{"id":53073,"date":"2023-08-04T14:14:04","date_gmt":"2023-08-04T14:14:04","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/34870\/Threat-Actors-Abuse-Cloudflare-Tunnel-For-Persistence.html"},"modified":"2023-08-04T14:14:04","modified_gmt":"2023-08-04T14:14:04","slug":"threat-actors-abuse-cloudflare-tunnel-for-persistence","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/threat-actors-abuse-cloudflare-tunnel-for-persistence\/","title":{"rendered":"Threat Actors Abuse Cloudflare Tunnel For Persistence"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/www.securityweek.com\/wp-content\/uploads\/2023\/01\/Cybersecurity_News-SecurityWeek.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p><strong>Threat actors have been observed abusing an open source tool named Cloudflared to maintain persistent access to compromised systems and to steal information without being detected, cybersecurity firm GuidePoint Security reports.<\/strong>\n<\/p>\n<p><a href=\"https:\/\/github.com\/cloudflare\/cloudflared\" target=\"_blank\" rel=\"noreferrer noopener\">Cloudflared<\/a> is a command-line client for Cloudflare Tunnel, a tunneling daemon for proxying traffic between the Cloudflare network and the user\u2019s origin. The tool creates an outbound connection over HTTPS, with the connection\u2019s settings manageable via the Cloudflare Zero Trust dashboard.\n<\/p>\n<p>Through Cloudflared, services such as SSH, RDP, SMB, and others are directly accessible from outside, without having to modify firewall rules.\n<\/p>\n<p>For threat actors, this represents a great opportunity to maintain access to a victim\u2019s environment without exposing themselves. However, the attacker does need access to the target system to execute Cloudflared and establish the connection.\n<\/p>\n<p>\u201cSince the Cloudflared execution only requires the token associated with the tunnel they\u2019ve created, the [attacker] can initiate these commands without exposing any of their configurations on the victim machine prior to a successful tunnel connection,\u201d<a href=\"https:\/\/www.guidepointsecurity.com\/blog\/tunnel-vision-cloudflared-abused-in-the-wild\/\" target=\"_blank\" rel=\"noreferrer noopener\"> GuidePoint explains<\/a>.\n<\/p>\n<p>Once the tunnel has been established, Cloudflared keeps the configuration in the running process, which allows the attacker to make changes on the fly once the connection has been established. All the attacker needs is for RDP and SMB to be enabled on the victim machine.\n<\/p>\n<p>\u201cFrom the victim machine perspective, the configurations are pulled at the initiation of the connection, and whenever there\u2019s a change made to the Cloudflare Tunnel config. The tunnel updates as soon as the configuration change is made in the Cloudflare Dashboard,\u201d GuidePoint notes.<\/p>\n<div class=\"zox-post-ad-wrap\"><span class=\"zox-ad-label\">Advertisement. Scroll to continue reading.<\/span><\/div>\n<p>This allows attackers to enable the required functionality only when they want to perform operations on the victim machine, then disable it to prevent detection.\n<\/p>\n<p>Given that Cloudflared is a legitimate tool supported on major operating systems and that it establishes outbound connections to the Cloudflare infrastructure, most network defenses will allow the traffic.\n<\/p>\n<p>It also allows attackers to maintain access to the victim network without exposing their infrastructure, except for the token assigned to their tunnel.\n<\/p>\n<p>To successfully use Cloudflared, the attacker needs to create a tunnel to generate the required token, needs access to the victim system to run the tool, and needs \u201cto connect to the Cloudflared tunnel as a client to access the victim machine\u201d, GuidePoint explains.\n<\/p>\n<p>The cybersecurity firm also points out that attackers could use a tunnel configuration feature called Private Networks to gain access to the local network as if they were \u201cphysically collocated with the victim machine hosting the tunnel\u201d, and interact with any device on the network.\n<\/p>\n<p>The main issue with the malicious use of Cloudflared, GuidePoint says, is that the tool does not store logs and the activity can only be viewed in real-time, if an administrator has access to the process in a command prompt or terminal.\n<\/p>\n<p>If the command used to establish a tunnel has been observed, security teams could re-run it to identify existing Public Hostname configurations, but this temporarily exposes the host running the command to the attackers, who may take steps to protect themselves.\n<\/p>\n<p>However, because Cloudflared does make specific queries, network defenders may look for those to identify the unexpected or unauthorized use of this tool.\n<\/p>\n<p>\u201cOrganizations using Cloudflare services legitimately could potentially limit their services to specific data centers and generate detections for traffic like Cloudflared tunnels that route to anywhere except their specified data centers. This method might aid in the detection of unauthorized tunnels,\u201d GuidePoint notes.\n<\/p>\n<p><strong>Related:<\/strong><a href=\"https:\/\/www.securityweek.com\/this-new-era-of-security-requires-secure-networking-vendor-consolidation-and-a-focus-on-ot\/\"> This New Era of Security Requires Secure Networking, Vendor Consolidation, and Focus on OT<\/a>\n<\/p>\n<p><strong>Related:<\/strong><a href=\"https:\/\/www.securityweek.com\/attackers-abuse-kubernetes-rbac-to-deploy-persistent-backdoor\/\"> Attackers Abuse Kubernetes RBAC to Deploy Persistent Backdoor<\/a>\n<\/p>\n<p><strong>Related:<\/strong><a href=\"https:\/\/www.securityweek.com\/hackers-can-abuse-legitimate-features-hijack-industrial-controllers-expert\/\"><strong> <\/strong>Hackers Can Abuse Legitimate Features to Hijack Industrial Controllers<\/a>\n<\/p>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/34870\/Threat-Actors-Abuse-Cloudflare-Tunnel-For-Persistence.