Cybersecurity

Today, Recorded Future is announcing the Impact and Metrics Dashboard, a new way for every Recorded Future customer to see the value their intelligence program generates without building reports by hand. The dashboard pulls data from your environment, alerts, integrations, threat detections, and analyst activity, then surfaces the metrics that map to the business and security outcomes your leadership cares about. Security teams have always known that intelligence drives better outcomes.

Executive Summary Iranian and Russian shadow fleet vessels, along with multiple sanctions evasion networks (SENs), are using online infrastructure likely designed to facilitate sanctions evasion. The infrastructure consists of inauthentic websites impersonating ship registries, national maritime administrations, seafarer training and certification organizations, protection and indemnity (P&I) clubs, and ship classification societies, effectively replicating key layers of the maritime

Starting tomorrow, millions of people will gather in sixteen host cities across the United States, Canada, and Mexico to cheer on their teams in the 2026 FIFA World Cup. Securing the tournament will require preparing for a mix of physical security risks, cyber threats, scams, protests, politically motivated activity, and reputational disruption tied to one of the world’s most visible sporting events.The World Cup’s global profile creates an attractive target environment for a wide range of threa

Over the past two decades, noncombatant evacuation operations (NEOs) have emerged as an important tool for protecting China’s overseas interests. To assess China’s NEO capabilities for the US Army War College China Landpower Studies Center’s 2026 Carlisle Conference on the PLA (People’s Liberation Army), Insikt Group built an original dataset of 37 Chinese NEOs carried out between January 2005 and August 2025. This blog post has been adapted from Insikt Group’s conference paper, and our “China 2

Executive Summary Since Russia’s full-scale invasion of Ukraine in February 2022, and the subsequent increase in Western sanctions on Russian individuals and firms, Russia’s economy has become increasingly skewed toward the defense sector. This has very likely led Russian political elites to increasingly draw patronage flows from defense-related expenditures. The wide range of sanctions has likely made it difficult for elites to diversify the sources of their graft, leaving them increasi

In May 2026, Insikt Group® identified 41 high-impact vulnerabilities that should be prioritized for remediation, all of which had a Very Critical Recorded Future Risk Score. This represents an 11% increase from last month. These vulnerabilities affected products from 20 vendors. 21 of the 41 vulnerabilities were included in the US Cybersecurity and Infrastructure Security Agency (CISA)’s Known Exploited Vulnerabilities (KEV) catalog, 19 were surfaced through honeypot data, and one was re

Threats don't operate in silos, and neither should your intelligence. This post, the first in a three-part series, breaks down why comprehensive sourcing is the foundation of effective threat intelligence -- and how Recorded Future's Intelligence Graph® monitors over one million sources across technical, criminal, collective, and open-source domains to surface what narrow or siloed solutions miss. From nation-state TTPs to criminal infrastructure to credential leaks, complete coverage is what se

Executive Summary The 2026 FIFA World Cup, which takes place across sixteen host cities in the United States (US), Mexico, and Canada, presents a complex threat environment across multiple security domains. The tournament’s global visibility creates opportunities for both financially and geopolitically motivated threat actors to target attendees, affiliated organizations, sponsors, vendors, and event-supporting infrastructure. Physical security will almost certainly remain the hi

There are moments when you meet a person who you immediately know will have a formative influence on you — a person you will learn from, who you will respect, who you will follow anywhere, who you will listen to, who will be your friend. Sir Alex was just that. I was lucky to meet Sir Alex just as he was leaving MI6 in 2020. I traveled to London, having to navigate a few Covid restrictions. I asked him if this would cause problems. He smiled: “It is always better to ask for forgiveness t

Executive Summary Iran’s Ministry of Intelligence (MOIS) has likely broadened the use of its “Handala” brand to encompass MOIS’s external physical and influence operations targeting US and Israeli interests. Since the beginning of the Iran War, Insikt Group has observed significant overlaps in the online activities of Handala Hack Team, a newly created, Handala-branded persona referring to itself as the “Handala Popular Resistance Front” (HPRF), and three influence operations networks pr

