Short, jargon-free explanations of the terms that come up every day in CTI. Bookmark it, share it with the new hire, cite it in the next vendor briefing.
What CTI actually is, who consumes it, and why your security team needs it before the next CVE drops.
How thirty articles about the same incident become one cluster, and why that matters for an analyst's morning.
Indicators of Compromise — IPs, hashes, domains, URLs. The breadcrumbs that prove an attack happened.
The two formats most CTI teams use to share indicators between platforms, vendors, and partners.
Encryption-for-extortion, modern leak sites, double extortion, and why every CTI team tracks it daily.
Advanced Persistent Threat. State-sponsored actors with the patience and budget to stay inside for months.
A vulnerability that's exploited before the vendor knows it exists. Why "zero" days — the patch isn't out yet.
The part of the internet that needs Tor or similar to reach. Where ransomware leak sites and credential markets live.
Every concept on this page shows up live in the platform. Sign up to see them in action: real clusters, real entities, real indicators.