AI-powered · Daily Cyber Intelligence

THREAT
METRICS

Real-time cyber situation awareness. OSINT + AI-generated intelligence briefings for security leaders, published every morning before 7 AM.

Read Today's Brief What is ThreatMetrics?
Scroll
DEFCON 1
Threat Level · May 16
41
Active Campaigns
597
GPS Jamming Hexagons
275M
Records Breached
Daily
Brief Cadence
About the Platform

Cyber intelligence,
delivered every morning.

ThreatMetrics aggregates OSINT from across the threat landscape — ransomware trackers, CISA advisories, dark web monitors, geopolitical signals — and produces a structured, analyst-grade daily brief using AI synthesis.

01 / Collect
🕸
OSINT Ingestion
Automated collection from TechCrunch, SecurityWeek, BleepingComputer, TheHackerNews, CISA advisories, ransomware.live, DarkWebSonar, and geopolitical feeds — gathered nightly.
02 / Analyze
🤖
AI Synthesis
Large language model analysis cross-references actors, CVEs, geopolitical indicators, and maritime chokepoint stress to generate structured threat intelligence with confidence signals.
03 / Enrich
🌍
Geo + Market Signals
WorldMonitor integration adds country instability indices, GPS jamming maps, energy market correlation, and maritime chokepoint stress — visualized as an animated live attack map.
04 / Publish
📡
Daily Brief
Published before 7:06 AM. TLP:WHITE. Structured across 15 sections: KPI strip, threat actor table, CVE tracker, campaign analysis, geopolitical context, AI forecasts, and more.
Sources CISA ransomware.live SecurityWeek BleepingComputer TheHackerNews DarkWebSonar WorldMonitor TechCrunch
Automated Pipeline

From raw signal
to intelligence brief.

A three-stage scheduled pipeline runs every morning, completing before 7:06 AM.

6:09 AM
WorldMonitor Scan
Geopolitical + maritime + instability index data fetched and stored in Google Drive baseline.
6:26 AM
OSINT Aggregation
Threat actor activity, CVEs, ransomware incidents, dark web signals — all collected and normalized.
7:06 AM
Brief Generation
AI synthesizes collected data against 15-section brief template — rendered, published, and deployed to Vercel.
Daily
Live on Web
threatmetrics.app updated. Full-page ATIS brief with animated threat map, interactive regional zoom, and complete actor/CVE breakdown.
Intelligence Brief

Latest Situation Report

May 16, 2026 — ATIS Situation Cyber Awareness. DEFCON 1 declared following Barakah nuclear plant strike.

🔴 DEFCON 1 May 16, 2026 · 07:06 UTC
ATIS Situation Cyber Awareness — May 16, 2026
41
Active Campaigns
597
GPS Jam Hexagons
80%
Hormuz Stress
275M
Records Breached
11
Tracked Actors
Critical · Nuclear / Geopolitical
Barakah Nuclear Plant Strike — UAE
Precision missile strike on UAE nuclear facility. Radiation containment unconfirmed. Regional escalation crossing declared thresholds. DEFCON 1 status active.
Critical · Data Breach
Canvas 275M Record Breach
ShinyHunters/SLH exfiltrated 275M records from Canvas LMS. Salesforce + education extortion wave. Cushman & Wakefield 50GB dump also confirmed.
High · GPS / Maritime
GPS Jamming — 597 Hexagons Active
Strait of Hormuz stress index at 80/100. GPS jamming spreading across 597 hexagons. Iran maritime disruption posture elevated to maximum.
High · Espionage
Salt Typhoon — S. America Expansion
China-nexus Salt Typhoon deploying new implants (TernDoor, PeerTime, BruteEntry) into South American ISPs. US telecom ops active per FBI Feb 2026 confirmation.
Medium · Ransomware
Akira Claims Zojirushi — 38GB
Akira ransomware group claims Zojirushi Japan with 38GB exfiltration. Foxconn 11M file breach also confirmed. Japanese manufacturing under sustained pressure.
Medium · DDoS
NoName057(16) — 894 Incidents / 90d
Sustained NATO/Europe DDoS campaign continues post-Operation Eastwood arrests. No throughput loss. Ukraine, France, Italy government + banking + transport sectors targeted.
TLP:WHITE — Public · Classification: Unclassified OSINT Read Full Brief