Blog
Beyond Decay Curves: Rethinking IOC Scoring
Most security teams assume IOC scoring is a solved problem. Indicators arrive from threat feeds, confidence values are assigned, decay functions reduce scores over time, and detections are prioritized accordingly. On paper, the process appears objective and systematic. In practice, adversaries exploit exactly these assumptions. Infrastructure is designed to evade validation, stale indicators are continuously…
What does it actually cost to run CTI with an AI agent?
Modern deep research models can do real threat intelligence work. Before scaling that approach across a team, here is an honest accounting of the costs that don’t show up on the invoice. It is a fair question to ask in 2026. The frontier models are good. Deep research agents will autonomously plan a search, read…
MacSync Stealer: C2 Infrastructure Rotation
On 5 May 2026, an RST Cloud customer’s Jamf Protect blocked a download from jacksonvillemma[.]com. Four days earlier, the operator’s prior MacSync C2 had been publicly disclosed. Twenty-four hours after that disclosure, the new C2’s TLS certificate had been issued. Three days later, the new C2 was attempting to deliver its loader to a managed…
