Intelligence Feed
April 2026 CVE Landscape
Recorded Future Research
15 May 2026
SEV 8/10
April 2026 CVE Landscape In April 2026, Insikt Group® identified 37 high-impact vulnerabilities that should be prioritized for remediation , 35 of which had a Very Critical Recorded Future Risk Score. This represents a 19% increase from last month. 31 of the 37 were included in the US Cybersecurity and Infrastructure Security Agency (CISA)’s Known Exploited Vulnerabilities (KEV) catalog, and six were surfaced only through honeypot data.
Beyond Acceleration and Automation: How AI + Intelligence Changes Cyber Defense
Recorded Future Research
14 May 2026
SEV 4/10
Beyond Acceleration and Automation: How AI + Intelligence Changes Cyber Defense Executive Summary Artificial intelligence is often discussed as a tool for automating and accelerating existing cybersecurity workflows. While that framing is accurate, it is incomplete. The most consequential shift occurs when AI is combined with threat intelligence — both intelligence about attacker capabilities and TTPs, and intelligence about our own defensive weaknesses and exposure.
NIST NVD Enrichment Policy Change: Prioritizing Vulnerabilities with Attacker Behavior Signals
Recorded Future Research
14 May 2026
SEV 4/10
NIST NVD Enrichment Policy Change: Prioritizing Vulnerabilities with Attacker Behavior Signals NIST Stopped Scoring Most CVEs. The Signal You Actually Need Was Never in NVD. As of April 15, 2026, NIST enriches only CVEs that appear in the CISA Known Exploited Vulnerabilities catalog, federal government software, or software designated critical under Executive Order 14028.
Working in London at the World’s Largest Intelligence Company
Recorded Future Research
08 May 2026
SEV 2/10
Working in London at the World’s Largest Intelligence Company Intro There’s a certain energy you can only find at Recorded Future. Take that energy and bring it to London’s “Silicon Roundabout” and you get the perfect spot for Futurists to build and innovate. Recorded Future's office @ The Bower on Old Street.
Quantum Risk Explained
Recorded Future Research
07 May 2026
SEV 4/10
Quantum Risk Explained Quantum Risk Explained: What, When, How? Summary Quantum computing is moving from theory toward early practical use, with direct implications for encryption, authentication, and long-term data confidentiality. The primary risk is the eventual emergence of cryptographically relevant quantum computers (CRQCs), which would break today’s public-key cryptography and undermine encryption, digital identity, and software trust at scale.
Threat Activity Enablers: The Backbone of Today’s Threat Landscape
Recorded Future Research
06 May 2026
SEV 3/10
Threat Activity Enablers: The Backbone of Today’s Threat Landscape This article introduces threat activity enablers (TAEs), the infrastructure providers and networks that underpin modern cyber threats across both criminal and state-sponsored activity. These entities sustain operations by enabling resilient, high-risk infrastructure that persists despite sanctions, takedowns, and public exposure. Behind every ransomware demand, botnet, or threat activity group is a server sitting in a data center.
Recorded Future Named a Leader in the 2026 Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies. And there’s more.
Recorded Future Research
06 May 2026
SEV 3/10
Recorded Future Named a Leader in the 2026 Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies. For security professionals evaluating threat intelligence vendors, the Gartner Magic Quadrant offers an indispensable perspective. Gartner analysts’ thorough and nuanced analysis cuts through the noise, making it easier for teams to understand each platform’s approach, strengths, and considerations—and helping them determine whether a particular vendor fits their organization’s unique needs.
Hacking Embodied AI
Recorded Future Research
05 May 2026
SEV 4/10
Hacking Embodied AI Summary Embodied AI has arrived. Humanoid and quadruped robots are moving off factory floors and into everyday operations, military deployments, and critical infrastructure. Technological advances in large language models LLMs and robotics are enabling robots to perform complex tasks autonomously.
