🏠 Home
Cybersecurity
🔐
Cybersecurity
1 channels · 107 articles
Articles
Iran-Nexus TAG-182 Disseminates MarkiRAT Surveillance Tool
Executive Summary
Insikt Group has identified new infrastructure associated with the TAG-182 threat cluster, used to disseminate MarkiRAT malware in support of Iranian government surveillance operations. It is highly likely that TAG-182 is targeting Iranians living inside and outside the country using different lures, including free download tools and fake VPN applications. The group’s operations are highly likely active across social media platforms like Instagram.
As the kineti
0
0
Where Expertise Meets Algorithm: The Insikt Group® Intelligence Edge
In the previous article in our series on Recorded Future’s unique data sourcing model, we detailed the four types of data we analyze and how, together, they provide unprecedented visibility into each of our customers’ unique threat landscapes.
In this final article, we’ll show how our Insikt Group research team turns our raw data into actionable intelligence.
The Insikt Group advantage
Made up of experts with backgrounds in government, military, law enforcement, and intel
0
0
Evaluating Mexico’s New Cybersecurity Plan
Executive Summary
Mexico recently unveiled a new National Cybersecurity Plan to be implemented over the remainder of this decade. The proposed plan lays the foundation to address the top cybersecurity threats Mexico has identified, including organized crime, geopolitical threats, and emerging artificial intelligence (AI) threats. The plan comes at a critical moment, as repeated cyber incidents across federal, state, and local institutions in Mexico have exposed the need for a more coordi
0
0
FortiBleed Campaign Exposing Credentials for 73,932 FortiGate Systems
A dataset containing valid administrative and VPN credentials for tens of thousands of Fortinet FortiGate firewalls has been attributed to a Russian-speaking threat group, with confirmed impacts across government, critical infrastructure, and multinational corporations. Organizations should verify exposure immediately and rotate credentials.
Latest Updates
Based on analysis by Insikt Group, we have determined that at least two threat actors are attempting to sell data allegedly f
0
0
The Purchase Scam Tactic Headed for the World Cup | Recorded Future
Recorded Future's Payment Fraud Intelligence team continues to monitor a purchase scam tactic that pulls victims from organic search rather than paid ads by compromising legitimate websites. The scam domains never appear in search results themselves, which means the operations are likely hidden from standard search monitoring and could survive the takedown of any single domain or merchant account. The same tactic is already surfacing in World Cup-themed fraud, and it’s positioned to scale across
0
0
State Digital Surveillance Risk Landscape
Executive Summary
Insikt Group assesses that government digital surveillance activities pose a high or very high risk in 31 countries, where state actors exploit telecommunications infrastructure, homegrown and commercial spyware, and artificial intelligence (AI)-powered tools to monitor foreign nationals and business travelers with little to no legal accountability. A further 55 countries categorized as medium risk frequently deploy less-sophisticated surveillance capabilities to target
0
5
The Intelligence No One Else Has: Inside Recorded Future’s Proprietary Collection Engine
Four Critical Source Types. One Platform. Recorded Future is the Only Threat Intelligence Vendor that Collects and Analyzes Across Four Types of Data Sources.
When a critical vulnerability emerges, most organizations scramble for answers.
What’s being exploited?Who’s targeting it?Are we exposed?
During the emergence of the React2Shell vulnerability, one Recorded Future customer didn’t rely on speculation. Using Recorded Future’s IP scanning intelligence, they identified w
0
0
The Intelligence No One Else Has: Inside Recorded Future’s Proprietary Collection Engine
Four Critical Source Types. One Platform. Recorded Future is the Only Threat Intelligence Vendor that Collects and Analyzes Across Four Types of Data Sources.
When a critical vulnerability emerges, most organizations scramble for answers.
What’s being exploited?Who’s targeting it?Are we exposed?
During the emergence of the React2Shell vulnerability, one Recorded Future customer didn’t rely on speculation. Using Recorded Future’s IP scanning intelligence, they identified w
0
5
Recorded Future Launches Impact and Metrics Dashboard
Today, Recorded Future is announcing the Impact and Metrics Dashboard, a new way for every Recorded Future customer to see the value their intelligence program generates without building reports by hand. The dashboard pulls data from your environment, alerts, integrations, threat detections, and analyst activity, then surfaces the metrics that map to the business and security outcomes your leadership cares about.
