Uncover the Complete
Threat Story

ThreatCluster automatically connects related security information across hundreds of sources, transforming overwhelming data into clear, actionable intelligence.

View Trending Stories
Live Cluster
Score: 94/100

Critical Vulnerability in Microsoft Teams Allows Account Takeover

The Hacker News 2 hours ago

Security researchers have discovered a critical authentication bypass vulnerability in Microsoft Teams that could allow attackers to take over any account by sending a specially crafted GIF image...

Coverage Timeline
Vulnerabilities
CVE-2024-1234
Companies
Microsoft
Platforms
Microsoft Teams Office 365
Attack Type
Authentication Bypass
8 related articles from trusted sources
89% Similarity

How ThreatCluster Works

Collection

Constantly collects security news, blogs, advisories, and reports from over 100 trusted sources, monitoring the entire threat landscape in real-time.

Semantic Analysis

Identifies when different sources discuss the same threat, even when using different terminology, using advanced AI to understand context and relationships.

Clustering

Groups articles with high similarity scores into unified threat clusters, showing you the complete picture of each threat from all perspectives and sources.

Features

Inside a ThreatCluster

Primary Article

Automatically selects the most representative article as the "primary" for each cluster.

Related Articles

Additional coverage from different sources provides alternative perspectives.

Visual Timeline

Shows when different sources reported on the same threat, revealing information evolution.

Shared Entities

Each cluster displays key entities appearing across multiple articles.

AI-Powered Analysis

Cluster AI generates instant executive, technical, and remediation briefs for every threat cluster.

Critical Vulnerability in Microsoft Teams Allows Account Takeover
Critical
The Hacker News 2 hours ago

Security researchers have discovered a critical authentication bypass vulnerability in Microsoft Teams that could allow attackers to take over any account by sending a specially crafted GIF image.

Vulnerabilities
CVE-2024-1234
Companies
Microsoft
Platforms
Microsoft Teams Office 365
Attack Type
Authentication Bypass
Cluster AI Beta

A critical authentication bypass vulnerability has been discovered in Microsoft Teams that requires immediate attention. This vulnerability allows attackers to gain unauthorised access to any Teams account through specially crafted GIF images, posing a significant risk to organisational communications and data security.

APT Groups, Ransomware Groups, Malware Families, and more

AI-Powered Analysis

Cluster AI provides instant threat assessments, capabilities analysis, and defensive recommendations for each threat actor.

Historical Context

Track threat actors over time with comprehensive profiles including origin, active periods, and evolution of tactics.

Target Analysis

Understand who's at risk with detailed breakdowns of industries, sectors, and organisations targeted by each group.

Real-Time Intelligence

Stay updated with the latest threat actor activities through continuously updated article feeds and alerts.

APT28 (Fancy Bear)

Russia Active since 2007 High Threat
Cluster AI Beta

APT28, also known as Fancy Bear, is a sophisticated Russian state-sponsored threat actor attributed to the GRU. They conduct cyber espionage operations targeting government, military, and security organisations worldwide...

Primary Targets
Government Military Defense
Known Malware
Sofacy X-Agent Zebrocy
Latest Intelligence
2h ago APT28 Targets NATO Members with New Phishing Campaign
1d ago Fancy Bear Exploits Zero-Day in Enterprise VPN Solutions

CVE Intelligence - Vulnerability Tracking & Analysis

EPSS & CVSS Scoring

Real-time probability scores showing likelihood of exploitation alongside traditional severity ratings.

Exploitation Status

Track whether vulnerabilities are actively exploited in the wild with real-world attack data.

Affected Products

Comprehensive lists of affected software, versions, and platforms for targeted patch management.

Related Intelligence

Connect CVEs to threat actors, malware families, and active campaigns for context.

CVE-2024-1234

Critical

Microsoft Teams Authentication Bypass Vulnerability

EPSS Score
0.972
97.2% probability of exploitation
CVSS v3.1
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Description

A critical authentication bypass vulnerability in Microsoft Teams allows remote attackers to gain unauthorised access to any Teams account by sending specially crafted requests...

