Archive for April 17, 2026

OVHcloud accelerates the quantum industry with Quandela’s Belenos

Posted in Commentary with tags on April 17, 2026 by itnerd

At the Quantum Defence Summit, OVHcloud and Quandela announce the availability of the Belenos computer on OVHcloud’s Quantum platform.

Unveiled last autumn, the OVHcloud Quantum Platform makes quantum computing, a breakthrough technology, more accessible through a Quantum-as-a-Service (QaaS) consumption model. With the addition of Belenos, OVHcloud continues to deploy its ambitious roadmap of quantum computers accessible through the cloud.

Quandela Belenos leverages photonic quantum technology to offer a compute power of 12 qubits. It helps organisations to experiment with new algorithms in innovative domains such as image sorting and generation, accelerated AI calculus, or quantum machine learning (QML). New use cases in the fields of electromagnetic simulation, structural mechanics, engine combustion, material simulation, meteorology, and earth observation also benefit from the advances in quantum computing.

Supporting the European and Canadian quantum ecosystem since 2022, the Group offers the widest range of quantum emulators leveraging its infrastructures with over a thousand users. With 15 affordable quantum emulators (including Perceval and MerLin) starting at $0.05 CAD per hour, the Group helps users to grow their familiarity with different quantum computing models.

The OVHcloud Quantum Platform gives access to full-fledged quantum computers, to support the acceleration and growing adoption of quantum computing within private organisations. The Belenos QPU is offered in a “as-a-service” mode and benefits from a pay-as-you-go billing with billing per second without commitment.

Learn more about OVHcloud Quantum Platform here.

Leave a comment »

Iran War Cyber Threat Outlook: Conflict Phases and What Comes Next 

Posted in Commentary with tags on April 17, 2026 by itnerd

Since the Iran War began on February 28th, the SOCRadar threat team has tracked 1,357 incidents prominent in the first month that spanned 25+ countries, 15+ sectors, and 40+ distinct attack groups.

In a threat outlook published this morning, SOCRadar’s up-to-date assessment of the conflict reveals a significant pattern: the cyber dimension of this conflict has moved through distinct, recognizable phases, each with a different threat profile for organizations operating in targeted regions and sectors.

According to the analysis, the phases of the Iran war have so far included: 

  1. Kinetic Shock & Cyber Reflection (Feb 28-Mar 6)
  2. Coalition Building & Geographic Expansion (Mar 7-16)
  3. Persistent Operations & Recon (Mar 16-31)
  4. Entrenchment & Escalation (Ongoing)

The analysis also covers a statistical breakdown of the most common attack types (DDoS by far the most prevalent), top targeted countries (Israel), and the top targeted sectors. 

For a full breakdown on how the cyber aspect of this war has unfolded since its onset, including an in-depth analysis of each phase, you can find the analysis here: https://socradar.io/blog/iran-war-cyber-threat-outlook-conflict-phases/

Leave a comment »

Here Is A Extortion Phishing Email Of A Different Sort

Posted in Commentary with tags on April 17, 2026 by itnerd

For years, I’ve been covering extortion phishing emails where they have a rather predictable pattern.

  • Some “hacker” claims to have bypassed your security
  • They have caught you watching “adult content”
  • They have proof that they will send to your friends and family unless you pay them in Bitcoin

Today I am going to detail something a bit different. My honeypot captured this email early this morning:

Now this kind of fits the pattern of other extortion emails that I have reported on. But what makes this different is the use of Grafana in the email. This is a company that does visualization and analysis of metrics, logs, traces, profiles, and beyond. Which means that if you are using their products, you can spot problems easier because those problems can be surface easier.

This is the first time that I have seen something like this. Which means other threat actors might try the same thing What I am thinking is that the threat actors are using Grafana’s name to try and give themselves some legitimacy. I guess I kind of stuffed that by going public with this. And I am going to stuff it some more by alerting the company to the fact that their name is being used like this.

Other than that, this your typical extortion email. There’s nothing new or different here. If it were not for the fact that the threat actors used the name of Grafana, it would almost not be worth reporting on. But it illustrates how far threat actors will go to steal your money.