Security teams have always known that intelligence drives better outcomes.
0
8
Cyber-Enabled Maritime Sanctions Evasion
Executive Summary
Iranian and Russian shadow fleet vessels, along with multiple sanctions evasion networks (SENs), are using online infrastructure likely designed to facilitate sanctions evasion. The infrastructure consists of inauthentic websites impersonating ship registries, national maritime administrations, seafarer training and certification organizations, protection and indemnity (P&I) clubs, and ship classification societies, effectively replicating key layers of the maritime
0
9
2026 FIFA World Cup: What Public Safety Officials Need to Know
Starting tomorrow, millions of people will gather in sixteen host cities across the United States, Canada, and Mexico to cheer on their teams in the 2026 FIFA World Cup. Securing the tournament will require preparing for a mix of physical security risks, cyber threats, scams, protests, politically motivated activity, and reputational disruption tied to one of the world’s most visible sporting events.The World Cup’s global profile creates an attractive target environment for a wide range of threa
0
6
China's Noncombatant Evacuation Operations: 2005–2025
Over the past two decades, noncombatant evacuation operations (NEOs) have emerged as an important tool for protecting China’s overseas interests. To assess China’s NEO capabilities for the US Army War College China Landpower Studies Center’s 2026 Carlisle Conference on the PLA (People’s Liberation Army), Insikt Group built an original dataset of 37 Chinese NEOs carried out between January 2005 and August 2025. This blog post has been adapted from Insikt Group’s conference paper, and our “China 2
0
8
Russia’s Defense-Based Economy Risks Forcing Putin to Fight Wars
Executive Summary
Since Russia’s full-scale invasion of Ukraine in February 2022, and the subsequent increase in Western sanctions on Russian individuals and firms, Russia’s economy has become increasingly skewed toward the defense sector. This has very likely led Russian political elites to increasingly draw patronage flows from defense-related expenditures. The wide range of sanctions has likely made it difficult for elites to diversify the sources of their graft, leaving them increasi
0
5
May 2026 CVE Landscape
In May 2026, Insikt Group® identified 41 high-impact vulnerabilities that should be prioritized for remediation, all of which had a Very Critical Recorded Future Risk Score. This represents an 11% increase from last month.
These vulnerabilities affected products from 20 vendors. 21 of the 41 vulnerabilities were included in the US Cybersecurity and Infrastructure Security Agency (CISA)’s Known Exploited Vulnerabilities (KEV) catalog, 19 were surfaced through honeypot data, and one was re
0
7
Why Holistic Sourcing Wins: The Numbers Behind the Recorded Future Advantage
Threats don't operate in silos, and neither should your intelligence. This post, the first in a three-part series, breaks down why comprehensive sourcing is the foundation of effective threat intelligence -- and how Recorded Future's Intelligence Graph® monitors over one million sources across technical, criminal, collective, and open-source domains to surface what narrow or siloed solutions miss. From nation-state TTPs to criminal infrastructure to credential leaks, complete coverage is what se
0
8
Threats to the 2026 FIFA World Cup
Executive Summary
The 2026 FIFA World Cup, which takes place across sixteen host cities in the United States (US), Mexico, and Canada, presents a complex threat environment across multiple security domains. The tournament’s global visibility creates opportunities for both financially and geopolitically motivated threat actors to target attendees, affiliated organizations, sponsors, vendors, and event-supporting infrastructure.
Physical security will almost certainly remain the hi
0
3
Remembering Sir Alex Younger
There are moments when you meet a person who you immediately know will have a formative influence on you — a person you will learn from, who you will respect, who you will follow anywhere, who you will listen to, who will be your friend. Sir Alex was just that.
I was lucky to meet Sir Alex just as he was leaving MI6 in 2020. I traveled to London, having to navigate a few Covid restrictions. I asked him if this would cause problems. He smiled: “It is always better to ask for forgiveness t
0
5
Iran Expands Handala Brand to Physical Threats
Executive Summary
Iran’s Ministry of Intelligence (MOIS) has likely broadened the use of its “Handala” brand to encompass MOIS’s external physical and influence operations targeting US and Israeli interests. Since the beginning of the Iran War, Insikt Group has observed significant overlaps in the online activities of Handala Hack Team, a newly created, Handala-branded persona referring to itself as the “Handala Popular Resistance Front” (HPRF), and three influence operations networks pr
0
5
The Vulnerability Flood Is Now a Board Conversation. Here's How to Lead It.
