Blog
What does it actually cost to run CTI with an AI agent?
Modern deep research models can do real threat intelligence work. Before scaling that approach across a team, here is an honest accounting of the costs that don’t show up on the invoice. It is a fair question to ask in 2026. The frontier models are good. Deep research agents will autonomously plan a search, read…
MacSync Stealer: C2 Infrastructure Rotation
On 5 May 2026, an RST Cloud customer’s Jamf Protect blocked a download from jacksonvillemma[.]com. Four days earlier, the operator’s prior MacSync C2 had been publicly disclosed. Twenty-four hours after that disclosure, the new C2’s TLS certificate had been issued. Three days later, the new C2 was attempting to deliver its loader to a managed…
Axios NPM Supply Chain Attack
RST CLOUD THREAT INTELLIGENCE _ TLP:CLEAR When the axios npm supply chain attack broke on 31 March 2026, twelve separate vendor reports followed within 48 hours. Elastic Security Labs, Google GTIG, Microsoft Threat Intelligence, Wiz, Snyk, StepSecurity, Tenable, and others each documented the campaign from a different vantage point: initial discovery, dropper mechanics, RAT architecture, attribution, remediation. Valuable, individually. But absorbing all twelve…