My advice when it comes to these emails goes something like this:

  • You’ll note that you’re never named by your actual name in emails like this, that should be a big hint that this is a scam.
  • Never reply to the email as it will either result in telling the threat actor that your email is live, or the email might bounce.
  • f you see this or any email like it hit your inbox, delete and go on with your life.
  • If you are the least bit paranoid about a threat actor getting into your computer, have a computer professional check your computer over. They likely won’t find anything, but at least you will be able to sleep better at night.

Happy Friday!

Leave a comment »

Team Cymru Redefines the Threat Feed Category with Total Insights Feed

Posted in Commentary on April 17, 2026 by itnerd

Team Cymru today announced Total Insights Feeds (TIF), a unified threat intelligence framework that redefines what a threat feed is, what it covers, and what security teams can do with it. This is not an incremental update to Team Cymru’s existing feed portfolio. It is a structural departure from the category those feeds helped define.

For more than two decades, threat intelligence feeds have operated on a shared assumption: compile lists of known-bad infrastructure, distribute them, and enable defenders to act. That model no longer reflects reality. Adversaries now rotate infrastructure at machine speed, operate across tens of millions of IPs, and weaponize domains at a scale legacy reputation feeds were never designed to track. The indicator list alone is no longer sufficient, creating an urgent need for a fundamentally new approach.

Total Insights Feed is that new model. The platform evaluates more than 57 million IPs and CIDRs daily with weighted 0–100 risk scoring, analyzes over 400 million domains including phishing, DGA infrastructure, and malicious hosting, and enriches each indicator with more than 2,000 contextual attributes spanning malware families, C2 frameworks, botnet membership, attribution, and kill-chain stage. This intelligence is delivered in a structured format that enables security operations centers to act automatically, eliminating reliance on manual triage.

The need for this shift is driven by a fundamental breakdown in both coverage and context. Modern adversaries build and abandon infrastructure within hours, while command-and-control networks span millions of IPs and phishing campaigns operate across hundreds of millions of domains. Even highly accurate feeds that track hundreds of thousands of indicators leave most of the active threat surface unaddressed. At the same time, binary malicious classifications fail to provide the context needed to determine response. At today’s scale and velocity, human-driven analysis cannot keep pace, creating a widening gap between detection and action.Total Insights Feed is designed to close both gaps simultaneously.

The following core capabilities are powered by Team Cymru’s global network visibility across more than 700 ISPs and operators:

  • Surface Coverage: 57M+ IPs and CIDRs evaluated and risk-scored daily, covering the full routable internet, not a curated sample
  • Machine-Actionable Scoring: Weighted 0–100 risk scores with decay modeling, enabling automated block policies at configurable thresholds without analyst review
  • Domain Intelligence: 400M+ domains assessed daily, with 3.5M+ tagged malicious, including phishing infrastructure, algorithmically generated domains, and malicious hosting
  • Deep Contextual Tagging: 2,000+ contextual tags per indicator spanning malware families, botnets, C2 frameworks, scanners, anonymization infrastructure, and hosting classification
  • Live Analysis and Actor Attribution: Named actor and campaign associations where available, MITRE ATT&CK mapping, kill-chain stage, first and last observation, and external intelligence references
  • Unified Integration Architecture: A single JSON schema compatible with SIEM, SOAR, XDR, and TIP platforms, one integration, operational on day one, no custom parsing required

Total Insights Feed is built on three interconnected intelligence layers that converge into a single data stream, enabling a level of telemetry and coverage not accessible through traditional collection methods. Organizations migrating from legacy feeds gain broader coverage, richer context, and real-time analysis while maintaining the high-fidelity data their operations depend on. Total Insights Feed is offered in tiered configurations, including a risk-scoring tier for IP and domain reputation, a tags and analysis tier for deep contextual intelligence, and a complete tier that unifies all capabilities into a single stream, replacing fragmented feed architectures with a single, machine-ready data source.

Availability

Total Insights Feed is available immediately. Existing customers of Team Cymru’s Controller Feed, Reputation Feed, and BARS architectures are fully supported within Total Insights Feed, with current intelligence preserved and expanded and can contact their Team Cymru account representative to discuss migration. New customers and media inquiries should contact sales@cymru.com or visit team-cymru.com.

Leave a comment »