.

Business email compromise is a targeted cyberattack where criminals impersonate someone you trust—like your CEO, a vendor, or a business partner—to trick you into sending money or revealing confidential information.

A backdoor attack creates a hidden method for bypassing standard authentication or security controls in a computer system, application, or network. Think of it as a secret entrance that allows attackers to return to a compromised system whenever they want, without going through the front door.

Snort rules are the detection logic that powers Snort, an open-source intrusion detection and prevention system.

Open-source intelligence (OSINT) is a framework that involves gathering, analyzing, and interpreting publicly available data to gain insights into cyber threats, adversarial activities, and attack techniques. OSINT identifies innocuous-seeming information that, if analyzed with an attacker’s mindset, could reveal critical loopholes in an enterprise’s security posture.

Cyber espionage is the unauthorized access to computer systems and networks to steal classified information, trade secrets, or sensitive data for economic, political, or military advantage.

An advanced persistent threat is a sophisticated cyberattack where skilled hackers break into your network and stay hidden for months or even years

Indicators of attack (IOAs) are real-time behavioral signals that reveal active malicious activity in your cloud environment. Unlike static signatures, IOAs detect attacker techniques as they happen.

Indicators of compromise are forensic artifacts that prove a security breach has already happened. Think of IOCs as digital fingerprints left behind at a crime scene—they're specific pieces of evidence that confirm an attacker was in your system.

Enrichment in threat intelligence is the process of adding context, metadata, and relationships to raw security data to make it actionable.

Vulnerability threat intelligence is the practice of combining vulnerability assessment data with real-world threat information to understand which security weaknesses actually matter.

Digital risk protection (DRP) is a cybersecurity discipline that monitors and mitigates threats to your digital assets across public, deep, and dark web channels.

While the deep web is mostly used for legitimate, private activities, the dark web hosts both illegal marketplaces and serves as a haven for privacy-seekers and activists in repressive regimes.

The threat intelligence lifecycle is a continuous, six-phase process that transforms raw data about potential cyber threats into refined, actionable intelligence

Tal Moriah

October 16, 2025

Get the top 10 threat intelligence tools for 2026—key features and limitations. This master list covers the best TI feeds and tools for your environment.

Tal Moriah

October 11, 2025

A threat intel feed, or threat intelligence feed, provides a continuous incoming flow of data related to cyber threats and risks.

.

.

A brute force attack is a cybersecurity threat where a hacker attempts to access a system by systematically testing different passwords until a correct set of credentials is identified.

Threat intelligence, also called cyber threat intelligence (CTI), is the practice of gathering and analyzing trends about potential or ongoing cyber threats.