-- ThreatCluster Announces a New Approach to Cyber Threat Intelligence
ThreatCluster today announced the availability of its cyber threat intelligence platform, designed to help security teams reduce the growing volume of duplicated cyber threat reporting and focus on the incidents most relevant to their organisations.
Founded in 2025, the UK based company addresses a challenge that has become increasingly common across security operations. Every day, hundreds of cyber security reports covering the same incidents appear across news outlets, security vendors, blogs, dark web forums, leak sites and underground communities. Analysts are often required to review multiple versions of the same story before determining whether an incident affects their organisation.
ThreatCluster was developed to automate this collection and analysis process while preserving the context security professionals need to make informed decisions.
Transforming Hundreds of Reports into Actionable Intelligence
The platform continuously monitors more than 16,000 open web and dark web sources, ingesting approximately 900 articles each day. Through density based semantic clustering, those reports are consolidated into roughly 70 unique threat clusters, allowing analysts to review one comprehensive record rather than dozens of duplicate articles.
Each cluster includes a sourced timeline, extracted entities, indicators of compromise that can be exported into existing security workflows, and attack techniques mapped to the MITRE ATT&CK framework. This provides security teams with a structured view of evolving threats without requiring manual collection from multiple intelligence sources.
Rather than replacing analysts, the platform is intended to reduce repetitive research so that security professionals can spend more time assessing risk and coordinating response activities.
Tailored Intelligence Instead of a General Feed
Beyond reducing duplication, ThreatCluster customises intelligence for each organisation. The platform builds tailored feeds using information such as an organisation's technology stack, software vendors, industry sector, geographic footprint and supply chain relationships.
This allows security teams to receive alerts only when a threat is likely to affect their environment, reducing unnecessary investigation while improving situational awareness.
During active cyber incidents, organisations frequently need to determine whether newly disclosed vulnerabilities or attacks impact their operations. By presenting relevant intelligence within a single workflow, the platform is designed to shorten the time required to answer that question.
Making Enterprise Grade Threat Intelligence More Accessible
ThreatCluster also aims to address another longstanding challenge within the cyber threat intelligence market. Advanced intelligence platforms have traditionally been available primarily through enterprise contracts, limiting access for smaller organisations and operational security teams.
The company offers a free entry tier alongside paid subscriptions intended to make advanced threat intelligence more accessible without requiring enterprise scale budgets.
James Mockford, Co Founder of ThreatCluster, said:
"Serious threat intelligence has been locked behind enterprise pricing for years. If you aren't a large organisation with a big budget, the good tooling has been out of reach. We didn't see a reason for that, so we built something priced for the teams who actually need it."
Built by Practitioners for Operational Security Teams
ThreatCluster was founded by James Mockford and Reyben Cortes, both of whom have worked in operational cyber security and threat intelligence.
Mockford has worked across managed security services, operational technology security, industrial control systems, security engineering and cyber threat intelligence. He also serves in the Royal Naval Reserve Maritime Cyber Unit in a personal capacity.
Cortes previously worked as a cyber threat analyst supporting United States federal threat intelligence, where he briefed government stakeholders on ransomware campaigns and nation state cyber activity.
Drawing on their operational experience, the founders focused on simplifying intelligence collection rather than adding additional data sources for analysts to review.
Supporting Security Teams Across Multiple Sectors
ThreatCluster's users include organisations ranging from individual security analysts to Big Four firms, Fortune 500 companies and defence organisations.
The platform's proprietary collection capabilities include in house monitoring of dark web leak sites, underground forums and Tor marketplaces, rather than relying exclusively on third party intelligence feeds.
According to the company, this approach allows security teams to access consolidated intelligence from both open and dark web sources while reducing duplicated reporting and improving operational efficiency.
Commenting on the company's approach, James Mockford said:
"Threat intelligence is hopelessly fragmented. One incident gets reported across dozens of sources, each holding a different piece of it, and the analyst has to find and read all of them before they understand what happened. We pull it into one place. Everything you need to make an informed call is laid out in front of you within seconds."
About ThreatCluster
ThreatCluster is a United Kingdom based cyber threat intelligence platform founded in 2025. The platform aggregates intelligence from more than 16,000 open web and dark web sources and applies semantic clustering to reduce duplicate reporting into actionable intelligence. It provides tailored intelligence feeds based on an organisation's technology stack, vendors, sector, geography and supply chain, enabling security teams to focus on threats relevant to their operations. More information is available at www.threatcluster.io and www.threatcluster.io/about. Follow ThreatCluster on Twitter/X and LinkedIn. Additional information about the company's founders is available on James Mockford's LinkedIn and Reyben Cortes' LinkedIn. Media enquiries can be directed to hello@threatcluster.io.
Contact Info:
Name: James Mockford
Email: Send Email
Organization: ThreatCluster
Website: https://threatcluster.io/
Release ID: 89196435
Google
RSS