March 23, 2026
Learn how adversaries are shifting from evasion to systematically dismantling endpoint defenses to eliminate visibility, enforcement, and response. Explore how modern EDR inhibition techniques abuse legitimate system features and vulnerable drivers to quietly degrade protections with minimal detection. Understand why this once-advanced tradecraft is now standard practice—and how it creates a critical blind spot for defenders.
March 5, 2026
On February 28, 2026, the United States and Israel launched Operation Epic Fury (U.S.) and Operation Roaring Lion (Israel), a coordinated military and cyber campaign targeting Iranian military installations, IRGC leadership, and government infrastructure. U.S. Cyber Command was designated the “first mover,” with cyber operations beginning before any kinetic weapons were deployed. In the first 48 hours, U.S. and allied forces struck more than 1,250 targets across Iran, while Israel conducted what has been described as the largest cyberattack in history, collapsing Iran’s internet connectivity to 1-4% of normal levels through multi-layered attacks on BGP routing, DNS infrastructure, and SCADA/ICS systems.
March 3, 2026
Drowning in security data? This practical guide shows how CTEM and MITRE INFORM cut noise, validate defenses, and prove what matters.
February 26, 2026
AttackIQ has released a new attack graph that emulates the behaviors of LokiLocker ransomware, a .NET based strain active since at least mid-August 2021. The malware combines defense evasion and impact techniques, including disabling Task Manager and Windows Firewall, as well as deleting Volume Shadow Copies to hinder detection and prevent restoration.
February 25, 2026
AttackIQ has released a new attack graph that emulates the behaviors exhibited by BlackByte ransomware, a strain operated under the Ransomware-as-a-Service (RaaS) model that emerged in July 2021. Since its emergence, BlackByte has targeted organizations worldwide, including entities within U.S. critical infrastructure sectors such as Government, Financial Services, Manufacturing, and Energy.
February 9, 2026
What if your phishing tests updated themselves every week? Learn how real phishing campaigns are automatically transformed into continuous email and endpoint validation—at scale.
February 5, 2026
AttackIQ has released a new attack graph that emulates the behaviors of Cephalus ransomware, a Go-based strain active since June 2025 that combines defense-evasion and anti-analysis techniques, such as secure memory handling and tampering with Windows Defender, to enable stealthy targeted operations prior to encryption and extortion.
January 20, 2026
AttackIQ has released a new attack graph that emulates the behaviors exhibited by BlackSuit ransomware, a ransomware strain that has been active since at least May 2023. It represents the evolution of the ransomware previously identified as Royal ransomware, which was active from approximately September 2022 through June 2023.
November 19, 2025
AttackIQ has released an updated attack graph in response to emerging threat intelligence associated with the deployment of Qilin ransomware, a ransomware strain that first appeared in July 2022 and remains one of the most active ransomware families today. This update includes new behaviors related to the operators of the Qilin ransomware, which have been identified as recently as October 2025.
November 14, 2025
AttackIQ has released a new assessment template designed to emulate the various post-compromise Tactics, Techniques, and Procedures (TTPs) associated with a recent intrusion targeting Ukrainian organizations that aligns with patterns previously associated with Sandworm. While attribution remains unconfirmed, this assessment helps defenders improve their security posture against similarly sophisticated and persistent threats.
November 13, 2025
AttackIQ has released a new attack graph that emulates the behaviors exhibited by SideWinder, a threat actor with a long history of cyber espionage dating back to 2012. The group has primarily targeted government, military, and maritime sectors across South Asia and nearby regions through sophisticated spear-phishing campaigns, exploitation of Microsoft Office vulnerabilities, and the deployment of StealerBot, a memory-resident backdoor.
November 6, 2025
AttackIQ presents the fifth volume of Ransom Tales, an initiative focused on emulating the Tactics, Techniques, and Procedures (TTPs) exhibited by sophisticated and prominent ransomware families with the objective of empowering defenders to rigorously challenge their security controls and enhance resilience against disruptive and extortive threats. In this release, AttackIQ revisits historical ransomware operations with the introduction of three new attack graphs that emulate the operational behaviors exhibited by the REvil, DarkSide, and BlackMatter ransomware families.
