-
Before Your MSP Chases CMMC, Take an Honest Look at Your Operations
CMMC is an operating model, not a checklist. Before chasing defense work, audit your MSP's internal operations, including access controls and data handling, to ensure you’re rea...
-
Four AI Trends Transforming Network Operations
The old way used to be all about observability, dashboards, aggregated KPIs, human correlation, and manual intervention. That world is changing with AI. — Donogh O’Reilly, Vice ...
-
Inside ANY.RUN’s 10-Year Evolution: An Interview with CEO Aleksey Lapshin
What happens when a malware analyst decides to build a product he always wished he had? The case of ANY.RUN tells us that ten years later it may turn into an industry-standard s...
-
Introducing EvidenceForge: Synthetic security logs that don’t look (as) fake
EvidenceForge generates high-quality, realistic, and consistent datasets across multiple log formats, enabling teams to effectively train personnel and validate detection models...
-
Mytheresa - 84,108 breached accounts
In April 2026, the luxury fashion e-commerce platform Mytheresa was listed as a victim of the ShinyHunters "pay or leak" extortion group. After the ransom deadline passed, the g...
-
Ameriprise - 502,597 breached accounts
In March 2026, the financial services firm Ameriprise Financial was named by the ShinyHunters group in a "pay or leak" extortion campaign. The group claimed possession of more t...
-
How Security Leaders Cut Through Complexity to Drive Better Outcomes
Security leaders are operating in an environment that is only getting more complex. Expanding attack surfaces, rapid AI adoption, growing toolsets, and increasing pressure to re...
-
Major Cyber Attacks in May 2026: Fake Invitations, Agent Tesla, BlobPhish, and More
May 2026 showed how fast routine business activity can turn into real security exposure. ANY.RUN observed phishing campaigns, fileless malware delivery, credential theft, OTP in...
-
From Cookies to Keys: The Threat of Session Hijacking
See how session hijacking reshaped cyber threats. Learn how stolen tokens enable rapid breaches, bypass security, and impact enterprise protection.
-
Smart Contracts for C&C: How ClearFake Hid in Plain Sight on BSC Testnet
TrendAI™ Research analyzed an intrusion where threat actors used the EtherHiding technique to route ClearFake payload delivery through smart contracts on the BNB Smart Chain tes...
-
7-Eleven - 185,256 breached accounts
In April 2026, 7-Eleven was the victim of a "pay or leak" extortion campaign by ShinyHunters, with the data later published that month. The incident exposed 185k unique email ad...
-
Emulating the Gentlemen Ransomware
AttackIQ has released two new assessments that emulate the behaviors of The Gentlemen ransomware, a cross-platform threat that emerged around July 2025. The group employs a doub...
-
Is my use case a high-risk AI system? Applying the Commission’s guidelines and next steps
The EU Commission’s long-awaited guidelines on high-risk AI systems were published on 19 May 2026. This is the promised explainer on what is – and is not – a high-risk AI system...
-
Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns
Unit 42 details Screening Serpens' use of AppDomainManager hijacking and new RAT variants to target tech and defense sectors in recent campaigns. The post Tracking Iranian APT S...
-
Paved With Intent: ROADtools and Nation-State Tactics in the Cloud
Open-source framework ROADtools is being misused by threat actors for cloud intrusions. Learn how to identify its malicious use. The post Paved With Intent: ROADtools and Nation...
-
Analyzing Void Dokkaebi’s Cython-Compiled InvisibleFerret Malware
Void Dokkaebi, a North Korea-aligned intrusion set, has updated its information-stealing malware, InvisibleFerret, shifting its delivery format to evade script-based detections.
-
When AI becomes the cyber attacker: Mythos and what comes next
Anthropic’s April 7, 2026 announcement that it built a model too powerful for public consumption, Claude Mythos Preview (Mythos), marks a notable moment for the legal, complianc...
-
The art of being ungovernable
In this edition of the Threat Source newsletter, William explores the value of being "ungovernable" in a professional setting, sharing how challenging the status quo and seeking...
-
How Huntress Uses Managed SIEM to Detect Threats Faster
See how Huntress uses Managed SIEM to detect threats faster, hunt smarter, and deliver comprehensive protection across endpoints, identities, and infrastructure.
-
Automation and scripting in SMBs: Trends, challenges and what actually works
Most IT teams recognize the value of automation, yet in practice, many remain reactive, spending most of their time on tickets and outages rather than building automation. Organ...
-
The Gentleman Ransomware | Defense Evasion TTPs Uncovered | Huntress
Two recent incidents involving The Gentlemen ransomware show the use of defense evasion tactics, including logs being cleared and attempts to add antivirus exclusions.
-
Dragonica Lunaris - 126,293 breached accounts
In December 2025, the European Dragonica private server Dragonica Lunaris suffered a data breach. The incident exposed 126k email addresses, usernames, dates of birth and bcrypt...
-
Windows93 / Myspace93 - 46,105 breached accounts
In January 2021, the parody site Windows93 suffered a data breach of the Myspace93 sub-site after a beta application was exploited to download server files. The compromised data...
-
Colorado’s new AI governance law
We recently published an alert that highlights Colorado’s new artificial intelligence (AI) governance law. After X.AI sued to enjoin enforcement of Colorado’s first AI governanc...
