Threat intelligence and detection engineering output from DevSecOpsDadAttack automation pipelines. http://devsecopsdadattack.com/ Operational threat reporting for defenders who need signal, not noise. - Executive Signal Iranian state-sponsored activity is accelerating across two distinct APT clusters simultaneously. MuddyWater and Nimbus Manticore are both running active campaigns as of late May 2026, with no operational pause despite sustained geopolitical pressure on Iran. MuddyWater is using DLL side-loading... Tue, 26 May 2026 00:00:00 -0400 http://devsecopsdadattack.com/2026-05-26-threat-intelligence-brief-tuesday-may-26-2026/ http://devsecopsdadattack.com/2026-05-26-threat-intelligence-brief-tuesday-may-26-2026/ Machine-speed threat intelligence translated into detection engineering action. - Executive Signal This brief produced 5 detection candidates. 1 production candidate, 3 hunting-only, 1 require environment mapping, and 0 rejected. 5 detections include KQL. 5 include ATT&CK mappings. 5 include triage guidance. Deployment blockers or scheduling gates were identified for: Kerberos Relay... Tue, 26 May 2026 00:00:00 -0400 http://devsecopsdadattack.com/2026-05-26-detection-engineering-brief-tuesday-may-26-2026/ http://devsecopsdadattack.com/2026-05-26-detection-engineering-brief-tuesday-may-26-2026/