October 23, 2025
AttackIQ has enhanced and expanded two AWS security assessments, by introducing nine new scenarios that emulate real-world techniques and tactics that could be used by threat actors to compromise AWS cloud environments. These updates are designed to provide a more comprehensive evaluation of your AWS cloud security posture by covering a broader range of attack vectors and misconfigurations.
October 16, 2025
AttackIQ has released a new attack graph that emulates the behaviors exhibited by Global Group ransomware, a threat that first appeared in June 2025 and quickly became notorious across the security landscape. The group has primarily targeted high-impact sectors such as healthcare, manufacturing, and professional services, where operational downtime can cause severe disruption.
October 2, 2025
AttackIQ has released a new attack graph that emulates the behaviors exhibited by Qilin ransomware, a threat that first appeared in July 2022 and remains one of the most active families today. Qilin primarily targets the healthcare, government, education, manufacturing, and finance sectors, and has evolved to operate across multiple platforms, including Windows, Linux, and ESXi.
September 25, 2025
AttackIQ presents the fourth volume of Ransom Tales, an initiative focused on emulating the Tactics, Techniques, and Procedures (TTPs) exhibited by sophisticated and prominent ransomware families with the objective of empowering defenders to rigorously challenge their security controls and enhance resilience against disruptive and extortive threats. In this release, AttackIQ presents three new attack graphs that emulate the behaviors exhibited by the Rhysida, Charon, and Dire Wolf ransomware families.
September 23, 2025
AttackIQ research exposes RomCom’s espionage-to-ransomware convergence and provides 7 emulations to harden detection and response.
August 28, 2025
AttackIQ presents the third volume of Ransom Tales, an initiative focused on emulating the Tactics, Techniques, and Procedures (TTPs) exhibited by sophisticated and prominent ransomware families with the objective of empowering defenders to rigorously challenge their security controls and enhance resilience against disruptive and extortive threats. In this release, AttackIQ presents three new attack graphs that emulate the behaviors exhibited by the INC, Lynx and SafePay ransomware families.
August 27, 2025
AttackIQ has released a new attack graph that emulates the behaviors exhibited by Warlock ransomware, which emerged in June 2025. Beginning in July, Warlock operators have primarily targeted internet-exposed, unpatched on-premises Microsoft SharePoint servers, exploiting a set of recently disclosed zero-day vulnerabilities, specifically CVE-2025-49704, CVE-2025-49706, CVE-2025-53770, and CVE-2025-53771, collectively referred to as the “ToolShell” exploit chain.
July 29, 2025
AttackIQ presents the second volume of Ransom Tales, an initiative focused on emulating the Tactics, Techniques, and Procedures (TTPs) exhibited by sophisticated and prominent ransomware families with the objective of empowering defenders to rigorously challenge their security controls and enhance resilience against disruptive and extortive threats. In this release, AttackIQ presents three new attack graphs that emulate the behaviors exhibited by the Gunra, Anubis and DevMan ransomware families.
July 22, 2025
AttackIQ introduces Ransom Tales, an initiative designed to emulate the Tactics, Techniques, and Procedures (TTPs) exhibited by sophisticated and prominent ransomware families with the objective of empowering defenders to rigorously challenge their security controls and enhance resilience against disruptive and extortive threats. In this release, AttackIQ presents three new attack graphs that emulate the behaviors exhibited by the BlackLock, Embargo and Mamona ransomware families.
June 23, 2025
Amid rising tensions after Israeli and U.S. strikes on Iranian nuclear sites, experts warn of increased Iranian cyber retaliation. With limited conventional options, Iran is expected to rely on cyberattacks against U.S. infrastructure and defense sectors. DHS has issued alerts on threats from state-backed hackers and proxies. AttackIQ continues to help organizations test and strengthen their defenses.
May 29, 2025
AttackIQ has released a new assessment template that contains a curated list of Tools and Malware samples associated with Scattered Spider to help defenders improve their security posture against this sophisticated and persistent threat.