The Reveal Platform
Featured SOC Security Analytics
We’re thrilled to announce that Gurucul has been recognized as a Leader in the 2025 Gartner Magic Quadrant for Security Information and Event Management (SIEM). After three consecutive…
March 11, 2026
Mapping Hacktivist Cyber Operations in the Iran–Israel–US Geopolitical Conflict
Threat Intelligence
Executive Summary The escalation of geopolitical tensions involving Iran, Israel, and the United States has been accompanied by a surge in hacktivist cyber operations targeting government institutions, financial platforms, infrastructure organizations, and private companies across multiple regions.
Read More
March 6, 2026
Cyber Fallout from the Iran–Israel–US Conflict: Monitoring Emerging Nation-State Cyber Threat Activity
Threat Research
Introduction Modern geopolitical conflicts increasingly extend beyond traditional battlefields into the cyber domain. Nation-state actors now routinely leverage cyber operations to conduct espionage, disrupt infrastructure, and retaliate against adversaries. The current geopolitical tensions involving Iran…
Read More
March 3, 2026
Envirogen Technologies Allegedly Targeted by Anubis Ransomware
Threat Intelligence
Executive Summary : Envirogen Technologies, Inc. has reportedly become the latest victim of a large-scale ransomware attack. The ransomware group Anubis has claimed responsibility, alleging the exfiltration of approximately 3.6 terabytes of data comprising over three million…
Read More
February 27, 2026
Data Leak – Substack Confirms Security Incident
Threat Intelligence
Executive Summary Substack, a subscription-based publishing platform, suffered a data breach that occurred in October 2025 and was discovered on February 3, 2026, during which an unauthorized party accessed and later leaked user account data affecting overall 697,298 users;…
Read More
February 26, 2026
Fit-Line Global Data Leak
Threat Intelligence
Executive Summary On January 9, 2026, the ransomware group INC Ransom publicly claimed responsibility for a cyberattack against Fit-Line Global, a manufacturing-sector organization. The group alleges exfiltration of sensitive corporate and employee data, including personal…
Read More
February 25, 2026
Beyond the Schema: How Gurucul Powers OCSF
Introduction Security teams today face a constant balancing act. They must rapidly onboard new telemetry sources while also ensuring consistency for correlation, investigation, and reporting. Flexibility and standardization often collide, creating friction across tools and teams.
Read More
February 24, 2026
Reynolds Ransomware: BYOVD Abuse of NSecKrnl.sys (CVE-2025-68947) for Kernel-Level Defense Evasion
Threat Research
Introduction: Reynolds Ransomware employs a Bring Your Own Vulnerable Driver (BYOVD) strategy to disable endpoint defenses before initiating encryption. The malware embeds a legitimately signed but vulnerable kernel driver, NSecKrnl.sys, and exploits CVE-2025-68947 to obtain kernel-level privileges. By achieving kernel-mode…
Read More
February 17, 2026
DAF Senegal Data Leak
Threat Intelligence
Executive Summary In February 2026, the ransomware group Green Bloods publicly claimed responsibility for a cyber intrusion targeting the Directorate of File Automation (DAF), Senegal. The group alleges exfiltration of national identity records,…
Read More
February 11, 2026
XWorm v7 RAT: Technical Analysis of Infection Chain, C2 Protocol, and Plugin Architecture
Threat Research
Introduction XWorm is a feature-rich Remote Access Trojan (RAT) that has been actively used by cybercriminals since at least 2022. Widely distributed through underground forums and malware-as-a-service ecosystems, XWorm remains popular due to its ease of…
Read More
February 10, 2026
AI SOC Analyst Blog Series: Unboxing the AI SOC Analyst
SOC
Introduction For decades, the Security Operations Center (SOC) has been like a pressure cooker. Analysts are responsible for protecting the entire organization, yet they are often overwhelmed by a relentless stream of alerts from a dozen disconnected…
Read More
February 9, 2026
Tulsa International Airport Data Breach Claim: Alleged Ransomware Attack by Qilin
Threat Intelligence
Executive Summary The ransomware group Qilin has claimed responsibility for an alleged cyberattack against Tulsa International Airport (TUL). The group listed the airport on its dark web leak site and published a limited…
Read More
February 3, 2026
Gurucul Native Out-of-the-box Enrichment: Adding Context That Results in Better Security
Threat Intelligence
Summary Modern security teams are overwhelmed not by a lack of data, but by a lack of context. Raw logs and alerts, when viewed in isolation, rarely tell the full story of an attack. Security analysts need enriched data…
Read More
