News for today:
- [Arctic Wolf] Decipio for early detection of credential theft attempts. Arctic Wolf released Decipio, an AI tool for detecting credential theft attempts inside a network, in an effort to stop credential theft attempts much earlier in the process. Unlike traditional detection approaches that focus on post‑compromise behavior, Decipio establishes a simple, early‑warning tripwire that is designed to reveal attackers when they attempt to steal credentials using common Windows network techniques such as LLMNR and NBT‑NS abuse. The signal is binary, requires minimal tuning, and is designed to deliver clear, high‑confidence evidence for rapid investigation. Decipio will be introduced publicly during the SANS AI Summit, where Arctic Wolf will present alongside leading security researchers and practitioners. Decipio is being released as a limited, gated community beta with access reviewed and granted to verified defenders. Arctic Wolf
- [GreyNoise] Cyber threat activity precedes vulnerability disclosure. New research from GreyNoise finds that in the weeks leading up to a vendor disclosing a new CVE, threat activity increases. Such data signals can serve as an advanced warning of an upcoming vulnerability. GreyNoise analyzed internet traffic via the GreyNoise Global Observation Grid (GOG) over 103 days and across 147.8 million sessions. Measuring daily activity on 276 GreyNoise tags associated with 18 of the most common edge device and network infrastructure vendors, it flagged days when activity spiked far above its normal level. GreyNoise found that over half of identified activity surges were followed by a vendor-matched CVE disclosure within three weeks. The median lead time was 11 days. GreyNoise