Threat intelligence research, applied cryptography, and security engineering.https://threatfight.com/https://threatfight.com/blog/collective-threat-intelligence-without-revealing-your-watchlist/https://threatfight.com/blog/collective-threat-intelligence-without-revealing-your-watchlist/ISACs are slow. Bilateral sharing doesn't scale. MalCloud's Threat Pool lets organizations contribute anonymized sightings via ZK commitments and see aggregate signals — without exposing what they're tracking.Thu, 16 Apr 2026 00:00:00 GMThttps://threatfight.com/blog/push-enriched-threat-intel-to-your-siem-in-seconds/https://threatfight.com/blog/push-enriched-threat-intel-to-your-siem-in-seconds/MalCloud's SIEM Connector Framework enriches IOCs and pushes them to Elastic, Splunk, Sentinel, Chronicle, or any Syslog/CEF target in real-time. No manual import. No CSV uploads. Under 2 seconds from enrichment to SIEM.Thu, 16 Apr 2026 00:00:00 GMThttps://threatfight.com/blog/why-your-threat-intelligence-context-doesnt-export/https://threatfight.com/blog/why-your-threat-intelligence-context-doesnt-export/STIX bundles carry nodes and edges. They don't carry the analyst reasoning, confidence history, or provenance chains that make your graph valuable.Thu, 16 Apr 2026 00:00:00 GMThttps://threatfight.com/blog/zk-proof-of-observation-cryptographic-evidence/https://threatfight.com/blog/zk-proof-of-observation-cryptographic-evidence/MalCloud generates auditable zk-SNARK proofs that an organization observed a threat indicator before it was shared — without revealing the indicator.Thu, 16 Apr 2026 00:00:00 GMThttps://threatfight.com/blog/why-self-hosted-threat-intelligence-matters/https://threatfight.com/blog/why-self-hosted-threat-intelligence-matters/Cloud-hosted TIPs create a paradox: you hand your most sensitive threat data to a third party to protect you from third-party risk. Here's the case for keeping intelligence on your infrastructure.Sun, 29 Mar 2026 00:00:00 GMThttps://threatfight.com/blog/what-is-zk-stix/https://threatfight.com/blog/what-is-zk-stix/Sharing threat indicators means revealing what you're investigating. ZK-STIX uses zero-knowledge proofs to let organizations collaborate on threat intelligence without exposing their watchlists, investigation targets, or defensive posture.Sat, 28 Mar 2026 00:00:00 GMThttps://threatfight.com/blog/malcloud-vs-opencti-vs-misp/https://threatfight.com/blog/malcloud-vs-opencti-vs-misp/A technical comparison of three self-hostable threat intelligence platforms — MalCloud, OpenCTI, and MISP — covering architecture, deployment, STIX support, unique capabilities, and where each one is strongest.Wed, 25 Mar 2026 00:00:00 GMThttps://threatfight.com/blog/detection-as-code-sigma-rules-from-threat-intel/https://threatfight.com/blog/detection-as-code-sigma-rules-from-threat-intel/SOC teams track hundreds of threat actors but maintain a fraction of the detection rules they need. Detection-as-code closes this gap by auto-generating Sigma rules from threat intelligence, mapped through ATT&CK, and compiled to SIEM-native queries.Sun, 22 Mar 2026 00:00:00 GMT