The Iran War: What You Need to Know
Recorded Future Research
01 May 2026
SEV 4/10
The Iran War: What You Need to Know Last updated: 1 May 2026 at 1500 GMT New from Insikt Group: Iran War — Future Scenarios and Business Implications Insikt Group has published a dedicated Cone of Plausibility analysis examining how the Iran conflict could evolve over the next 6–12 months — from a fragile ceasefire baseline to regional war, regime collapse, and nuclear crisis. Each scenario includes business implications and 0–90 day priority actions. This report is updated as the situation evolves across the geopolitical, cyber, and influence operations dimensions of this conflict.
Building with AI: Here's What No Briefing Will Tell You
Recorded Future Research
30 Apr 2026
SEV 3/10
Building with AI: Here's What No Briefing Will Tell You Executives making AI decisions without hands-on building experience have a comprehension gap that no briefing can close. AI is rapidly eroding most traditional competitive moats, and proprietary data's real value now comes down to how long it would take a competitor to reconstruct it. As AI equalizes development speed, the most valuable engineers are those with sharp judgment and companies need to actively protect the foundational skills that make that judgment possible I've spent the last three months building with AI.
Risk Scenarios for the US’s Strategic Pivot
Recorded Future Research
30 Apr 2026
SEV 4/10
Risk Scenarios for the US’s Strategic Pivot Summary The United States (US) is shifting toward a more force-driven security strategy primarily relying on military operations and economic pressure to counter transnational criminal organizations and limit Chinese, Russian, and Iranian influence in the Western Hemisphere. Regional outcomes diverge across three core scenarios: US-aligned authoritarian cooperation with fragile stability Political fragmentation enabling criminal expansion and governance breakdown A strategic realignment toward BRICS that reduces US influence and increases great power competition Each scenario increases the risks of political instability, regulatory fragmentation, and cyber threats, including increased surveillance, cybercrime, and targeting of critical infrastructure and multinational businesses. Figure 1: Overview of possible scenarios resulting from the US’s strategic pivot to Western Hemisphere security (Source: Recorded Future) Analysis The US 2025 National Security Strategy formalized a shift toward hemispheric priorities and narrower strategic objectives.
Lazarus Doesn't Need AGI
Recorded Future Research
28 Apr 2026
SEV 3/10
Lazarus Doesn't Need AGI Last week’s reporting on unauthorized access to Claude Mythos reads as an AI security story. It is also, structurally, a North Korea (DPRK) story. Even if the current suspects turn out to be Discord hobbyists.
The Money Mule Solution: What Every Scam Has in Common
Recorded Future Research
28 Apr 2026
SEV 3/10
The Money Mule Solution: What Every Scam Has in Common Scams are a $450B–$1T global problem , and unlike card fraud, they don't require a breach; just convincing a victim to send money themselves. The mule account is the most stable target : every scam needs an exit point, and intelligence gathered before a transaction occurs is more actionable than behavioral monitoring after the fact. CYBERA's approach uses agentic personas to engage active scammers and extract verified mule account details, confirmed intelligence, not probabilistic scoring.
From Overwhelmed to Autonomous: Rethinking Threat Intelligence in 2026
Recorded Future Research
24 Apr 2026
SEV 3/10
From Overwhelmed to Autonomous: Rethinking Threat Intelligence in 2026 Key Takeaways The real challenge in cybersecurity isn’t intelligence or visibility, it’s speed. Attackers operate at machine speed, while most organizations are still constrained by manual, human-driven workflows. Traditional threat intelligence falls short because it stops at insight.
Today, trust is the superpower that makes innovation possible
Recorded Future Research
23 Apr 2026
SEV 2/10
Today, trust is the superpower that makes innovation possible How better intelligence and collaboration can unlock new opportunities for growth and greater financial health for more people. The paradoxes of today’s digital world are well-known to anyone with a smartphone. Over the last decade, connectivity has expanded, yet the world has become more fragmented.
Critical minerals and cyber operations
Recorded Future Research
23 Apr 2026
SEV 4/10
Critical minerals and cyber operations Summary Critical elements and rare earth elements REEs are no longer commodities; they are strategic dependencies. Chinaʼs dominance in processing and refining provides it with enormous geopolitical leverage over other industrialized economies. Geopolitical competition over mining and refining critical elements and REEs is accelerating.
