Where does the data come from?

The Recorded Future Cyber Daily email newsletter provides information on trending indicators and emerging threats detected over the preceding 24 hours. Recorded Future collects data from over 1 million web sources in over 14 languages, adds the new and updated data to the Recorded Future Intelligence Graph, and applies machine analysis to generate this email newsletter automatically.

What are the differences between Cyber Daily and Cyber Daily Premium?

Cyber Daily Premium is for clients only, while Cyber Daily is free for the benefit of the information security community. Cyber Daily Premium includes more data per category, risk scores on vulnerabilities and suspicious IPs, and additional categories not included in the free version — Corporate Targets, Emerging Malware, Cyber Operations, and others.

How can I get more info?

Recorded Future clients receiving HTML emails can click on any entity — company name, threat actor, operation name, malware, vulnerability, or IP address — listed in a title to open its Recorded Future Intelligence Card with options to pivot for further research.

Clarifications of terms and sections:

The "Hits" Label

The “Hits” count refers to the number of recent events or documents mentioning that specific entity in Recorded Future’s dataset – usually in the most recent 24-hour or 48-hour time windows, depending on the entity type.

The "Related" Label

Many sections include tags for "Related" entities. These are different types of entities that appear prominently alongside the titled entity in the most recent reporting of it — whether from Recorded Future's curated taxonomies or detected based on language patterns. These values can add additional context or suggest further research, particularly in surfacing new or less discussed correlations.

“Latest Threat Research from Recorded Future’s Insikt Group” Section

Insikt Group® is Recorded Future’s in-house threat intelligence research team, which consists of analysts, linguists, and security researchers with deep government and industry experience. This section includes recent Insikt Group® blog posts, analyst notes with TTP leads and indicators, and other current human-finished intelligence.

“The Latest from The Record by Recorded Future” Section

This section highlights recent news articles from our in-house cybersecurity news publication. The Record by Recorded Future gives you breaking cyber news and exclusive, behind-the-scenes access to leaders, policymakers, researchers, and people in the shadows of the cyber underground.

"Targets" Section

Companies and organizations that have been recently mentioned as targets or victims of cyber attacks are listed in this section.

"Threat Actors" Section

Entities with a "threat actor" attribute — i.e., organizations and people — that generated significant event reporting over the past 24 to 48 hours are highlighted in this section.

"Cyber Operations" Section

Typically of a hacktivist nature, "Cyber Operations" brings attention to the more publicly grouped threat actor activity reported across the media sources we monitor.

"Malware in Cyber Attacks" Section

Recently reported malware employed in recent cyber attacks are listed in this section to give visibility into the specific types of malware threat actors are currently using.

"Emerging Malware" Section

This section helps surface new malware and recently adapted malware that might not yet be actively used in cyber attacks. The high rate of mentions may expose new malware before weaponization and deployment.

“Vulnerabilities” Section

Recently reported cyber vulnerabilities are listed here. Cyber Daily Premium includes Recorded Future's risk score to help prioritize mitigation.

"Exploited Vulnerabilities" Section

Vulnerabilities identified and reported within the past 24 hours with language indicating malcode activity, reverse engineering, proof of concept, exploited in the wild, or weaponized terminology. These actively exploited vulnerabilities usually differ from the top "Vulnerabilities" section.

“Suspicious IP Addresses” Section

Recently reported Internet Protocol (IP) addresses mentioned with language indicating malicious activity or IPs that co-occurred with a malware entity are highlighted in this section.

For more information about Recorded Future's risk scoring, clients can view the current trigger rule sets, for each entity type, in detail in our Support Center.