, binary behavioral signals derived from baseline user, peer, and device behavior patterns. The post Simplifying AWS defense with Microsoft Sentinel UEBA appeared first on Microsoft Security Blog.

[MOCK] 这是一个威胁情报的伪摘要: NSA GRASSMARLIN

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2024-1708 ConnectWise ScreenConnect Path Traversal Vulnerability CVE-2026-32202 Microsoft Windows Protection Mechanism Failure Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to th