AI Hype vs. Reality: Is AI Really Rewriting the Vulnerability Equation?
Recorded Future Research
22 Apr 2026
SEV 4/10
Reality: Is AI Really Rewriting the Vulnerability Equation? AI vulnerability research and discovery capabilities are improving, but they have not changed the fundamentals of vulnerability management. Instead, they are scaling up problems familiar to vulnerability managers: patch prioritization and remediation backlogs.
Evolution of Chinese-Language Guarantee Telegram Marketplaces
Recorded Future Research
22 Apr 2026
SEV 4/10
Evolution of Chinese-Language Guarantee Telegram Marketplaces Executive Summary Chinese-language, Telegram-based “guarantee” marketplaces are increasingly popular among Chinese-speaking criminal groups despite the widely publicized shutdown of Huione Guarantee in 2025. Although these guarantee marketplaces operate similarly to Huione Guarantee, they differ in their focus on particular aspects of cybercrime and in their targeting of specific geographies. To better understand these Chinese-language guarantee marketplaces, Insikt Group observed and analyzed another increasingly popular guarantee marketplace, dubbed Dabai Guarantee (“大白担保”).
Emerging Enterprise Security Risks of AI
Recorded Future Research
21 Apr 2026
SEV 4/10
Emerging Enterprise Security Risks of AI Summary Agentic AI adoption is accelerating rapidly as enterprise software and applications increasingly incorporate task-specific AI agents, enabling autonomous execution of complex tasks at machine speed. The autonomy and scale of AI agents introduce significant enterprise risk , as errors, misconfigurations, or malicious manipulation can propagate quickly across interconnected systems, amplifying the potential impact of incidents. Agentic AI will exacerbate existing weaknesses in software supply chains, as vulnerable or malicious open-source components can be deployed faster and at scale.
4 Essential Integration Workflows for Operationalizing Threat Intelligence Recorded Future
Recorded Future Research
17 Apr 2026
SEV 4/10
4 Essential Integration Workflows for Operationalizing Threat Intelligence Recorded Future 4 Essential Integration Workflows for Operationalizing Threat Intelligence Integrate, don't replace. Recorded Future enriches your existing security tools by automatically layering in contextual threat intelligence, reducing manual effort and enabling faster, better-informed decisions. Assessing your organization's maturity across four stages — reactive, proactive, predictive, and autonomous — helps you identify which workflows to prioritize and where automation can have the most impact.
From Bazooka to Fake Nikes
Recorded Future Research
16 Apr 2026
SEV 4/10
From Bazooka to Fake Nikes Business impersonation is the hidden thread connecting old and new fraud. Discover how the same core tactic is fueling both a surge in commercial check fraud and an explosion of AI-powered online shopping scams targeting younger consumers. Tools like Positive Pay and 3D Secure authentication, while effective against the fraud they were built to stop, have pushed threat actors to evolve their schemes in ways that render those controls irrelevant.
Your Supply Chain Breach Is Someone Else's Payday
Recorded Future Research
15 Apr 2026
SEV 4/10
Your Supply Chain Breach Is Someone Else's Payday TeamPCP exploited a single stolen credential to gain write access to trusted software repositories, inject credential-harvesting malware, and cascade across five ecosystems in five days. Stolen credentials can enable payroll redirection, freight rerouting, and extortion — active campaigns Insikt Group is tracking that show how a software supply chain breach can quickly become a business operations crisis. Learn why an inventory of your software components isn't enough when malicious code is injected after the source commit, and what a truly effective defense — combining third-party due diligence.
A New Way to Buy Recorded Future: Solutions and Packages Built for the 2026 Threat Landscape
Recorded Future Research
14 Apr 2026
SEV 4/10
A New Way to Buy Recorded Future: Solutions and Packages Built for the 2026 Threat Landscape Recorded Future is now offering four solutions covering cyber operations, digital risk protection, third-party risk, and payment fraud. Three tiered packages (Core, Professional, Elite) bundle these solutions to scale with an organization's security program. Packages include unlimited users and integrations so intelligence reaches everyone who needs it.
