Journal of Information Security Research Maleerat Maliyaem 17 1 2026 https://doi.org/10.6025/jisr/2026/17/1/1-22 https://www.dline.info/jisr/fulltext/v17n1/jisrv17n1_1.pdf This paper presents a comprehensive framework for enhancing Cyber Threat Intelligence (CTI) analysis through a domain specific, security aware Retrieval Augmented Generation (RAG) architecture. It begins by defining CTI as the process of transforming raw cyber data into actionable intelligence, emphasizing its role in understanding adversarial Tactics, Techniques, and Procedures (TTPs) via structured knowledge bases like MITRE ATT&CK. The paper reviews the evolution of CTI analysis from traditional rule based and machinelearning systems to modern Large Language Model (LLM) driven approaches highlighting persistent challenges such as hallucinations, a lack of contextual grounding, and vulnerability to adversarial manipulation in retrieval pipelines. Drawing on 2025 CrowdStrike threat data, the analysis reveals critical trends: a 27% year over year rise in interactive intrusions, 73.4% of which are financially motivated (eCrime), while 26.5% stem from nationstate actors targeting strategic sectors like Government (+126%), Telecommunications (+130%), and Industrials & Engineering (+185%). Opportunistic attacks declined by 12%, indicating a shift toward highvalue, precision targeting. These insights inform a proposed CTI RAG system that integrates real world threat statistics to enable sector aware retrieval, sector weighted ATT&CK alignment, and evidence grounded reasoning. Unlike generic or LLM-only baselines, this approach reduces the risk of hallucination, improves TTP accuracy, shortens analyst triage time, and enhances explainability by linking outputs directly to verified CTI sources and sectorspecific tactics. The architecture is designed as an end to end, modular pipeline supporting ingestion, semantic indexing, secure retrieval, grounded reasoning, and analyst feedback making it suitable for operational Security Operations Centers (SOCs). By unifying empirical threat trends, structured knowledge, and robust AI reasoning, the framework offers a scalable, trustworthy solution for next generation CTI that balances tactical eCrime defence with strategic awareness of nation state threats.