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":53074,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[4207],"class_list":["post-53073","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackerbackdoor"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Threat Actors Abuse Cloudflare Tunnel For Persistence 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/threat-actors-abuse-cloudflare-tunnel-for-persistence\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Threat Actors Abuse Cloudflare Tunnel For Persistence 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/threat-actors-abuse-cloudflare-tunnel-for-persistence\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-08-04T14:14:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.securityweek.com\/wp-content\/uploads\/2023\/01\/Cybersecurity_News-SecurityWeek.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actors-abuse-cloudflare-tunnel-for-persistence\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actors-abuse-cloudflare-tunnel-for-persistence\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Threat Actors Abuse Cloudflare Tunnel For Persistence\",\"datePublished\":\"2023-08-04T14:14:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actors-abuse-cloudflare-tunnel-for-persistence\\\/\"},\"wordCount\":624,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actors-abuse-cloudflare-tunnel-for-persistence\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/threat-actors-abuse-cloudflare-tunnel-for-persistence.jpg\",\"keywords\":[\"headline,hacker,backdoor\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actors-abuse-cloudflare-tunnel-for-persistence\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actors-abuse-cloudflare-tunnel-for-persistence\\\/\",\"name\":\"Threat Actors Abuse Cloudflare Tunnel For Persistence 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actors-abuse-cloudflare-tunnel-for-persistence\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actors-abuse-cloudflare-tunnel-for-persistence\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/threat-actors-abuse-cloudflare-tunnel-for-persistence.jpg\",\"datePublished\":\"2023-08-04T14:14:04+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actors-abuse-cloudflare-tunnel-for-persistence\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actors-abuse-cloudflare-tunnel-for-persistence\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actors-abuse-cloudflare-tunnel-for-persistence\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/threat-actors-abuse-cloudflare-tunnel-for-persistence.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/threat-actors-abuse-cloudflare-tunnel-for-persistence.jpg\",\"width\":1200,\"height\":675},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actors-abuse-cloudflare-tunnel-for-persistence\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,backdoor\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackerbackdoor\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Threat Actors Abuse Cloudflare Tunnel For Persistence\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Threat Actors Abuse Cloudflare Tunnel For Persistence 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/threat-actors-abuse-cloudflare-tunnel-for-persistence\/","og_locale":"en_US","og_type":"article","og_title":"Threat Actors Abuse Cloudflare Tunnel For Persistence 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/threat-actors-abuse-cloudflare-tunnel-for-persistence\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-08-04T14:14:04+00:00","og_image":[{"url":"https:\/\/www.securityweek.com\/wp-content\/uploads\/2023\/01\/Cybersecurity_News-SecurityWeek.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/threat-actors-abuse-cloudflare-tunnel-for-persistence\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/threat-actors-abuse-cloudflare-tunnel-for-persistence\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Threat Actors Abuse Cloudflare Tunnel For Persistence","datePublished":"2023-08-04T14:14:04+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/threat-actors-abuse-cloudflare-tunnel-for-persistence\/"},"wordCount":624,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/threat-actors-abuse-cloudflare-tunnel-for-persistence\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/08\/threat-actors-abuse-cloudflare-tunnel-for-persistence.jpg","keywords":["headline,hacker,backdoor"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/threat-actors-abuse-cloudflare-tunnel-for-persistence\/","url":"https:\/\/www.threatshub.org\/blog\/threat-actors-abuse-cloudflare-tunnel-for-persistence\/","name":"Threat Actors Abuse Cloudflare Tunnel For Persistence 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/threat-actors-abuse-cloudflare-tunnel-for-persistence\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/threat-actors-abuse-cloudflare-tunnel-for-persistence\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/08\/threat-actors-abuse-cloudflare-tunnel-for-persistence.jpg","datePublished":"2023-08-04T14:14:04+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/threat-actors-abuse-cloudflare-tunnel-for-persistence\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/threat-actors-abuse-cloudflare-tunnel-for-persistence\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/threat-actors-abuse-cloudflare-tunnel-for-persistence\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/08\/threat-actors-abuse-cloudflare-tunnel-for-persistence.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/08\/threat-actors-abuse-cloudflare-tunnel-for-persistence.jpg","width":1200,"height":675},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/threat-actors-abuse-cloudflare-tunnel-for-persistence\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,backdoor","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackerbackdoor\/"},{"@type":"ListItem","position":3,"name":"Threat Actors Abuse Cloudflare Tunnel For Persistence"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/53073","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=53073"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/53073\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/53074"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=53073"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=53073"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=53073"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}