Iran War: Future Scenario and Business Implications
Recorded Future Research
14 Apr 2026
SEV 4/10
Iran War: Future Scenario and Business Implications Iran War: Future Scenarios and Business Implications The Iran situation remains volatile and uncertain, with material impacts for organizations. Leaders should plan for multiple future scenarios, prioritizing resilience and effective decision-making Current State (April 10) Severe tensions persist despite a two-week ceasefire: The agreement remains fragile and conditional on reopening the Strait of Hormuz; each side has already accused Iran War: Future Scenarios and Business Implications the other of violations. Maritime flows partially resume but remain uncertain: Disruptions and elevated security risks persist.
March 2026 CVE Landscape: 31 High-Impact Vulnerabilities Identified, Interlock Ransomware Group Exploits Cisco FMC Zero-Day
Recorded Future Research
13 Apr 2026
SEV 9/10
March 2026 CVE Landscape: 31 High-Impact Vulnerabilities Identified, Interlock Ransomware Group Exploits Cisco FMC Zero-Day In March 2026, Insikt Group® identified 31 high-impact vulnerabilities that should be prioritized for remediation , 29 of which had a Very Critical Recorded Future Risk Score. These vulnerabilities affected products from the following vendors: Cisco, Microsoft, Google, ConnectWise, Langflow, Citrix, Aquasecurity, Nginx UI, Qualcomm, F5, Craft CMS, Laravel, Apple, Synacor, Wing FTP Server, n8n, Omnissa, SolarWinds, Ivanti, Hikvision, Rockwell, and Broadcom. This month’s most affected vendors were Microsoft and Apple, together accounting for approximately 32% of the 31 vulnerabilities.
VIP Credential Monitoring Blog
Recorded Future Research
10 Apr 2026
SEV 4/10
VIP Credential Monitoring Blog Why Executive Accounts Are the Hardest Identity Problem to Solve There's a category of employee credentials where standard monitoring often falls short: executives, finance leaders, IT administrators, and those with privileged access have a large target on their back. VIP Credential Monitoring in Recorded Future is built to solve this problem. It continuously monitors for credential exposures tied to your most sensitive individuals across both work and personal accounts, and alerts your team fast enough to act before an account takeover occurs.
Third-Party Risk Is an Intelligence Operation. It's Time We Treated It Like One.
Recorded Future Research
09 Apr 2026
SEV 4/10
Third-Party Risk Is an Intelligence Operation. It's Time We Treated It Like One. Recorded Future sees its inclusion in the 2026 Forrester Wave™ for Cybersecurity Risk Ratings Platforms as a reflection of a broader truth: the era of ratings-only vendor risk management is over.
Understanding and Anticipating Venezuelan Government Actions
Recorded Future Research
08 Apr 2026
SEV 4/10
Understanding and Anticipating Venezuelan Government Actions Executive Summary Venezuelan Acting President Delcy Rodríguezʼs policy decisions will affect economic and political stability in Venezuela in the coming months. Her approach will likely be shaped by a deep familiarity with the state security apparatus, her revolutionary identity, a demonstrated willingness to break from orthodoxy and seek coordination with Washington, an interest in restoring support for the ruling United Socialist Party of Venezuela PSUV, and a long memory for perceived slights. These principles, paired with changing local power dynamics after the January 3, 2026, United States US special operation to capture former Venezuelan President Nicolás Maduro and his wife, Cilia Flores, suggest Rodríguez is very likely to prioritize near-term governability and economic stabilization over maximalist ideological positioning.
Day in the Life: Product Manager at Recorded Future
Recorded Future Research
03 Apr 2026
SEV 1/10
Day in the Life: Product Manager at Recorded Future Recorded Future is the World’s Largest Intelligence Company. Our team works to build products that customers love. In this video, Kyle Kohler interviewed with VentureFizz about his day-to-day as a Senior Product Manager for Integrations.
