Threat Intelligence
Threats, mapped to the controls that defend against them.
Every threat record links to MITRE ATT&CK tactics, the controls that mitigate it, and the audit program that proves whether you're exposed. Pick a threat to run the audit.
ICS / OT Device Vulnerability
Vulnerability disclosed in an industrial / building-control device. Implies the device may be reachable from the corporate network or directly from the internet. Calls for network segmentation, asset…
Database Leak / Unauthorised Data Exposure
Attacker dumps or sells a customer database. Implies the data store was accessible from the internet, lacked encryption at rest, or had weak access controls. DLP, classification, encryption…
Ransomware Incident
Confirmed ransomware encryption + extortion event. Calls for the full playbook: MFA on remote access, immutable backups, EDR on every endpoint, network segmentation, PAM and a tested IR…
OT / Industrial Control System Attack
Attack targeting operational technology — pumps, controllers, processing equipment. Implies OT exposure to the internet, default credentials on engineering workstations, or flat-network bridging from IT. Calls for IT/OT…
Initial Access Broker Sale
Initial-access brokers selling administrative or remote access to a victim organisation (VPN, RDP, Exchange OWA, AWS console, AD domain admin). The buyer is typically a ransomware affiliate. Demands…
Stolen Credential Dump
Aggregated credentials (often from infostealer malware) appear on criminal forums. Even if your org's data isn't in this exact dump, the same playbook hits you next. Demands password…
DDoS Campaign Against Public Services
Volumetric or application-layer attack aimed at taking a service offline. Demands edge mitigation (CDN / scrubbing), rate limiting, autoscaling capacity and upstream provider failover.
Website Defacement Campaign
Ongoing pattern of website defacements where attackers replace site content to push a political or trophy message. Implies the targeted CMS / web tier has unpatched vulnerabilities, weak…
Threat Actor Targets Public Website
A named hacktivist group or hostile actor publicly claims attack against an organisation's website. Whether the attack succeeds depends on the web-tier defences: WAF, patching, rate-limiting and DDoS…