I've had some version of the same conversation dozens of times since Mythos and Daybreak emerged. CISOs want to know how worried they should be. My honest answer: less than the headlines suggest, and more than most programs are currently prepared for.
Last year, roughly 50,000 software vulnerabilities were disclosed. Recorded Future tracked 446 that were actually weaponized by threat actors. That's less than 1%. The problem was never finding vulnerabilities. It was always knowing which o
0
3
At Mythos Speed: A Defender's Playbook for the AI Vulnerability Surge in 2026
Key Takeaways
Discovery has been commoditized. Frontier AI models like Mythos and GPT 5.5 are making vulnerability discovery cheap, fast, and broadly accessible.
The defender's job is to match the speed. Manual triage has lost the throughput race.
Threat intelligence is the prioritization layer at machine speed. Recorded Future Intelligence observed only 446 actively exploited CVEs in 2025 against approximately 50,000 disclosed — less than 1%.
Rec
0
4
Iran-Nexus TAG-182 Disseminates MarkiRAT Surveillance Tool
Executive Summary
Insikt Group has identified new infrastructure associated with the TAG-182 threat cluster, use
0
0
Where Expertise Meets Algorithm: The Insikt Group® Intelligence Edge
In the previous article in our series on Recorded Future’s unique data sourcing model, we detailed the four types of dat
0
0
Evaluating Mexico’s New Cybersecurity Plan
Executive Summary
Mexico recently unveiled a new National Cybersecurity Plan to be implemented over the remainde
0
0
FortiBleed Campaign Exposing Credentials for 73,932 FortiGate Systems
A dataset containing valid administrative and VPN credentials for tens of thousands of Fortinet FortiGate firewalls has
0
0
The Purchase Scam Tactic Headed for the World Cup | Recorded Future
Recorded Future's Payment Fraud Intelligence team continues to monitor a purchase scam tactic that pulls victims from or
0
0
State Digital Surveillance Risk Landscape
Executive Summary
Insikt Group assesses that government digital surveillance activities pose a high or very high
0
5
The Intelligence No One Else Has: Inside Recorded Future’s Proprietary Collection Engine
Four Critical Source Types. One Platform. Recorded Future is the Only Threat Intelligence Vendor that Collects and Analy
0
0
The Intelligence No One Else Has: Inside Recorded Future’s Proprietary Collection Engine
Four Critical Source Types. One Platform. Recorded Future is the Only Threat Intelligence Vendor that Collects and Analy
0
5
Recorded Future Launches Impact and Metrics Dashboard
Today, Recorded Future is announcing the Impact and Metrics Dashboard, a new way for every Recorded Future customer to s
0
8
Cyber-Enabled Maritime Sanctions Evasion
Executive Summary
Iranian and Russian shadow fleet vessels, along with multiple sanctions evasion networks (SENs
0
9
2026 FIFA World Cup: What Public Safety Officials Need to Know
Starting tomorrow, millions of people will gather in sixteen host cities across the United States, Canada, and Mexico to
0
6
China's Noncombatant Evacuation Operations: 2005–2025
Over the past two decades, noncombatant evacuation operations (NEOs) have emerged as an important tool for protecting Ch
0
8
Russia’s Defense-Based Economy Risks Forcing Putin to Fight Wars
Executive Summary
Since Russia’s full-scale invasion of Ukraine in February 2022, and the subsequent increase in
0
5
May 2026 CVE Landscape
In May 2026, Insikt Group® identified 41 high-impact vulnerabilities that should be prioritized for remediation, all of
0
7
Why Holistic Sourcing Wins: The Numbers Behind the Recorded Future Advantage