Panorama do cibercrime na América Latina e Caribe
Recorded Future Research
02 Apr 2026
SEV 4/10
Panorama do cibercrime na América Latina e Caribe Resumo executivo Este relatório apresenta uma visão geral das tendências e desenvolvimentos no ecossistema do cibercrime na América Latina e Caribe (LAC) em 2025. O Insikt Group descobriu que os agentes de ameaças que operam na região da América Latina e Caribe (LAC) ou que a têm como alvo usam predominantemente aplicações cliente-servidor e plataformas de mensagens criptografadas de ponta a ponta, como o Telegram, bem como a dark web estabelecida em inglês ou russo e fóruns de acesso restrito, para se comunicarem e realizarem atividades. Os agentes de ameaças demonstram crescente sofisticação nas operações, adaptando táticas, técnicas e procedimentos (TTPs) ao longo do tempo, embora ainda dependam principalmente de métodos tradicionais, como phishing e engenharia social, distribuição de malware e ransomware.
Panorama del cibercrimen en América Latina y el Caribe
Recorded Future Research
02 Apr 2026
SEV 4/10
Panorama del cibercrimen en América Latina y el Caribe Resumen ejecutivo Este informe brinda un resumen de las tendencias y los desarrollos en el ecosistema cibercriminal de América Latina y el Caribe (LAC) en 2025. Insikt Group identificó que los actores maliciosos que operan en la región de LAC o que la tienen como objetivo utilizan principalmente aplicaciones cliente-servidor y plataformas de mensajería con cifrado de extremo a extremo como Telegram, así como foros de la dark web y de acceso especial en inglés o ruso, para comunicarse y llevar a cabo sus actividades. Los actores maliciosos demuestran una mayor sofisticación en sus operaciones, ya que adaptan sus tácticas, técnicas y procedimientos (TTP) con el tiempo, pero siguen apoyándose principalmente en métodos tradicionales como el phishing y la ingeniería social, la distribución de malware, y el ransomware.
Latin America and the Caribbean Cybercrime Landscape
Recorded Future Research
02 Apr 2026
SEV 4/10
Latin America and the Caribbean Cybercrime Landscape Executive Summary This report provides an overview of trends and developments in the cybercriminal ecosystem of Latin America and the Caribbean (LAC) in 2025. Insikt Group found that threat actors operating in or targeting the LAC region predominantly use client-server applications and end-to-end encrypted messaging platforms such as Telegram, as well as established English- or Russian-speaking dark web and special-access forums, to communicate and conduct activities. Threat actors demonstrate increased sophistication in their operations, adapting their tactics, techniques, and procedures (TTPs) over time, while still relying primarily on traditional methods such as phishing and social engineering, malware distribution, and ransomware.
The Shift: An Era of Quantum Geopolitics
Recorded Future Research
01 Apr 2026
SEV 3/10
The Shift: An Era of Quantum Geopolitics The expanding conflict around Iran signals a deeper shift. We have entered an era of quantum geopolitics , where the old rules of the international order no longer apply. What began as a regional confrontation is already reshaping global markets, supply chains, and corporate security planning.
Industrialization of the Fraud Ecosystem Blog
Recorded Future Research
01 Apr 2026
SEV 3/10
Industrialization of the Fraud Ecosystem Blog The Fraud Ecosystem Has Industrialized. That's Good News for Defenders Who Know Where to Look. Payment fraud no longer operates as a collection of discrete schemes run by individual threat actors.
ClickFix Campaigns Targeting Windows and macOS
Recorded Future Research
25 Mar 2026
SEV 5/10
ClickFix Campaigns Targeting Windows and macOS Executive Summary Insikt Group identified five distinct clusters leveraging the ClickFix social engineering technique to facilitate initial access to host systems. Observed since at least May 2024, these clusters include those impersonating financial application Intuit QuickBooks and the travel agency Booking.com. Insikt Group leveraged the Recorded Future® HTML Content Analysis dataset, which enables systematic monitoring of embedded web artifacts to identify and track new malicious domains and infrastructure.
