Petah Tikva, Israel
  |  By Adi Bleih
In 2023, international law enforcement agencies intensified their efforts against ransomware, resulting in the decline of groups such as Hive, Ragnar Locker, and the collapse of ALPHV (BlackCat). These actions underscore the growing challenges faced by ransomware groups. The significant operation in February 2024 targeting LockBit, which included arrests and the seizure of data leak sites and servers, represents one of the largest law enforcement actions taken against a major ransomware operation.
  |  By Coral Tayar
Today, May 15, 2024, the FBI and DOJ, working alongside international partners like the NCA and New Zealand Police, have taken control of one of the major dark web forums, BreachForums. This action comes shortly after a significant data leak from the Europol portal surfaced on the forum.
  |  By Adi Bleih
First Publishied Nov 6th 2023 Updated May 9th 2024 Last seen on this month, 8Base is a ransomware collective that initiated its operations in April 2022. Despite its relatively short time in the cyber landscape, the group has swiftly garnered a reputation for its forceful strategies and the substantial volume of victims it has affected.
  |  By Shmuel Gihon
As with every year, the Verizon DBIR is released, with data involving more than 10,000 breaches that have been dissected and used to create the report’s baseline. Cyberint’s Research team inspected the document to understand where the cyber security realm is heading, the important trends in data breaches and incidents, and what we need to look for moving forward in 2024.
  |  By Adi Bleih
The UK, US, and Australia have revealed the identity of Dmitry Khoroshev, a Russian national and the leader of the once-notorious LockBit ransomware group, following an international disruption campaign led by the National Crime Agency (NCA).
  |  By Adi Bleih
On May 6, 2024, the LockBit ransomware group published a list of over 50 victims on their newly established data leak platform. Among the victims are NASDAQ-listed firms, major corporations, governmental organizations, and technology companies. Interestingly, some of these victims had been targeted previously by other groups or even by LockBit in earlier attacks.
  |  By Adi Bleih
Introduced in 2019, AsyncRAT is classified as a remote access trojan (RAT) that primarily functions as a tool for stealing credentials and loading various malware, including ransomware. This RAT boasts botnet capabilities and features a command and control (C2) interface, granting operators the ability to manipulate infected hosts from a remote location.
  |  By Adi Bleih
Security researchers have identified a vulnerability, CVE-2024-27322, in the R programming language that permits arbitrary code execution by deserializing untrusted data. This flaw can be exploited when loading RDS (R Data Serialization) files or packages, which are commonly shared among developers and data scientists. An attacker can craft malicious RDS files or packages containing embedded arbitrary R code, triggering execution on the victim’s device upon interaction.
  |  By Adi Bleih
The ransomware landscape is evolving with increased competition among threat groups and the emergence of new ransomware operations. However, victim organizations and potential targets are strengthening their security measures and procedures to prepare for potential ransomware attacks. Our latest quarterly report for Q1 2024 shows a significant decrease in ransomware incidents, down to 1,048 cases, representing a 22% decline compared to Q4 2023.
  |  By Or Preger and Or Shichrur
The complex geopolitical landscape in Southeast Asia, influenced by People’s republic of China (PRC)’s strategic interests and territorial disputes, faces a prominent offensive threat from Chinese cyber operations. Southeast Asia’s economic and digital growth make it a prime target for cyber threats. In the past 8 months Cyberint has been able to identify a major large-scale campaign.
  |  By Cyberint
This is not only important for Cyberint's bottom line, but also crucial to demonstrate to investors that we are spending responsibly. One of the problems that CFOs encounter frequently is product sprawl. Where teams are using separate solutions for different purposes, each with their own price tag. Many of these point solutions aren’t better than a consolidated product; if they were using one, the information shared would make the tool more valuable. Despite this product sprawl occurs. The same is true for cybersecurity products.
  |  By Cyberint
Learn about what happened when we found a major US retailer employee's credentials on the Dark Web..
  |  By Cyberint
The United States is at the epicenter of cyber crime globally. It is by far the most highly-targeted nation, and American businesses face a higher volume of attacks as well as more costly consequences when an attack is successful. In this webinar, Cyberint Threat Research Team Lead Shmuel Gihon will discuss the current US threat landscape, recent trends, and the most urgent risks to prepare for. Using research and data collected by the Cyberint research team.
  |  By Cyberint
The suppliers are the weak point in the security organization, 62% of attacks were through suppliers..... Existing tactics such as periodic pen testing, questionaires etc. don't cut it! Find out who your suppliers are, how healthy their protection is, how targeted they are AND be notified when an issue happens.
  |  By Cyberint
Up until 2023 third party risk management has been flawed. 2023 brings big changes and Cyberint is leading the way. We had fun acting out some of the benefits.....

Best-in-class managed intelligence suite. We help you identify emerging threats, verify your security posture, and respond effectively to reduce their impact.

CyberInt's Managed Detection and Response services span globally and include some of the top finance, retail and telecommunication organizations. Allowing our customers to combat and respond to advanced cyber threats that would normally go unnoticed by standard security controls, while protecting their brand, digital assets and customers.


  • Threat Intelligence: Real-time monitoring of threats in the deep, dark and open web such as phishing and malware campaigns, brute-force and credential stuffing threats, data leakage, including personal identifiable information (PII), and fraudulent activity.
  • Digital Risk: Digital footprint discovery and ongoing monitoring of organizations’ cloud and external facing assets. Ensuring visibility into assets with severity-based prioritization of issues to address, highlighting related threats, vulnerabilities, and weaknesses.
  • Threat Hunting: Driven by Cyberint proprietary intelligence and custom detections service provides continuous hunt for threats across the IT and infrastructure. Leveraging 3rd party EDR-agnostic technology and SOAR, we deploy proprietary automated playbooks to contain and mitigate threats within minutes.
  • Cybersecurity Assessment: Testing applications and infrastructure’s resilience to cyberattacks, to identify weaknesses and loopholes in your security posture.

Intelligence-driven Detection & Response. Leveraging threat intelligence suite, threat hunting and threat mitigation and response services.