Security & Threat Intel
CTEM, ransomware, credential theft, supply chain, and voice AI security.
22 bundles
CTEM Authority Source Landscape
Gartner is the uncontested originator and canonical authority on CTEM, having introduced the five-stage framework (Scoping, Discovery, Prioritization, Validation, Mobilization) in 2022. However, its primary research is paywalled, creating a structural gap that vendor content has…
Enterprise Cyber Threats 2025
Synthesized from 4 independent AI research providers | Analysis date: April 7, 2026
Secrets Leakage in Public Repos
Scale of exposure is accelerating sharply: GitHub's own scanning detected 39 million leaked secrets in 2024, while GitGuardian independently found 23.8 million new hardcoded secrets in public commits in 2024 (+25% YoY), rising to ~29 million in 2025 (+34% YoY) — the largest…
BEC Financial Exposure Trends
BEC losses reached $3.046 billion in 2025 (up from $2.77 billion in 2024), with 24,768 complaints filed to the FBI IC3 — a 15% increase in complaint volume year-over-year. These figures almost certainly underrepresent true losses, as industry estimates suggest only 15–20% of BEC…
Enterprise Infostealer Infection Trends
Scale is staggering and accelerating: Infostealer malware infected an estimated 5.8 million devices in 2025, harvesting 1.8 billion credentials — representing an 800% surge over prior-year figures — while SpyCloud alone recaptured 548 million credentials and 17.3 billion session…
Ransomware Leak and Supply Chain Trends
Record leak-site volumes in 2025: All four providers independently confirmed that ransomware data leak sites (DLS) posted between 7,300 and 8,835 claimed victims in 2025, representing a 30–46% year-over-year increase from 2024's 5,028–6,129 victims. The midpoint consensus…
Mid-Market Cyber Threats 2026
AI-powered attacks are the defining threat of 2026: All four providers independently confirm that generative and agentic AI has fundamentally transformed the offensive threat landscape, compressing attack timelines to as little as 29 minutes from initial compromise to lateral…
MCP SSO Security Review
Analysis Date: April 8, 2026 | Providers Synthesized: 5 (OpenAI, Perplexity, Anthropic, Gemini, Grok) | Sources Evaluated: 107
Credential Theft Ecosystem Trends
Infostealer malware has displaced traditional database breaches as the dominant credential theft vector, with Lumma, RedLine, RisePro, and StealC accounting for the majority of infections. KELA reported 4.3 million infected devices and 330 million stolen credentials in 2024…
Internet Exposure and Perimeter Exploitation Trends
Zero-day exploitation of perimeter devices reached a historic inflection point in 2025: Google's Threat Intelligence Group confirmed 90 zero-days exploited in the wild—up 15% from 78 in 2024—with 43 of those (48%) targeting enterprise-grade technology, predominantly security…
Brand Impersonation and Counterfeit Trends
The financial scale is staggering and accelerating: U.S. consumers reported $2.95 billion in losses from imposter scams alone in 2024, while global trade in counterfeit goods reached ~$467 billion annually — and U.S. CBP seizures spiked 125% year-over-year to $5.4 billion in…
AI Supply Chain Breach Analysis
Confirmed cascade attack across five ecosystems: TeamPCP exploited a misconfigured GitHub Actions workflow in Aqua Security's Trivy repository (February 28, escalating March 19), stole PyPI publishing credentials from LiteLLM's CI/CD pipeline, and published backdoored versions…
Domain Impersonation Threat Landscape
Phishing volume has reached historic highs, with the Interisle Phishing Landscape 2025 study identifying 1,961,247 unique phishing attacks and 1,535,765 distinct malicious domains between May 2024 and April 2025 — a 38% year-over-year increase in unique domains. APWG figures…
Cleanroom Disaster Recovery Vendor Comparison
Rubrik and Cohesity rank highest in similarity to Commvault Cleanroom Recovery, with both vendors having launched dedicated cyber-recovery-focused isolated environment products in 2025 (Rubrik CIRE with Mandiant/Google Cloud; Cohesity RecoveryAgent). However, both are newly…
Enterprise Voice AI Red Teaming Roadmap
CI/CD integration is the immediate P0 priority: All four providers independently confirmed that a headless CLI with Docker execution, SARIF/JSON/JUnit output formats, meaningful exit codes (0=pass, 1=findings, 2=error), and pre-built pipeline YAML templates for GitHub…
Copilot Governance for Pharma Compliance
The core risk is amplification, not creation: All six providers independently confirmed that Copilot does not create new security vulnerabilities—it exposes and dramatically amplifies pre-existing permission sprawl, oversharing, and data governance failures. In pharmaceutical…
Commvault Disaster Recovery Patent Review
No evidence of cross-citation exists: All three providers independently confirmed that Commvault's patent filings do not cite or reference any of the eight specified Storage Engine Inc. patents (US10797940, US10795792, US11176002, US11178221, US11252019, US10958720, US10887382…
Prompt Injection Delivery Catalog
CSS-based visual concealment and HTML structural techniques dominate real-world deployments: Unit 42 telemetry (cited by multiple providers) confirms CSS rendering suppression accounts for ~16.9% of observed IPI delivery methods, HTML attribute cloaking ~19.8%…
2026 Package Registry Supply Chain Crisis
A coordinated 12-day cascade beginning March 19, 2026 compromised Trivy, CanisterWorm, LiteLLM, Telnyx, and Axios — affecting packages with a combined weekly download footprint exceeding 100 million on npm alone and 3+ million daily on PyPI, making this the most consequential…
Commvault Cleanroom Recovery Analysis
Cleanroom Recovery is a cloud-native, on-demand cyber recovery product that provisions isolated network environments (AWS/Azure) dynamically at recovery time, recovering systems from immutable Air Gap Protect storage — eliminating the need for pre-built "dark site"…
Voice AI Security Threat Landscape
The Codewall/Jack & Jill incident (March 2026) represents a genuine inflection point: an autonomous AI agent chained four individually low-severity vulnerabilities (SSRF via URL fetcher, enabled test mode, missing role checks, no domain verification) into a CVSS 9.8 complete…
Enterprise Voice AI Security Readiness
Credit-based billing is the dominant and recommended model for AI-driven security testing platforms, confirmed independently by all four providers. The optimal structure is a tiered credit system (1 credit ≈ a defined unit of test consumption) with a 4-5x markup on underlying…