I've had some version of the same conversation dozens of times since Mythos and Daybreak emerged. CISOs want to know how worried they should be. My honest answer: less than the headlines suggest, and more than most programs are currently prepared for. Last year, roughly 50,000 software vulnerabilities were disclosed. Recorded Future tracked 446 that were actually weaponized by threat actors. That's less than 1%. The problem was never finding vulnerabilities. It was always knowing which o

Key Takeaways Discovery has been commoditized. Frontier AI models like Mythos and GPT 5.5 are making vulnerability discovery cheap, fast, and broadly accessible. The defender's job is to match the speed. Manual triage has lost the throughput race. Threat intelligence is the prioritization layer at machine speed. Recorded Future Intelligence observed only 446 actively exploited CVEs in 2025 against approximately 50,000 disclosed — less than 1%. Rec

In April 2026, Insikt Group® identified 37 high-impact vulnerabilities that should be prioritized for remediation, 35 of which had a Very Critical Recorded Future Risk Score. This represents a 19% increase from last month. 31 of the 37 were included in the US Cybersecurity and Infrastructure Security Agency (CISA)’s Known Exploited Vulnerabilities (KEV) catalog, and six were surfaced only through honeypot data. Those six CVEs associated with honeypots are available only to Recorded Futur

As of April 15, 2026, NIST enriches only CVEs that appear in the CISA Known Exploited Vulnerabilities catalog, federal government software, or software designated critical under Executive Order 14028. Everything else carries a "Lowest Priority" status: no CVSS score, no affected product mappings, no weakness classification. NIST enriched roughly 42,000 CVEs in 2025, and submissions in early 2026 are running about a third higher year-over-year. Industry estimates suggest the prioritized categorie

Executive Summary Artificial intelligence is often discussed as a tool for automating and accelerating existing cybersecurity workflows. While that framing is accurate, it is incomplete. The most consequential shift occurs when AI is combined with threat intelligence — both intelligence about attacker capabilities and TTPs, and intelligence about our own defensive weaknesses and exposure. This combination produces qualitatively new defensive capabilities that may, for the first time, beg

Cybersecurity is a cornerstone of our modern world, but its roots stretch back long before the internet. Far from a recent phenomenon, the field began in university labs and evolved through decades of innovation and conflict. For professionals and everyday users alike, tracing this history reveals why today's defenses exist and why vigilance remains our most critical tool. The 1940s: Theoretical Seeds and Massive Machines Long before the first hack, pioneers were already contempl

Payment fraud is growing in scale and sophistication, affecting businesses across every industry, and as digital payments expand, so do the opportunities for bad actors to exploit vulnerabilities. Understanding how fraud works and how to prevent it is essential for protecting revenue, maintaining trust, and staying resilient in an increasingly complex threat landscape. What Is Payment Fraud? Payment fraud refers to the theft of money from businesses or individuals through unautho

The internet is basically a giant digital city, and you need to be just as streetwise here as outside your front door. Most people go online every day - scrolling through TikTok, finishing a research paper, or making purchases - but they don't always know the "rules of the road" or the vocabulary that tech experts use to describe our digital lives. Here's a breakdown of essential digital citizenship terms to help you navigate the web and mobile apps like a pro: Authority - Authority refe

Summary Quantum computing is moving from theory toward early practical use, with direct implications for encryption, authentication, and long-term data confidentiality. The primary risk is the eventual emergence of cryptographically relevant quantum computers (CRQCs), which would break today’s public-key cryptography and undermine encryption, digital identity, and software trust at scale. Quantum risk is already present: “harvest now, decrypt later” activit

For security professionals evaluating threat intelligence vendors, the Gartner Magic Quadrant offers an indispensable perspective. Gartner analysts’ thorough and nuanced analysis cuts through the noise, making it easier for teams to understand each platform’s approach, strengths, and considerations—and helping them determine whether a particular vendor fits their organization’s unique needs. That’s why we’re honored to share that Gartner has named Recorded Future a Leader in the first-ev