Threats don't operate in silos, and neither should your intelligence. This post, the first in a three-part series, break
0
8
Threats to the 2026 FIFA World Cup
Executive Summary
The 2026 FIFA World Cup, which takes place across sixteen host cities in the United States (US
0
3
Remembering Sir Alex Younger
There are moments when you meet a person who you immediately know will have a formative influence on you — a person you
0
5
Iran Expands Handala Brand to Physical Threats
Executive Summary
Iran’s Ministry of Intelligence (MOIS) has likely broadened the use of its “Handala” brand to
0
5
Iran-Nexus TAG-182 Disseminates MarkiRAT Surveillance Tool
Executive Summary
Insikt Group has identified new infrastructure associated with the TAG-182 threat cluster, used to disse…
💬 0
👁 0
Where Expertise Meets Algorithm: The Insikt Group® Intelligence Edge
Recorded Future · Jun 25, 2026
💬 0
👁 0
Evaluating Mexico’s New Cybersecurity Plan
Recorded Future · Jun 25, 2026
💬 0
👁 0
FortiBleed Campaign Exposing Credentials for 73,932 FortiGate Systems
Recorded Future · Jun 24, 2026
💬 0
👁 0

The Purchase Scam Tactic Headed for the World Cup | Recorded Future
Recorded Future · Jun 23, 2026

State Digital Surveillance Risk Landscape
Recorded Future · Jun 17, 2026

The Intelligence No One Else Has: Inside Recorded Future’s Proprietary Collection Engine
Recorded Future · Jun 16, 2026

The Intelligence No One Else Has: Inside Recorded Future’s Proprietary Collection Engine
Recorded Future · Jun 16, 2026
Recorded Future Launches Impact and Metrics Dashboard
Today, Recorded Future is announcing the Impact and Metrics Dashboard, a new way for every Recorded Future customer to see the val…
💬 0
👁 8
Cyber-Enabled Maritime Sanctions Evasion
Recorded Future · Jun 11, 2026
💬 0
👁 9
2026 FIFA World Cup: What Public Safety Officials Need to Know
Recorded Future · Jun 10, 2026
💬 0
👁 6
China's Noncombatant Evacuation Operations: 2005–2025
Recorded Future · Jun 10, 2026
💬 0
👁 8

Russia’s Defense-Based Economy Risks Forcing Putin to Fight Wars
Recorded Future · Jun 9, 2026

May 2026 CVE Landscape
Recorded Future · Jun 8, 2026

Why Holistic Sourcing Wins: The Numbers Behind the Recorded Future Advantage
Recorded Future · Jun 5, 2026

Threats to the 2026 FIFA World Cup
Recorded Future · Jun 4, 2026
Remembering Sir Alex Younger
There are moments when you meet a person who you immediately know will have a formative influence on you — a person you will learn…
💬 0
👁 5
Iran Expands Handala Brand to Physical Threats
Recorded Future · Jun 2, 2026
💬 0
👁 5
The Vulnerability Flood Is Now a Board Conversation. Here's How to Lead It.
Recorded Future · May 21, 2026
💬 0
👁 3
At Mythos Speed: A Defender's Playbook for the AI Vulnerability Surge in 2026
Recorded Future · May 19, 2026
💬 0
👁 4
Iran-Nexus TAG-182 Disseminates MarkiRAT Surveillance Tool
Executive Summary
Insikt Group has identified new infrastructure associated with the TAG-182 threat cluster, used to disseminate MarkiRAT malware in support of Iranian government surveillance operations. It is highly likely that TAG-182 is targeting Iranians living inside and outside the country using different lures, including free download tools and fake VPN applications. The group’s operations are highly likely active across social media platforms like Instagram.
As the kineti
0
0 👁
Where Expertise Meets Algorithm: The Insikt Group® Intelligence Edge
In the previous article in our series on Recorded Future’s unique data sourcing model, we detailed the four types of data we analyze and how, together, they provide unprecedented visibility into each of our customers’ unique threat landscapes.
In this final article, we’ll show how our Insikt Group research team turns our raw data into actionable intelligence.