-
Build Your Cybersecurity Profile: Introducing the AttackIQ Champions Program
The AttackIQ Champions Program recognizes practitioners who promote threat-informed defense and the principles behind operationalizing MITRE ATT&CK. Publish content, get early a...
-
The 1 A.M. Cloud Migration Meltdown
A lead architect for a global bank sits in a dark office at 1:00 a.m. Two hours ago, her team finished a final migration cutover, moving the bank’s core lending application from...
-
Inside the RaaS Ecosystem: Operators, Affiliates & Attack Tradecraft | Huntress
The ransomware name on the ransom note doesn't tell the full story. See how RaaS affiliates drive initial access, persistence, and exfiltration and what defenders should watch for.
-
How Can MSSPs Scale Threat Detection Without Burning Out Their Analysts?
Scaling threat detection as an MSSP doesn’t mean hiring more analysts — it means enabling the analysts you already have to handle more clients, more alerts, and more complex thr...
-
Tracking TamperedChef Clusters via Certificate and Code Reuse
Unit 42 analyzes TamperedChef malware clusters that use trojanized productivity apps and malvertising to deliver stealthy payloads to targets. The post Tracking TamperedChef Clu...
-
TP-Link, Photoshop, OpenVPN, Norton VPN vulnerabilities
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed eight vulnerabilities in TP-Link, and one each in Adobe Photoshop, OpenVPN, and Gen Digital's Norton VPN.
-
Top 5 Phishing-Driven Social Engineering Attacks on Companies in 2026
Your employees are not falling for “bad grammar” phishing anymore. They are being pulled into fake Microsoft logins, banking pages, AI tool instructions, real OAuth flows, and e...
-
From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat
Cisco Talos has uncovered a BadIIS variant — identifiable by its embedded "demo.pdb" strings — that functions as commodity malware, likely sold or shared among multiple Chinese-...
-
Exposed RDP: The Misconfiguration Attackers Keep Exploiting
Exposed RDP is still one of the most reliable ways attackers get in and most teams don't know it's open. See real cases where it was caught before it became a catastrophe.
-
CTT - 468,124 breached accounts
In April 2026, data allegedly obtained from CTT, Portugal's national postal service, was posted to a public hacking forum. The data included 468k unique email addresses along wi...
-
Inside SHADOW-WATER-063’s Banana RAT: From Build Server to Banking Fraud
In this blog entry, researchers from the TrendAI™ MDR team discuss how they mapped the full end-to-end operation of SHADOW-WATER-063’s Banana RAT banking malware by analyzing se...
-
Addi - 34,532,941 breached accounts
In March 2026, the Colombian fintech company Addi identified unauthorised activity on its platform and advised customers that "it is possible that your personal information may ...
-
Communication Service Provider Supports Banking Application Success Across International Borders
Today’s communication service providers (CSPs) sit at the center of some of the world’s most demanding digital services—none more mission critical than international mobile bank...
-
Threat Actor Defense Evasion: How Attackers Disable AV & EDR
Threat actors are actively targeting your security tools. Learn how threat actors disable antivirus and EDR through vulnerable drivers, tampering attacks, and malicious firewall...
-
Agentic Governance: Why It Matters Now
AI agents now act inside the trust boundary with real credentials, and agentic governance is what keeps them from quietly breaking things at machine speed.
-
19 Cloud Security Challenges and How to Mitigate Risk | Huntress
Learn about some of the most common cloud security challenges facing modern businesses today, plus why it matters for you and your employees.
-
(X) Most Common Passwords to Compromise Security in 2026
Discover the most common passwords that put you and your business at risk, and get easy tips to improve your password security.
-
Defending Against DDoS Attacks at Scale
For global financial institutions, digital availability is not optional—it is foundational to trust, revenue, and regulatory compliance. When customer-facing services are expect...
-
Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files
Unit 42 analyzes the evolution of Gremlin stealer. This variant uses advanced obfuscation, crypto clipping and session hijacking to compromise data. The post Gremlin Stealer's E...
-
What Is Single Sign-On? The Practical Guide | Huntress
Learn what single sign-on (SSO) login is, how it’s used in role management and cybersecurity, and how to set it up at your organization.
-
Strong Stack. Strong Team. Real Security Resilience.
Learn how to build a resilient security stack and program that cuts alert noise, strengthens identity defense, and helps teams respond faster.
-
The time of much patching is coming
In this week’s newsletter, Martin reflects on what the next iteration of AI tools means for vulnerability discovery and our ability to manage large-scale patch releases.
-
13 Cybersecurity Frameworks for 2026 and How to Choose What's Best for You
Discover some of the most common cybersecurity frameworks by what they’re best for, plus tips for choosing the right one for your organization.
-
Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities
Cisco Talos is tracking the active exploitation of CVE-2026-20182, an authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco ...
-
AI-Driven Workflow Automation Is the New North Star for Communication Service Providers
As we transition through the complexities of 5G standalone architectures, network slicing, and edge computing, the sheer volume of operational data has surpassed the limits of h...
-
Panic at the Distro
Learn how critical Linux kernel flaws in CopyFail, Dirty Frag, and Fragnesia let unprivileged users escalate to root access. See what security teams can do to remediate.
