March 5, 2026
On February 28, 2026, the United States and Israel launched Operation Epic Fury (U.S.) and Operation Roaring Lion (Israel), a coordinated military and cyber campaign targeting Iranian military installations, IRGC leadership, and government infrastructure. U.S. Cyber Command was designated the “first mover,” with cyber operations beginning before any kinetic weapons were deployed. In the first 48 hours, U.S. and allied forces struck more than 1,250 targets across Iran, while Israel conducted what has been described as the largest cyberattack in history, collapsing Iran’s internet connectivity to 1-4% of normal levels through multi-layered attacks on BGP routing, DNS infrastructure, and SCADA/ICS systems.
March 3, 2026
Drowning in security data? This practical guide shows how CTEM and MITRE INFORM cut noise, validate defenses, and prove what matters.
February 26, 2026
AttackIQ has released a new attack graph that emulates the behaviors of LokiLocker ransomware, a .NET based strain active since at least mid-August 2021. The malware combines defense evasion and impact techniques, including disabling Task Manager and Windows Firewall, as well as deleting Volume Shadow Copies to hinder detection and prevent restoration.
February 26, 2026
When ransomware hits a hospital, shutting everything down isn’t resilience. Learn how healthcare CISOs prevent hospital-wide outages with identity security, network segmentation validation, and CTEM.
February 25, 2026
AttackIQ has released a new attack graph that emulates the behaviors exhibited by BlackByte ransomware, a strain operated under the Ransomware-as-a-Service (RaaS) model that emerged in July 2021. Since its emergence, BlackByte has targeted organizations worldwide, including entities within U.S. critical infrastructure sectors such as Government, Financial Services, Manufacturing, and Energy.
February 24, 2026
What if you could prove—right now—that your defenses actually work? See how CTEM and MITRE INFORM turn exposure data into real, board-level confidence.
February 18, 2026
After 30 years in cyber defense and research, I joined AttackIQ to bring clarity and prioritize what truly matters in security.
February 9, 2026
What if your phishing tests updated themselves every week? Learn how real phishing campaigns are automatically transformed into continuous email and endpoint validation—at scale.
February 5, 2026
AttackIQ has released a new attack graph that emulates the behaviors of Cephalus ransomware, a Go-based strain active since June 2025 that combines defense-evasion and anti-analysis techniques, such as secure memory handling and tampering with Windows Defender, to enable stealthy targeted operations prior to encryption and extortion.
February 3, 2026
AttackIQ and Accenture are reimagining security operations through threat-informed defense.
By combining adversarial testing, AI-driven validation, and SOC modernization services,
organizations gain continuous, evidence-based insight into defensive effectiveness.
January 21, 2026
Effective defense depends on understanding how adversaries operate across complete intrusion chains, not just whether individual controls trigger.
January 20, 2026
AttackIQ has released a new attack graph that emulates the behaviors exhibited by BlackSuit ransomware, a ransomware strain that has been active since at least May 2023. It represents the evolution of the ransomware previously identified as Royal ransomware, which was active from approximately September 2022 through June 2023.
January 15, 2026
In 2025, threat intelligence mattered only when it drove action. AttackIQ’s Adversary Research Team focused on turning real adversary behavior into fast, practical validation, helping defenders continuously test readiness against the threats that mattered most.
January 9, 2026
On January 8th, MITRE’s Center for Threat-Informed Defense (CTID) published a significant update to INFORM, its threat-informed defense maturity model. This update reflects the joint efforts of MITRE researchers, AttackIQ, and several CTID members to enhance INFORM based on two years of operational use and broad security community feedback.
December 18, 2025
AttackIQ released a new assessment template that compiles the Tactics, Techniques, and Procedures (TTPs) associated with the exploitation of the critical CVE-2025-55182 (React2Shell) Remote Code Execution (RCE) vulnerability affecting React Server Components.
December 10, 2025
AttackIQ has issued recommendations in response to the Cybersecurity Advisory (CSA) released by the Cybersecurity and Infrastructure Security Agency (CISA) on December 9, 2025, which details the ongoing targeting of critical infrastructure by pro-Russia hacktivists.
November 19, 2025
AttackIQ has released an updated attack graph in response to emerging threat intelligence associated with the deployment of Qilin ransomware, a ransomware strain that first appeared in July 2022 and remains one of the most active ransomware families today. This update includes new behaviors related to the operators of the Qilin ransomware, which have been identified as recently as October 2025.
November 18, 2025
AttackIQ has released an updated attack graph in response to the recently revised CISA Advisory (AA24-109A) which disseminates Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) associated with the Akira ransomware group, identified through FBI investigations as recently as November 2025.
November 14, 2025
AttackIQ has released a new assessment template designed to emulate the various post-compromise Tactics, Techniques, and Procedures (TTPs) associated with a recent intrusion targeting Ukrainian organizations that aligns with patterns previously associated with Sandworm. While attribution remains unconfirmed, this assessment helps defenders improve their security posture against similarly sophisticated and persistent threats.
November 13, 2025
AttackIQ has released a new attack graph that emulates the behaviors exhibited by SideWinder, a threat actor with a long history of cyber espionage dating back to 2012. The group has primarily targeted government, military, and maritime sectors across South Asia and nearby regions through sophisticated spear-phishing campaigns, exploitation of Microsoft Office vulnerabilities, and the deployment of StealerBot, a memory-resident backdoor.
November 6, 2025
AttackIQ presents the fifth volume of Ransom Tales, an initiative focused on emulating the Tactics, Techniques, and Procedures (TTPs) exhibited by sophisticated and prominent ransomware families with the objective of empowering defenders to rigorously challenge their security controls and enhance resilience against disruptive and extortive threats. In this release, AttackIQ revisits historical ransomware operations with the introduction of three new attack graphs that emulate the operational behaviors exhibited by the REvil, DarkSide, and BlackMatter ransomware families.
October 23, 2025
AttackIQ has enhanced and expanded two AWS security assessments, by introducing nine new scenarios that emulate real-world techniques and tactics that could be used by threat actors to compromise AWS cloud environments. These updates are designed to provide a more comprehensive evaluation of your AWS cloud security posture by covering a broader range of attack vectors and misconfigurations.
October 16, 2025
AttackIQ has released a new attack graph that emulates the behaviors exhibited by Global Group ransomware, a threat that first appeared in June 2025 and quickly became notorious across the security landscape. The group has primarily targeted high-impact sectors such as healthcare, manufacturing, and professional services, where operational downtime can cause severe disruption.