The Insikt Group advantage
Made up of experts with backgrounds in government, military, law enforcement, and intel
0
0 👁
Evaluating Mexico’s New Cybersecurity Plan
Executive Summary
Mexico recently unveiled a new National Cybersecurity Plan to be implemented over the remainder of this decade. The proposed plan lays the foundation to address the top cybersecurity threats Mexico has identified, including organized crime, geopolitical threats, and emerging artificial intelligence (AI) threats. The plan comes at a critical moment, as repeated cyber incidents across federal, state, and local institutions in Mexico have exposed the need for a more coordi
0
0 👁
FortiBleed Campaign Exposing Credentials for 73,932 FortiGate Systems
A dataset containing valid administrative and VPN credentials for tens of thousands of Fortinet FortiGate firewalls has been attributed to a Russian-speaking threat group, with confirmed impacts across government, critical infrastructure, and multinational corporations. Organizations should verify exposure immediately and rotate credentials.
Latest Updates
Based on analysis by Insikt Group, we have determined that at least two threat actors are attempting to sell data allegedly f
0
0 👁
The Purchase Scam Tactic Headed for the World Cup | Recorded Future
Recorded Future's Payment Fraud Intelligence team continues to monitor a purchase scam tactic that pulls victims from organic search rather than paid ads by compromising legitimate websites. The scam domains never appear in search results themselves, which means the operations are likely hidden from standard search monitoring and could survive the takedown of any single domain or merchant account. The same tactic is already surfacing in World Cup-themed fraud, and it’s positioned to scale across
0
0 👁
State Digital Surveillance Risk Landscape
Executive Summary
Insikt Group assesses that government digital surveillance activities pose a high or very high risk in 31 countries, where state actors exploit telecommunications infrastructure, homegrown and commercial spyware, and artificial intelligence (AI)-powered tools to monitor foreign nationals and business travelers with little to no legal accountability. A further 55 countries categorized as medium risk frequently deploy less-sophisticated surveillance capabilities to target
0
5 👁
The Intelligence No One Else Has: Inside Recorded Future’s Proprietary Collection Engine
Four Critical Source Types. One Platform. Recorded Future is the Only Threat Intelligence Vendor that Collects and Analyzes Across Four Types of Data Sources.
When a critical vulnerability emerges, most organizations scramble for answers.
What’s being exploited?Who’s targeting it?Are we exposed?
During the emergence of the React2Shell vulnerability, one Recorded Future customer didn’t rely on speculation. Using Recorded Future’s IP scanning intelligence, they identified w
0
0 👁
The Intelligence No One Else Has: Inside Recorded Future’s Proprietary Collection Engine
Four Critical Source Types. One Platform. Recorded Future is the Only Threat Intelligence Vendor that Collects and Analyzes Across Four Types of Data Sources.
When a critical vulnerability emerges, most organizations scramble for answers.
What’s being exploited?Who’s targeting it?Are we exposed?
During the emergence of the React2Shell vulnerability, one Recorded Future customer didn’t rely on speculation. Using Recorded Future’s IP scanning intelligence, they identified w
0
5 👁
Recorded Future Launches Impact and Metrics Dashboard
Today, Recorded Future is announcing the Impact and Metrics Dashboard, a new way for every Recorded Future customer to see the value their intelligence program generates without building reports by hand. The dashboard pulls data from your environment, alerts, integrations, threat detections, and analyst activity, then surfaces the metrics that map to the business and security outcomes your leadership cares about.
Security teams have always known that intelligence drives better outcomes.
0
8 👁
Cyber-Enabled Maritime Sanctions Evasion
Executive Summary
Iranian and Russian shadow fleet vessels, along with multiple sanctions evasion networks (SENs), are using online infrastructure likely designed to facilitate sanctions evasion. The infrastructure consists of inauthentic websites impersonating ship registries, national maritime administrations, seafarer training and certification organizations, protection and indemnity (P&I) clubs, and ship classification societies, effectively replicating key layers of the maritime
0
9 👁
2026 FIFA World Cup: What Public Safety Officials Need to Know
Starting tomorrow, millions of people will gather in sixteen host cities across the United States, Canada, and Mexico to cheer on their teams in the 2026 FIFA World Cup. Securing the tournament will require preparing for a mix of physical security risks, cyber threats, scams, protests, politically motivated activity, and reputational disruption tied to one of the world’s most visible sporting events.The World Cup’s global profile creates an attractive target environment for a wide range of threa
0
6 👁
China's Noncombatant Evacuation Operations: 2005–2025
Over the past two decades, noncombatant evacuation operations (NEOs) have emerged as an important tool for protecting China’s overseas interests. To assess China’s NEO capabilities for the US Army War College China Landpower Studies Center’s 2026 Carlisle Conference on the PLA (People’s Liberation Army), Insikt Group built an original dataset of 37 Chinese NEOs carried out between January 2005 and August 2025. This blog post has been adapted from Insikt Group’s conference paper, and our “China 2
0
8 👁
Russia’s Defense-Based Economy Risks Forcing Putin to Fight Wars
Executive Summary
Since Russia’s full-scale invasion of Ukraine in February 2022, and the subsequent increase in Western sanctions on Russian individuals and firms, Russia’s economy has become increasingly skewed toward the defense sector. This has very likely led Russian political elites to increasingly draw patronage flows from defense-related expenditures. The wide range of sanctions has likely made it difficult for elites to diversify the sources of their graft, leaving them increasi
0
5 👁
May 2026 CVE Landscape
In May 2026, Insikt Group® identified 41 high-impact vulnerabilities that should be prioritized for remediation, all of which had a Very Critical Recorded Future Risk Score. This represents an 11% increase from last month.
