Threat Intelligence

Beyond Decay Curves: Rethinking IOC Scoring

IoC, RST_Engine, Threat Intelligence / 14/06/2026

Most security teams assume IOC scoring is a solved problem. Indicators arrive from threat feeds, confidence values are assigned, decay functions reduce scores over time, and detections are prioritized accordingly. On paper, the process appears objective and systematic. In practice, adversaries exploit exactly these assumptions. Infrastructure is designed to evade validation, stale indicators are continuously […]

Beyond Decay Curves: Rethinking IOC Scoring Read More »

What does it actually cost to run CTI with an AI agent?

AI Agent, LLM, Threat Intelligence / 13/05/2026

Modern deep research models can do real threat intelligence work. Before scaling that approach across a team, here is an honest accounting of the costs that don’t show up on the invoice. It is a fair question to ask in 2026. The frontier models are good. Deep research agents will autonomously plan a search, read

What does it actually cost to run CTI with an AI agent? Read More »

MacSync Stealer: C2 Infrastructure Rotation

MacSync, Reports, Threat Intelligence / 08/05/2026

On 5 May 2026, an RST Cloud customer’s Jamf Protect blocked a download from jacksonvillemma[.]com. Four days earlier, the operator’s prior MacSync C2 had been publicly disclosed. Twenty-four hours after that disclosure, the new C2’s TLS certificate had been issued. Three days later, the new C2 was attempting to deliver its loader to a managed

MacSync Stealer: C2 Infrastructure Rotation Read More »