initial

Web Shells, Tunnels, and Ransomware: Dissecting a Warlock Attack

Web Shells, Tunnels, and Ransomware: Dissecting a Warlock Attack

AndyC 17 March 2026

Following initial access, the threat actors conducted extensive lateral movement using a combination of legitimate administration tools and credential abuse....

Read More

Vendor News

Initial access techniques used by Iran-based threat actors

AndyC 14 March 2026

Iranian‑linked threat groups often use a core set of initial access methods. The threat actors favor cost-effective, repeatable intrusion techniques...

Read More

Creating unstructured data pipelines for retrieval augmented generation

Creating unstructured data pipelines for retrieval augmented generation

AndyC 25 February 2026

Our initial release of Tonic Textual focused on generating redacted versions of unstructured text and image files. This is...

Read More

Master XDR Investigations: A Deep Dive into the GravityZone XDR Demo Incident

Master XDR Investigations: A Deep Dive into the GravityZone XDR Demo Incident

AndyC 18 February 2026

An attacker’s initial access, whether through phishing, unmanaged devices, exploited vulnerabilities, or a compromised supply chain, marks the beginning...

Read More

TA584 threat actor leverages Tsundere Bot and XWorm for network access

TA584 threat actor leverages Tsundere Bot and XWorm for network access

AndyC 11 February 2026

A prolific initial access broker, identified as TA584, has been observed employing the Tsundere Bot in conjunction with the XWorm...

Read More

RSAC 2026 wrap-up – Week in security with Tony Anscombe

RSAC 2026 wrap-up – Week in security with Tony Anscombe

AndyC 28 March 2026

This year, AI agents took the center stage – as a defensive capability, but more pressingly as a risk many organizations haven't caught up with...

Read More

A cunning predator: How Silver Fox preys on Japanese firms this tax season

A cunning predator: How Silver Fox preys on Japanese firms this tax season

AndyC 28 March 2026

Business Security Silver Fox is back in Japan, spoofing tax and HR emails timed to the one season when no one thinks twice about opening...

Read More

Virtual machines, virtually everywhere – and with real security gaps

Virtual machines, virtually everywhere – and with real security gaps

AndyC 26 March 2026

Twenty years ago, almost to the day, Amazon Web Services (AWS) launched Simple Storage Service (S3). A few months later, the company’s Elastic Compute Cloud (EC2) service opened for public...

Read More

Cloud workload security: Mind the gaps

Cloud workload security: Mind the gaps

AndyC 25 March 2026

Business Security As IT infrastructure expands, visibility and control often lag behind – until an incident forces a reckoning Tomáš Foltýn 24 Mar 2026 • ...

Read More

Move fast and save things: A quick guide to recovering a hacked account

Move fast and save things: A quick guide to recovering a hacked account

AndyC 21 March 2026

Cybercriminals go after people’s personal information across every kind of online platform, including WhatsApp, Instagram, LinkedIn, Roblox, YouTube and Spotify, not to mention finance apps....

Read More

EDR killers explained: Beyond the drivers

EDR killers explained: Beyond the drivers

AndyC 20 March 2026

In recent years, EDR killers have become one of the most commonly seen tools in modern ransomware intrusions: an attacker acquires high privileges, deploys such...

Read More

BSidesSLC 2025 – Good Models Gone Bad – Visualizing Data Poisoning With Gephi

From Data to Intelligence: Why More Signals Don’t Equal Better Security

AndyC 29 March 2026

Iran-linked group Handala hacked FBI Director Kash Patel’s personal email account

Iran-linked group Handala hacked FBI Director Kash Patel’s personal email account

AndyC 29 March 2026

U.S. CISA adds a flaw in F5 BIG-IP AMP to its Known Exploited Vulnerabilities catalog

U.S. CISA adds a flaw in F5 BIG-IP AMP to its Known Exploited Vulnerabilities catalog

AndyC 29 March 2026

BSidesSLC 2025 – Good Models Gone Bad – Visualizing Data Poisoning With Gephi

Secure Authentication Starts With Secure Software Development

AndyC 29 March 2026

Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug

Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug

AndyC 29 March 2026