Affected Products
Microsoft Teams Desktop < 1.6.00.1234
Microsoft Teams Web All versions
Actively Exploited

File Hashes, Domains, IP Addresses

IOC Enrichment

Automatic enrichment of domains, IPs, and hashes with threat context and reputation data.

Relationship Mapping

Discover connections between IOCs, threat actors, and campaigns for complete visibility.

Activity Timeline

Track when IOCs were first seen, last active, and their involvement in attacks over time.

Export & Integration

Export IOC lists in multiple formats for easy integration with security tools and platforms.

malicious-domain[.]com

Domain Malicious
Threat Context

Command & Control server for Cobalt Strike beacon used in recent ransomware campaigns targeting healthcare organisations.

Associated Threats
FIN7 Cobalt Strike Healthcare Campaign
Activity Timeline
2 hours ago Active C2 communication detected
1 day ago Domain registered
3 days ago SSL certificate issued
Resolved IPs: 192.0.2.123, 198.51.100.45
Registrar: NameCheap Inc.

Platform Capabilities

Clustering

Groups related security content from hundreds of sources into unified threat clusters, reducing information overload by 75%.

Entity Extraction

Identifies 13+ entity types including CVEs, threat actors, and affected platforms, creating comprehensive relationship maps.

AI Analysis

Generates instant executive, technical, and remediation briefs for every threat, tailored to different stakeholder needs.

Cluster AI Intelligence BETA

Advanced AI-powered threat analysis and contextual intelligence for every security team

AI-Generated Daily Threat Intelligence Brief

Published Daily at 8 AM UTC

Start your day with comprehensive threat intelligence automatically generated from the last 24 hours of global security news.

Threat Landscape Overview

Executive summary of critical threats, emerging patterns, and attack trends affecting organisations worldwide.

Technical Deep Dive

Detailed analysis of attack methods, vulnerabilities exploited, and indicators of compromise from recent incidents.

Actionable Recommendations

Prioritised defensive measures and remediation steps tailored to protect against current threats.

May 21, 2025 - Cluster AI Daily Threat Brief

Critical Severity Published 8:00 AM UTC
Executive Summary

The cybersecurity landscape today is marked by an alarming surge in ransomware attacks targeting critical infrastructure. The emergence of BlackCat 3.0 ransomware with enhanced evasion capabilities poses significant risks to healthcare and financial sectors. Additionally, a critical zero-day vulnerability in Citrix NetScaler (CVE-2024-5789) is being actively exploited in the wild, affecting over 15,000 exposed instances globally.

23 New Threats
7 Critical CVEs
4 Active Campaigns
Technical Analysis

The BlackCat 3.0 variant implements advanced anti-analysis techniques including:

  • Dynamic API resolution to evade static analysis
  • Encrypted configuration with environment-keyed decryption
  • Novel persistence mechanism using WMI event subscriptions
  • Exploitation of CVE-2024-5789 for initial access
Read Full Brief

AI-Powered Threat Cluster Analysis

Intelligent Clustering

Our AI groups related security articles from 100+ sources into unified threat clusters, reducing noise by 75%.

Multi-Perspective Briefs

Each cluster includes three AI-generated briefs tailoured for executives, security teams, and technical staff.

Entity Relationships

Automatically identifies connections between threats, vulnerabilities, and threat actors across articles.

Real-Time Analysis

AI analysis is generated instantly as new threats emerge, ensuring you have the latest intelligence.

Critical Kubernetes Vulnerability Exploited in the Wild

8 Articles
Cluster AI Analysis BETA

Critical Risk Alert: A severe vulnerability in Kubernetes (CVE-2024-7896) is being actively exploited to compromise cloud infrastructure. This vulnerability affects all Kubernetes versions prior to 1.28.4 and allows unauthenticated remote code execution.

