This research explores how large language models (LLMs) can complement, rather than replace, the efforts of malware analysts in the complex field of reverse engineering. LLMs may serve as powerful...

In July 2025, the eSentire Threat Response Unit (TRU) identified multiple sophisticated incidents believed to be attributed to the Interlock Group, a ransomware gang that has targeted organizations...

During a ransomware intrusion, we encountered a script that was filled with clear comments for what each command and function did. It was immediately, jarringly out of place, as at Huntress we typi...

Key Findings – Q2 2025 Ransomware Trends Ransomware-as-a-Service (RaaS) group disruptions: Several major ransomware groups have disappeared, leaving a fragmented ecosystem. Slight decline in public...

Overview Proofpoint has identified a cluster of activity using Microsoft OAuth application creation and redirects that lead to malicious URLs enabling credential phishing. The fake Microsoft 365 a...

Microsoft Threat Intelligence has uncovered a cyberespionage campaign by the Russian state actor we track as Secret Blizzard that has been targeting embassies located in Moscow using an adversary-i...

Introduction Over the last five years, the Democratic People’s Republic of Korea (DPRK) has transitioned from smash-and-grab cryptocurrency raids to a more covert, scalable model of economic warfar...

Bitdefender cybersecurity experts discovered serious vulnerabilities in Dahua smart cameras that could have allowed hackers to take full control of the devices remotely. Fortunately, the vulnerabil...

Key Findings Check Point Research (CPR) conducted a focused analysis of Storm-2603, a threat actor associated with recent ToolShell exploitations, together with other Chinese APT groups. Storm-260...

Key Takeaways APT36 has expanded its focus to include Indian railway systems, oil and gas infrastructure, and the Ministry of External Affairs. They use .desktop files disguised as PDF docume...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2024-45515 n/a - n/a An iss...

Key Takeaways From This Blog Initial access can be physical and extremely low-profile, evading most traditional defenses. Memory and network forensics were the only effective techniques in det...

A wave of data breaches impacting companies like Qantas, Allianz Life, LVMH, and Adidas has been linked to the ShinyHunters extortion group, which has been using voice phishing attacks to steal dat...

Fraudsters are flooding Discord and other social media platforms with ads for hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with...

Security researchers may have discovered a reliable hosting company run by Qwins Ltd. that supports a broad range of international malware operations in a recent analysis resulting from standard fo...

Key takeaways Threat actors are exploiting Microsoft 365’s Direct Send feature to deliver phishing emails that appear to originate from within the organization, undermining internal trust, and inc...

In the latter half of 2024, the Russian IT industry, alongside a number of entities in other countries, experienced a notable cyberattack. The attackers employed a range of malicious techniques to ...

Executive Summary Sentinel Labs identified 10+ patents for highly intrusive forensics and data collection technologies that were registered by companies named in U.S. indictments as working on beh...

Executive Summary Over the past few months, our zLabs team has been actively tracking a sophisticated banker trojan strain that has rapidly evolved in both its distribution methods and capabilitie...

Anubis and the Death of Data: A New Era of Ransomware Operations Ransomware trends and the emergence of Anubis. Ransomware activity continues to increase, and Bitsight data illustrates the scale ...