2025 Year in Review: Malicious, Infrastructure
Recorded Future Research
19 Mar 2026
SEV 4/10
2025 Year in Review: Malicious, Infrastructure 2025 Year in Review: Malicious Infrastructure Executive Summary In 2025, Insikt Group significantly expanded its tracking of malicious infrastructure, broadening coverage across additional malware families and threat categories spanning cybercriminal and APT activity. This expansion included deeper analysis of infrastructure types, enhanced integration of data sources such as Recorded Future Network Intelligence®, improved threat detection methodologies,more granular higher-tier infrastructure insights, expanded victimology analysis, and a new focus on so-called threat activity enablers (TAEs). While many patterns identified in 2024 persisted, including Cobalt Strike’s dominance among offensive security tools (OSTs), AsyncRAT and QuasarRAT leading the remote access trojan (RAT) landscape, the widespread use of open-source or cracked malware variants, and the continued prevalence of Android malware within the mobile threat ecosystem, Insikt Group observed several notable shifts and emerging trends throughout 2025.
2025 Identity Threat Landscape Report: Inside the Infostealer Economy: Credential Threats in 2025
Recorded Future Research
16 Mar 2026
SEV 4/10
2025 Identity Threat Landscape Report: Inside the Infostealer Economy: Credential Threats in 2025 2025 Identity Threat Landscape Report Inside the Infostealer Economy: Credential Threats in 2025 Executive Summary Credential theft is the dominant initial access vector for enterprise breaches. In 2025, Recorded Future detected: 1.95 billion malware combo list credential exposures 36 million database combo list credential exposures 24 million database dump credential exposures 892 million malware log credential exposures Five findings stand out from the data: Credential theft accelerated as the year progressed. Recorded Future identified 50% more credentials in the second half of 2025 than in the first half of the year.
February 2026 CVE Landscape: 13 Critical Vulnerabilities Mark 43% Drop from January
Recorded Future Research
12 Mar 2026
SEV 9/10
February 2026 CVE Landscape: 13 Critical Vulnerabilities Mark 43% Drop from January February 2026 CVE Landscape:13 Critical Vulnerabilities Mark 43% Drop from January February 2026 saw a 43% decrease in high-impact vulnerabilities, with Recorded Future's Insikt Group® identifying 13 vulnerabilities requiring immediate remediation, down from 23 in January 2026 . All 13 carried a ‘Very Critical’ Recorded Future Risk Score. What security teams need to know: Microsoft dominates: Six of 13 vulnerabilities affected Microsoft products, accounting for 46% of February's findings; all were added to CISA's KEV catalog on the same day Supply-chain attack on Notepad++: Lotus Blossom, a suspected China state-sponsored threat actor, exploited CVE-2025-15556 to hijack Notepad++'s update channel and deliver a Cobalt Strike Beacon and the Chrysalis backdoor APT28 exploits MSHTML flaw: The Russian state-sponsored group leveraged CVE-2026-21513 via malicious Windows Shortcut files for multi-stage payload delivery Public exploits available: Four of 13 vulnerabilities have publicly available proof-of-concept code; an alleged exploit for a fifth is being advertised for sale Bottom line: Despite a 43% drop in volume, February's vulnerabilities include named threat actor exploitation and five RCE-enabling flaws, making prioritized, intelligence-driven remediation as important as ever.
Digital Citizenship Glossary: Key Terms Every Internet User Should Know
Recorded Future Research
08 Mar 2026
SEV 2/10
Digital Citizenship Glossary: Key Terms Every Internet User Should Know Digital Citizenship Glossary: Navigating the Internet Without Crashing and Burning The internet is basically a giant digital city, and you need to be just as streetwise here as outside your front door. Most people go online every day - scrolling through TikTok, finishing a research paper, or making purchases - but they don't always know the "rules of the road" or the vocabulary that tech experts use to describe our digital lives. Here's a breakdown of essential digital citizenship terms to help you navigate the web and mobile apps like a pro: Authority - Authority refers to how trustworthy a source is based on who created it.
