Game of clones: Sophos and the MITRE ATT&CK Enterprise 2025 Evaluations
Each year, several security solution providers – including Sophos – sign up for MITRE’s ATT&CK Enterprise Evaluations, a full-scale cyber...
threat—research
A big finish to 2025 in December’s Patch Tuesday
Microsoft on Tuesday released 56 patches affecting 10 product families. Two of the addressed issues are considered by Microsoft to...
React2Shell flaw (CVE-2025-55182) exploited for remote code execution
Sophos analysts are investigating the widespread exploitation of a critical vulnerability dubbed ‘React2Shell’ that affects React Server Components versions 19.0.0,...
GOLD SALEM tradecraft for deploying Warlock ransomware
In mid-August 2025, Counter Threat Unit™ (CTU) researchers identified the use of the legitimate Velociraptor digital forensics and incident response...
Inside Shanya, a packer-as-a-service fueling modern attacks
We have covered packer-as-a-service offerings from the computer underworld in the past, previously dissecting impersonation campaigns and the rise of...
Sharpening the knife: GOLD BLADE’s strategic evolution
Between February 2024 and August 2025, Sophos analysts investigated nearly 40 intrusions related to STAC6565, a campaign the analysts assess...
Size ≠ Security: Bigger Businesses Still Fail at Bot Protection
One of the perhaps more surprising findings from our Global Bot Security Report 2025 is that when it comes...
WhatsApp compromise leads to Astaroth deployment
Sophos analysts are investigating a persistent, multi-stage malware distribution campaign targeting WhatsApp users in Brazil. First observed on September 24,...
From Bots to Buyers: With Agentic AI, Bot Management Becomes Core Infrastructure
Retail is standing at the edge of a massive transformation. The arrival of agentic commerce — autonomous, goal-oriented digital...
November Patch Tuesday does its chores
Microsoft on Tuesday announced 63 patches affecting 13 product families. Four of the addressed issues are considered by Microsoft to...
BRONZE BUTLER exploits Japanese asset management software vulnerability
In mid-2025, Counter Threat Unit™ (CTU) researchers observed a sophisticated BRONZE BUTLER campaign that exploited a zero-day vulnerability in Motex...
Windows Server Update Services (WSUS) vulnerability abused to harvest sensitive data
Counter Threat Unit™ (CTU) researchers are investigating exploitation of a remote code execution vulnerability (CVE-2025-59287) in Microsoft’s Windows Server Update...
Threat Intelligence Executive Report – Volume 2025, Number 5
The Counter Threat Unit™ (CTU) research team analyzes security threats to help organizations protect their systems. Based on observations in...
F5 network compromised
On October 15, 2025, F5 reported that a nation-state threat actor had gained long-term access to some F5 systems and...
October Patch Tuesday beats January ’25 record
Microsoft on Tuesday announced 170 patches affecting 21 product families. Eight of the addressed issues are considered by Microsoft to...
