In the week since the US-Israel-Iran conflict began, we've been seeking out the best places to track activity relevant to the work of cybersecurity practitioners. There are, of course, plenty of news sites to check on, but we wanted a list of sites that more specifically track things a typical SOC would care about.
What follows are our go-to sites so far. As we come across more, we will add them.
We also invite readers to share other sites they have found helpful at bill@cscgroupllc.com. Once we verify them, we will add them to this list as well.
More on the Middle East situation:
Iran Conflict: America’s Cyber Defenses Face Their Biggest Test — At a Weak Moment
As Iran’s cyber forces regroup after the most devastating military strikes in the Islamic Republic’s history, the U.S. agency built to defend the nation’s critical infrastructure is operating with a skeleton crew, gutted leadership, and a funding crisis — at precisely the moment it is needed most.
George V. Hulme
Conflict With Iran Is Latest Case of the Wall Between Cyber and Kinetic Warfare Crumbling
The escalating conflict with Iran underscores how the once-clear boundary between cyber and kinetic warfare has collapsed, forcing organizations to rethink cybersecurity as inseparable from physical and geopolitical risk.
Bill Brenner
Sites I check daily:
- Critical Threats Project (CTP) - Iran Update: Provides twice-daily detailed geopolitical and military analysis of the conflict, essential for understanding the "why" behind cyber shifts.
- SOCRadar - Iran-Israel Conflict Dashboard: A specialized dashboard for tracking Iranian APTs, hacktivist campaigns, and verified cyber intelligence.
- Unit 42 (Palo Alto Networks): Regularly publishes deep technical dives into specific Iranian campaigns, such as the March 2026 "Electronic Operations Room" surge.
- CISA - Iran Threat Overview: The primary source for official U.S. government advisories, including joint alerts with the FBI and NSA on Iranian APT activity.
- Recorded Future - Insikt Group: Tracks the intersection of physical strikes and digital retaliation, offering real-time scenarios and threat analysis.
- Google Threat Intelligence (Mandiant/TAG): Combines Mandiant’s frontline incident response with Google’s Threat Analysis Group (TAG) to provide high-fidelity tracking of Iranian APT groups (like APT42) and their shift toward destructive "hack-and-leak" operations.