These vulnerabilities affected products from 20 vendors. 21 of the 41 vulnerabilities were included in the US Cybersecurity and Infrastructure Security Agency (CISA)’s Known Exploited Vulnerabilities (KEV) catalog, 19 were surfaced through honeypot data, and one was re
0
7 👁
Why Holistic Sourcing Wins: The Numbers Behind the Recorded Future Advantage
Threats don't operate in silos, and neither should your intelligence. This post, the first in a three-part series, breaks down why comprehensive sourcing is the foundation of effective threat intelligence -- and how Recorded Future's Intelligence Graph® monitors over one million sources across technical, criminal, collective, and open-source domains to surface what narrow or siloed solutions miss. From nation-state TTPs to criminal infrastructure to credential leaks, complete coverage is what se
0
8 👁
Threats to the 2026 FIFA World Cup
Executive Summary
The 2026 FIFA World Cup, which takes place across sixteen host cities in the United States (US), Mexico, and Canada, presents a complex threat environment across multiple security domains. The tournament’s global visibility creates opportunities for both financially and geopolitically motivated threat actors to target attendees, affiliated organizations, sponsors, vendors, and event-supporting infrastructure.
Physical security will almost certainly remain the hi
0
3 👁
Remembering Sir Alex Younger
There are moments when you meet a person who you immediately know will have a formative influence on you — a person you will learn from, who you will respect, who you will follow anywhere, who you will listen to, who will be your friend. Sir Alex was just that.
I was lucky to meet Sir Alex just as he was leaving MI6 in 2020. I traveled to London, having to navigate a few Covid restrictions. I asked him if this would cause problems. He smiled: “It is always better to ask for forgiveness t
0
5 👁
Iran Expands Handala Brand to Physical Threats
Executive Summary
Iran’s Ministry of Intelligence (MOIS) has likely broadened the use of its “Handala” brand to encompass MOIS’s external physical and influence operations targeting US and Israeli interests. Since the beginning of the Iran War, Insikt Group has observed significant overlaps in the online activities of Handala Hack Team, a newly created, Handala-branded persona referring to itself as the “Handala Popular Resistance Front” (HPRF), and three influence operations networks pr
0
5 👁
The Vulnerability Flood Is Now a Board Conversation. Here's How to Lead It.
I've had some version of the same conversation dozens of times since Mythos and Daybreak emerged. CISOs want to know how worried they should be. My honest answer: less than the headlines suggest, and more than most programs are currently prepared for.
Last year, roughly 50,000 software vulnerabilities were disclosed. Recorded Future tracked 446 that were actually weaponized by threat actors. That's less than 1%. The problem was never finding vulnerabilities. It was always knowing which o
0
3 👁
At Mythos Speed: A Defender's Playbook for the AI Vulnerability Surge in 2026
Key Takeaways
Discovery has been commoditized. Frontier AI models like Mythos and GPT 5.5 are making vulnerability discovery cheap, fast, and broadly accessible.
The defender's job is to match the speed. Manual triage has lost the throughput race.
Threat intelligence is the prioritization layer at machine speed. Recorded Future Intelligence observed only 446 actively exploited CVEs in 2025 against approximately 50,000 disclosed — less than 1%.
Rec
0
4 👁