Latin America's Cybersecurity Turning Point: From Reactive Defense to Threat Intelligence
Recorded Future Research
03 Mar 2026
SEV 1/10
Latin America's Cybersecurity Turning Point: From Reactive Defense to Threat Intelligence Key Takeaways Latin America faces a distinct and evolving cyber threat landscape, from PIX payment fraud to ransomware hitting critical infrastructure. Most LATAM security teams are still reactive by necessity, and that posture is costing organizations in downtime, data, and trust. Recorded Future offers LATAM-specific threat intelligence, automation, and 100+ integrations to help stretched teams get ahead of attacks before they land.
Recorded Future Expands Coverage of Scams and Financial Fraud with Money Mule Intelligence from CYBERA
Recorded Future Research
26 Feb 2026
SEV 2/10
Recorded Future Expands Coverage of Scams and Financial Fraud with Money Mule Intelligence from CYBERA Recorded Future is expanding its payment fraud prevention capabilities through a partnership with CYBERA , the industry leader in detecting and verifying data on scam-linked bank accounts. Available for purchase now via the Recorded Future Platform, Money Mule Intelligence helps fraud teams identify the accounts criminals use to extract and move stolen funds—addressing a critical gap as scams increasingly become banks' most pressing fraud challenge. The Growing Threat of Authorized Push Payment Fraud Authorized Push Payment (APP) fraud is accelerating.
Preparing for Russia’s New Generation Warfare in Europe
Recorded Future Research
24 Feb 2026
SEV 4/10
Preparing for Russia’s New Generation Warfare in Europe Executive Summary Since its full-scale invasion of Ukraine in February 2022, Russia has waged what we assess is largely opportunistic, though increasingly aggressive, hybrid warfare in NATO territory. Moscow has very likely not yet leveraged its full capability to integrate cyber, political, and sabotage tools into a full-scale campaign. Over the next two years, Russian President Vladimir Putin will likely escalate Russia’s hybrid warfare campaign against NATO members into a full-fledged campaign likely consistent with a Russian military doctrine called New Generation Warfare (NGW).
January 2026 CVE Landscape: 23 Critical Vulnerabilities Mark 5% Increase, APT28 Exploits Microsoft Office Zero-Day
Recorded Future Research
24 Feb 2026
SEV 9/10
January 2026 CVE Landscape: 23 Critical Vulnerabilities Mark 5% Increase, APT28 Exploits Microsoft Office Zero-Day January 2026 saw a modest 5% increase in high-impact vulnerabilities, with Recorded Future's Insikt Group® identifying 23 vulnerabilities requiring immediate remediation, up from 22 in December 2025. Noteworthy trends last month included Russian state-sponsored exploitation of a Microsoft Office zero-day and critical authentication bypass flaws affecting enterprise infrastructure. What security teams need to know: APT28's Operation Neusploit: Russian state-sponsored actors exploited CVE-2026-21509 (Microsoft Office) via weaponized RTF files, delivering MiniDoor, PixyNetLoader, and Covenant Grunt implants Microsoft and SmarterTools lead concerns: These vendors accounted for 30% of January's vulnerabilities, with multiple critical authentication bypass and RCE flaws Public exploits proliferate: Fourteen of the 23 vulnerabilities reported have public proof-of-concept exploit code available Code Injection dominates: CWE-94 (Code Injection) was the most common weakness type, followed by CWE-288 (Authentication Bypass Using an Alternate Path or Channel) and CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) Bottom line: The slight increase masks significant threats.
