Published: March 2026 | Last reviewed: March 22, 2026
// threat_intelligence
Real-Time Threat Intelligence That Keeps You Ahead
Threadlinqs tracks 249+ active threats across ransomware, APTs, zero-days, supply chain attacks, and emerging malware families. Every threat ships with enriched IOCs, CVE/CWE mapping, actor attribution, timeline reconstruction, and detection rules.
Daily
Intelligence Debriefs
What You Get Per Threat
Every threat on Threadlinqs is a structured intelligence package, not a blog post. Each entry is enriched with machine-readable data that feeds directly into your security stack.
Threat Overview
Executive summary, severity rating, category classification, and risk assessment updated as new information emerges.
Timeline Reconstruction
Chronological event timeline with dated references, from initial discovery through active campaigns to takedowns.
IOC Feeds
Network indicators (IPs, domains, URLs), file hashes (MD5, SHA-256), and behavioral indicators organized by category.
CVE/CWE Enrichment
Linked CVE vulnerabilities with CVSS scores, EPSS exploitation probability, KEV status, and CWE weakness classification.
Actor Attribution
Linked threat actors with aliases, nation-state associations, tooling arsenal, and cross-threat correlation. See
Actor Attribution.
Daily Intelligence Debriefs
Every day at midnight EST, Threadlinqs generates a debrief summarizing all new and updated threats from the past 24 hours. Debriefs include aggregate MITRE technique coverage, IOC breakdowns, actor activity, and severity distribution so you can start your morning with a clear picture of what changed overnight.
- New threat summaries with severity ratings and category tags
- Updated threat tracking flagged with [UPDATED] badges showing what changed
- MITRE heatmap showing technique coverage shifts across the debrief window
- IOC distribution with network, file, and behavioral breakdowns
- Email subscription option for automatic delivery to your inbox
Debriefs are available on the free tier. A 365-day heatmap calendar in the UI lets you scroll back through months of intelligence history and click any date to expand its debrief.
Severity Classification
Threats are classified by severity based on exploitation evidence, impact scope, and active campaign status.
Critical -- Active exploitation, widespread impact
High -- Known exploitation, targeted campaigns
Medium -- Proof of concept, limited deployment
Low -- Theoretical risk, early discovery
Intelligence Pipeline
From source collection to your SIEM, the Threadlinqs pipeline processes threat data through multiple enrichment stages before it reaches your dashboard.
01
Collection
OSINT, vendor feeds, honeypots
->
02
Analysis
Structured extraction + tagging
->
03
Enrichment
CVE, MITRE, actor mapping
->
04
Delivery
Dashboard, API, MCP, email
Threat Categories
The platform covers the full spectrum of cyber threats, organized by operational category for efficient triage and prioritization.
- Ransomware -- LockBit, Black Basta, ALPHV, Play, Clop, Akira, and more
- APT / Nation-State -- Volt Typhoon, Midnight Blizzard, Lazarus Group, Fancy Bear
- Malware-as-a-Service -- SystemBC, Lumma Stealer, Amadey, SmokeLoader
- Supply Chain -- XZ Utils, Polyfill.io, dependency hijack campaigns
- Zero-Day Exploits -- Critical CVEs with active exploitation evidence
- Infostealers -- RedLine, Raccoon, Vidar, META stealer families
- Botnets & Loaders -- Emotet, QakBot, IcedID, Bumblebee
// author
Threadlinqs Intel Team
Security Engineer at Threadlinqs Intelligence. Researching active threats, building detection rules, and mapping adversary tradecraft across SPL, KQL, and Sigma.
medium.com/@hatim.bakkali10