November 18, 2025
AttackIQ has released an updated attack graph in response to the recently revised CISA Advisory (AA24-109A) which disseminates Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) associated with the Akira ransomware group, identified through FBI investigations as recently as November 2025.
November 14, 2025
AttackIQ has released a new assessment template designed to emulate the various post-compromise Tactics, Techniques, and Procedures (TTPs) associated with a recent intrusion targeting Ukrainian organizations that aligns with patterns previously associated with Sandworm. While attribution remains unconfirmed, this assessment helps defenders improve their security posture against similarly sophisticated and persistent threats.
November 13, 2025
AttackIQ has released a new attack graph that emulates the behaviors exhibited by SideWinder, a threat actor with a long history of cyber espionage dating back to 2012. The group has primarily targeted government, military, and maritime sectors across South Asia and nearby regions through sophisticated spear-phishing campaigns, exploitation of Microsoft Office vulnerabilities, and the deployment of StealerBot, a memory-resident backdoor.
November 6, 2025
AttackIQ presents the fifth volume of Ransom Tales, an initiative focused on emulating the Tactics, Techniques, and Procedures (TTPs) exhibited by sophisticated and prominent ransomware families with the objective of empowering defenders to rigorously challenge their security controls and enhance resilience against disruptive and extortive threats. In this release, AttackIQ revisits historical ransomware operations with the introduction of three new attack graphs that emulate the operational behaviors exhibited by the REvil, DarkSide, and BlackMatter ransomware families.
October 23, 2025
AttackIQ has enhanced and expanded two AWS security assessments, by introducing nine new scenarios that emulate real-world techniques and tactics that could be used by threat actors to compromise AWS cloud environments. These updates are designed to provide a more comprehensive evaluation of your AWS cloud security posture by covering a broader range of attack vectors and misconfigurations.
October 16, 2025
AttackIQ has released a new attack graph that emulates the behaviors exhibited by Global Group ransomware, a threat that first appeared in June 2025 and quickly became notorious across the security landscape. The group has primarily targeted high-impact sectors such as healthcare, manufacturing, and professional services, where operational downtime can cause severe disruption.
October 14, 2025
After 23 years at MITRE leading the charge on threat-informed defense, Jon Baker joined AttackIQ to turn innovation into real-world security impact.
October 9, 2025
AttackIQ has released a new emulation in response to the Oracle Security Alert Advisory detailing the CVE-2025-61882 vulnerability, which impacts Oracle E-Business Suite versions 12.2.3 through 12.2.14.
October 2, 2025
AttackIQ has released a new attack graph that emulates the behaviors exhibited by Qilin ransomware, a threat that first appeared in July 2022 and remains one of the most active families today. Qilin primarily targets the healthcare, government, education, manufacturing, and finance sectors, and has evolved to operate across multiple platforms, including Windows, Linux, and ESXi.
September 25, 2025
AttackIQ presents the fourth volume of Ransom Tales, an initiative focused on emulating the Tactics, Techniques, and Procedures (TTPs) exhibited by sophisticated and prominent ransomware families with the objective of empowering defenders to rigorously challenge their security controls and enhance resilience against disruptive and extortive threats. In this release, AttackIQ presents three new attack graphs that emulate the behaviors exhibited by the Rhysida, Charon, and Dire Wolf ransomware families.
September 24, 2025
AttackIQ has released two new assessment templates in response to the CISA Advisory (AA25-266A) published on September 23, 2025. The CSA highlights the lessons learned from an incident response engagement CISA conducted at a U.S. federal civilian executive branch (FCEB) agency to help effectively mitigate risk, prepare for, and respond to incidents.
September 23, 2025
AttackIQ research exposes RomCom’s espionage-to-ransomware convergence and provides 7 emulations to harden detection and response.
September 15, 2025
Security teams face more threats and fewer resources. AttackIQ’s purpose-built AI embeds intelligence into workflows and transforms how teams work.
September 4, 2025
In response to the CISA Advisory (AA25-239A), AttackIQ has updated the assessment template that emulates the various post-compromise Tactics, Techniques, and Procedures (TTPs) associated with the Chinese adversary Salt Typhoon and released a new attack graph emulating the behaviors exhibited during the SparrowDoor and ShadowPad campaign in March 2025.
August 28, 2025
AttackIQ presents the third volume of Ransom Tales, an initiative focused on emulating the Tactics, Techniques, and Procedures (TTPs) exhibited by sophisticated and prominent ransomware families with the objective of empowering defenders to rigorously challenge their security controls and enhance resilience against disruptive and extortive threats. In this release, AttackIQ presents three new attack graphs that emulate the behaviors exhibited by the INC, Lynx and SafePay ransomware families.
August 27, 2025
AttackIQ has released a new attack graph that emulates the behaviors exhibited by Warlock ransomware, which emerged in June 2025. Beginning in July, Warlock operators have primarily targeted internet-exposed, unpatched on-premises Microsoft SharePoint servers, exploiting a set of recently disclosed zero-day vulnerabilities, specifically CVE-2025-49704, CVE-2025-49706, CVE-2025-53770, and CVE-2025-53771, collectively referred to as the “ToolShell” exploit chain.
August 12, 2025
SOC teams face up to 10,000 alerts a day, with accuracy dropping 40% after 12 hours. AI Agent-Driven Detection Engineering (ADD+E) combat entropy as rules decay, threats evolve, and knowledge fades.
August 5, 2025
In cybersecurity, how do we truly measure our ability to defend our customers, our company, and our data?
August 1, 2025
In response to the recently published CISA Advisory (AA25-212A), AttackIQ has provided actionable recommendations to help organizations emulate such attacks. These recommendations enable organizations to emulate tactics and techniques, helping to assess and improve their defenses against similar adversarial behaviors.
July 30, 2025
AttackIQ has released a new emulation that compiles the Tactics, Techniques, and Procedures (TTPs) associated with the exploitation of the CVE-2025-49704, CVE-2025-49706, CVE-2025-53770, and CVE-2025-53771 vulnerabilities, which affect on-premises Microsoft SharePoint servers.
July 29, 2025
AttackIQ presents the second volume of Ransom Tales, an initiative focused on emulating the Tactics, Techniques, and Procedures (TTPs) exhibited by sophisticated and prominent ransomware families with the objective of empowering defenders to rigorously challenge their security controls and enhance resilience against disruptive and extortive threats. In this release, AttackIQ presents three new attack graphs that emulate the behaviors exhibited by the Gunra, Anubis and DevMan ransomware families.
July 25, 2025
AttackIQ has released two new attack graphs in response to the CISA Advisory (AA25-203A) published on July 22, 2025, which disseminates known Interlock ransomware Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) identified through FBI investigations as recently as June 2025.
July 22, 2025
AttackIQ introduces Ransom Tales, an initiative designed to emulate the Tactics, Techniques, and Procedures (TTPs) exhibited by sophisticated and prominent ransomware families with the objective of empowering defenders to rigorously challenge their security controls and enhance resilience against disruptive and extortive threats. In this release, AttackIQ presents three new attack graphs that emulate the behaviors exhibited by the BlackLock, Embargo and Mamona ransomware families.
June 23, 2025
Amid rising tensions after Israeli and U.S. strikes on Iranian nuclear sites, experts warn of increased Iranian cyber retaliation. With limited conventional options, Iran is expected to rely on cyberattacks against U.S. infrastructure and defense sectors. DHS has issued alerts on threats from state-backed hackers and proxies. AttackIQ continues to help organizations test and strengthen their defenses.