2025 Cloud Threat Hunting and Defense Landscape
Recorded Future Research
19 Feb 2026
SEV 8/10
2025 Cloud Threat Hunting and Defense Landscape Executive Summary Insikt Group has observed continued trends of growth and increased activity of threat actors leveraging and exploiting cloud infrastructure to broaden the number of victims they target and infect. Recent reporting across the observed incidents shows that cloud-focused threats are converging on a few consistent patterns, which serve as the main sections of this report: Exploitation and Misconfiguration Cloud Abuse Cloud Ransomware Credential Abuse, Account Takeover, and Unauthorized Access Third-Party Compromise Across cases, initial access frequently comes from vulnerable or misconfigured services exposed to the internet — including application delivery controllers, monitoring dashboards, email security gateways, and enterprise resource planning (ERP) platforms — as well as stolen or weakly governed credentials sourced from public leaks, compromised developer workstations, and socially engineered helpdesk workflows. Once inside a targeted environment, threat actors systematically pivot through hybrid identity and virtual private network (VPN) infrastructure, targeting directory-synchronized accounts, non-human and executive identities, and privileged cloud roles to gain tenant-wide administrative control.
GrayCharlie Hijacks Law Firm Sites in Suspected Supply-Chain Attack
Recorded Future Research
18 Feb 2026
SEV 5/10
GrayCharlie Hijacks Law Firm Sites in Suspected Supply-Chain Attack Executive Summary Insikt Group has been monitoring GrayCharlie, a threat actor overlapping with SmartApeSG and active since mid-2023, for some time, and is now publishing its first report on the group. GrayCharlie compromises WordPress sites and injects them with links to externally hosted JavaScript that redirects visitors to NetSupport RAT payloads delivered via fake browser update pages or ClickFix mechanisms. These infections often progress to the deployment of Stealc and SectopRAT.
Network Intelligence: Your Questions, Global Answers
Recorded Future Research
16 Feb 2026
SEV 4/10
Network Intelligence: Your Questions, Global Answers The Problem with Pre-Packaged Intelligence Security teams are drowning in threat intelligence feeds. Hundreds of vendors promise comprehensive coverage, real-time alerts, and actionable insights. Yet sophisticated adversaries continue to operate undetected, incidents take weeks to scope, and attribution remains elusive.
Fragmentation Defined 2025's Threat Landscape. Here's What It Means for 2026
Recorded Future Research
12 Feb 2026
SEV 4/10
Fragmentation Defined 2025's Threat Landscape. Here's What It Means for 2026 Uncertainty has become the operating environment for business. And this year, fragmentation is driving it.
State of Security Report | Recorded Future
Recorded Future Research
12 Feb 2026
SEV 3/10
State of Security Report | Recorded Future 2026 State of Security Explore the intelligence from Recorded Future's Insikt Group annual threat landscape analysis: the definitive report on how geopolitical fragmentation, state-sponsored operations, and criminal ecosystem evolution are reshaping global risk. Download report Fragmentation is the new normal The global threat landscape didn't simplify in 2025—it shattered. Geopolitical alliances strained.
From 27 Steps to 5: How Recorded Future Reimagined Threat Hunting with Autonomous Threat Operations
Recorded Future Research
11 Feb 2026
SEV 2/10
From 27 Steps to 5: How Recorded Future Reimagined Threat Hunting with Autonomous Threat Operations The manual operations gap can be a business risk Manual threat hunting requires 27 steps that burn analyst time Autonomous Threat Operations can reduce 27 steps to 5 Autonomous operations prove measurable ROI At Recorded Future, we’re constantly looking for ways to help security teams work more efficiently so they can focus their expertise where it matters most: stopping threats before they impact business. Over the past few years, as we spent time talking to our customers and observing the ways that their SOCs actually work day to day, we discovered a troubling pattern. Every Monday morning, analysts would begin a new round of threat hunts, manually gathering intelligence, writing queries for different tools, correlating findings, and documenting results.
A Complete History of Cybersecurity: From Early Viruses to AI-Powered Threats
Recorded Future Research
08 Feb 2026
SEV 4/10
A Complete History of Cybersecurity: From Early Viruses to AI-Powered Threats The History of Cybersecurity: From Early Viruses to Modern Threat Intelligence Cybersecurity is a cornerstone of our modern world, but its roots stretch back long before the internet. Far from a recent phenomenon, the field began in university labs and evolved through decades of innovation and conflict. For professionals and everyday users alike, tracing this history reveals why today's defenses exist and why vigilance remains our most critical tool.