On January 26, 2026, Delta, a Russian alarm and vehicle security provider, suffered a major cyberattack, disrupting alarms, vehicle systems, and company communications for tens of thousands of customers. While no confirmed customer data breach occurred, an unverified leak circulated online.
So much of the industry is based on experience and not education. You can learn all the lessons yourself, but it will take a lot longer. Learning from people who have seen enough things to have a strong intuition can help you be better and faster. In part, this is because the field is always changing. As bad actors constantly improve their techniques, the defenders must respond.
Since we're talking cybersecurity, let's start with iDEFENSE. I bought the company in 2002 as an investor rather than an operator, then subsequently became CEO. As the first commercial cyber threat intelligence vendor, we established the first global zero day acquisition program and created the 'Responsible Disclosure' process driving software companies to accelerate their patch creation and rollout schedule. This was ground breaking and the initiation of the bug bounty world we live in today.
Cisco is set to launch another such "SLM", following up its Foundation-Sec-8B with 8 billion parameters with a 17 billion parameter count model. It will contain 30 years of threat intelligence emanating from Cisco Talos. However, the company emphasizes the new model is not a direct successor to Foundation-Sec-8B. Cisco currently uses Foundation-Sec-8B in its products. The model analyzes security alerts, checks code for vulnerabilities, and suggests workflows that prioritize security.
Google's Threat Intelligence Group (GTIG) and Mandiant are tracking the "high-volume" activity, which began last month, and are investigating whether there is any truth to the attackers' boasts. In a statement to The Register, Genevieve Stark, head of cybercrime and information operations intelligence analysis at GTIG, said: "This activity began on or before September 29, 2025, but Mandiant's experts are still in the early stages of multiple investigations, and have not yet substantiated the claims made by this group."
Minimum qualifications: Bachelor's degree or equivalent practical experience 5 years of experience in data analysis, including identifying trends, generating summary statistics, and drawing insights from quantitative and qualitative data. 5 years of experience managing projects and defining project scope, goals, and deliverables. Experience with statistical analysis, data science and data analysis. Preferred qualifications: Master's degree in a quantitative field (e.g., Statistics, Computer Science, Mathematics, Engineering). 5 years of experience in a data-intensive role such as threat intelligence, data science, trust and safety, or fraud analysis.
CrowdStrike claims that Falcon for IT Risk-based Patching solves this problem by bringing vulnerability management and patch implementation together within the Falcon console. It uses proprietary intelligence and AI models to determine which vulnerabilities are most likely to be exploited in practice. With features such as Patch Safety Scores and sensor intelligence, teams should be able to patch faster, more securely, and on a larger scale without disruption.
According to research from Trend Micro, hackers are now using AI to analyze these reports and use them to refine their tactics. The study showed large language models (LLMs) can translate technical blogs into "partial malicious code" in a dark twist on the "vibe coding" trend. This not only allows threat actors to speed up attacks or reverse engineer malware strains, it also helps them mimic other group's TTPs, creating challenges with the attribution of attacks.
Infoblox positions DNS as the earliest point of cyber threat prevention, claiming to block malicious infrastructure an average of 68.4 days before traditional detection tools. The company's Protective DNS approach leverages global DNS visibility to identify threats before they can weaponize their infrastructure. Infoblox Threat Intel monitors over 200,000 threat actor clusters using proprietary algorithms designed to identify infrastructure during construction phases. The company's detection pipeline combines real-time DNS telemetry with predictive threat intelligence.
Since the recent arrests tied to the alleged Scattered Spider (UNC3944) members in the U.K., Mandiant Consulting hasn't observed any new intrusions directly attributable to this specific threat actor, Charles Carmakal, CTO of Mandiant Consulting at Google Cloud, told The Hacker News in a statement. This presents a critical window of opportunity that organizations must capitalize on to thoroughly study the tactics UNC3944 wielded so effectively, assess their systems, and reinforce their security posture accordingly.
