Security Research for the Community

Recently Added

Research
Threat Intelligence Report: Nation-State Targeting of Water Systems 2024–2026

DTI reveals how Russia, China, and Iran are exploiting weak OT security and internet-facing PLCs to target critical water and wastewater infrastructure. From Volt Typhoon's strategic pre-positioning to Sandworm-adjacent sabotage, discover the primary TTPs, vulnerabilities, and MITRE ATT&CK mappings reshaping modern hybrid warfare.

2026-06-25
2026-06-16
2026-05-19
SecuritySnacks
Cybersecurity Reading List - Week of 2026-06-01

Commentary followed by links to cybersecurity articles and resources that caught our interest internally.

2026-06-01
SecuritySnacks
SecuritySnack - Hijacking Corporate Sessions

A sophisticated AiTM phishing kit bypassing traditional MFA to steal Microsoft 365 session cookies. Get the full breakdown and IOCs.

2026-06-01
Newsletters
Eighteen Newsletters and a Dozen Roses
June’s roundup of research - from cyberattacks on water infrastructure OT and ICS to DNS hijacking and an AiTM campaign targeting Microsoft365 users.
Learn More
2026-07-09
Newsletters
Edge of Seventeen (Newsletters)
Learn More
2026-06-04
Podcast episodes
How Russian Disinformation Campaigns Exploit Domain Registrars and AI
The Breaking Badness Cybersecurity Podcast discusses research from the DomainTools Investigations team on Russian Disinformation
Learn More
2025-04-16
Podcast episodes
Book Club with Dmitri Alperovitch
Discussing Dmitri's new book, World on the Brink: How America Can Beat China in the Race for the 21st Century.
Learn More
2024-05-01

Research

View All
Research
Threat Intelligence Report: Nation-State Targeting of Water Systems 2024–2026

DTI reveals how Russia, China, and Iran are exploiting weak OT security and internet-facing PLCs to target critical water and wastewater infrastructure. From Volt Typhoon's strategic pre-positioning to Sandworm-adjacent sabotage, discover the primary TTPs, vulnerabilities, and MITRE ATT&CK mappings reshaping modern hybrid warfare.

Learn More

SecuritySnacks

View All
SecuritySnacks
SecuritySnack - Hijacking Corporate Sessions

A sophisticated AiTM phishing kit bypassing traditional MFA to steal Microsoft 365 session cookies. Get the full breakdown and IOCs.

Learn More
SecuritySnacks
Cybersecurity Reading List - Week of 2026-05-04

Systems thinking, biolistics, and the danger of mop-up science in infosec — plus this month's reading on ransomware, RPKI exploits, cPanel, and LLM pollution.

Learn More

Newsletters

View All
Newsletters
Eighteen Newsletters and a Dozen Roses
June’s roundup of research - from cyberattacks on water infrastructure OT and ICS to DNS hijacking and an AiTM campaign targeting Microsoft365 users.
Learn More
Newsletters
Sixteen going on Seventeen Newsletters
DPRK's modular malware portfolio, Iran's MOIS-linked Handala/Homeland Justice/Karma persona ecosystem, and a fake Authenticator Chrome extension dissected.
Learn More