Business Impact: Organisations using affected Kubernetes versions face immediate risk of data breaches, service disruption, and potential ransomware deployment. Financial services and healthcare sectors are primary targets.

Immediate Actions Required:

  • Patch to Kubernetes 1.28.4 or later immediately
  • Review cluster access logs for indicators of exploitation
  • Implement network segmentation for Kubernetes API servers
  • Enable audit logging and monitor for suspicious API calls
CVE-2024-7896 Kubernetes APT29 RCE

APT Group Intelligence Analysis

Threat Actor Profiling

Comprehensive AI-generated profiles for APT groups, including capabilities, TTPs, and targeting patterns.

Attribution Intelligence

Analysis of group origins, motivations, and relationships with other threat actors and campaigns.

Historical Activity

Track threat actor evolution over time with AI-summarized campaign timelines and operational changes.

Threat Assessments

Risk ratings and likelihood assessments for your industry and geographic region.

Lazarus Group

🇰🇵 North Korea
High Threat
AI-Generated Intelligence
Threat Assessment

Lazarus Group remains one of the most sophisticated and persistent Advanced Persistent Threat actors. Recent intelligence indicates heightened activity targeting cryptocurrency exchanges and financial institutions globally. The group has evolved their tactics to include supply chain attacks and zero-day exploitation.

Activity Level
Sophistication
Technical Capabilities
Zero-Day Exploitation Supply Chain Attacks Cryptocurrency Theft Destructive Malware

Malware Family Intelligence

Behavioural Analysis

AI-generated analysis of malware capabilities, propagation methods, and evasion techniques.

Variant Tracking

Monitor malware evolution with AI summaries of new variants, features, and tactical changes.

Defence Strategies

Tailoured recommendations for detection, prevention, and incident response for each malware family.

Infrastructure Intel

AI-identified C2 infrastructure patterns, domain generation algorithms, and network indicators.

LockBit 3.0

Ransomware-as-a-Service
Critical
AI Analysis
Threat Overview

LockBit 3.0 represents the most advanced iteration of the LockBit ransomware family. This RaaS operation has encrypted over 1,800 organisations globally, with a focus on exploiting ProxyShell and recent Exchange vulnerabilities for initial access.

1,800+ Victims
15 min Encryption Time
$91M Total Demands
Key Capabilities
  • StealBit data exfiltration tool for double extortion
  • Anti-analysis features including VM detection
  • Automated lateral movement via GPO manipulation
  • Self-spreading capabilities in domain environments

Security Intelligence From 100+ Sources

Who Needs ThreatCluster?

Individual Security Professionals

Security analysts, consultants, and researchers who need to stay informed about the latest threats.

Security-Conscious SMBs

Small businesses with security-forward leadership who understand their risk exposure but lack dedicated security teams.

Mid-Market Security Teams

Organisations large enough to face sophisticated threats but without the resources for enterprise threat intelligence platforms.

Intelligence For Every Security Team

Accessible pricing options to democratise threat intelligence for organisations of all sizes.

Free Tier

Essential threat visibility

£ 0 /month
  • Access to all articles and clusters from 100+ quality sources
  • View trending threats with filtering options
  • Access basic entity information and relationships
  • Daily threat bulletin email
  • Save articles and clusters for reference
  • Follow specific entities for targeted monitoring
  • Access to IOC feed lists, and check file hashes, IP addresses, and domains
  • CVEs
  • Create up to 3 custom intelligence collections
Sign Up Free
Most Popular

Pro Tier

Enhanced intelligence

£ 49 /month
  • Everything in Free tier, plus:
  • Access to Cluster AI
  • Comprehensive Threat Intelligence and Business Intelligence profiles
  • Create unlimited custom intelligence collections
  • API Access
  • Custom Email Alerts
  • Slack, Teams, and Discord Notifications
  • Personalised daily threat bulletin
Start 14-Day Trial

Ready to enhance your security intelligence?

Sign up for free today, and try Pro free for 14-days.

Sign up for free