10 Endpoint Security Trends and Tips for 2026
In 2026, the endpoint security issues facing businesses look way different from malware campaigns of a decade ago. Endpoints, identities, and cloud workloads now overlap,…
Category: ThreatIntelligence-IncidentResponse
The Identity Breach You Didn’t Know You Had: Google Workspace
Why attackers now treat your inbox like an identity control plane For years, security teams treated Google Workspace like a productivity layer – email, documents,…
Hiding in Plain Sight with App Domain Manager Injection
A little-known feature of the .NET framework allows attackers to execute malicious code inside trusted, Microsoft-signed applications without exploiting a software flaw or dropping a…
The Growing Reality of AI-Enhanced Candidate Fraud
Within the world of recruiting, more specifically the tech and remote-work world, the conversation about AI in hiring has moved past “if” to “how often.”…
Disrupting Attacks on Endpoints | Attack Disruption Engine
Introduction Threat actors are not slowing down. We’ve seen how initial access through VPNs, RDP, and web app abuse is allowing attackers to land on…
The Evolving Linux Threat Landscape
Introduction Linux is the backbone of the enterprise, supporting critical applications, web servers, cloud infrastructure, hypervisors, containers, CI/CD pipelines, and more. This makes it a…
Why BEC Is Now an Identity Problem
Business email compromise (BEC) isn’t new. But the way attackers execute it today looks radically different than it did even a few years ago. What…
RMM Abuse: When IT Convenience Bites Back
Cybercrime is booming, and it’s cashing in on your trusted tools and software. That’s the reality of Remote Monitoring and Management (RMM) abuse. And why…
How a Pharmacy Cyberattack is a Warning Sign for
Early in 2024, the United States healthcare sector was rocked by a devastating cyberattack on Change Healthcare, a pivotal player in health technology processes nationwide.…
Unmasking an Attack Chain of MuddyWater
Acknowledgments: Special thanks to Tyler Marzen and Anna Pham for their contributions to this investigation and write-up. TL;DR: Huntress has identified and detailed a full…
A Threat Actor Abuses Another Free Trial
TL; DR Huntress discovered a threat actor was exploiting vulnerabilities (like SolarWinds Web Help Desk) and exfiltrating victim data to a free trial instance of…
3-2-1 Backup Rule: What It Is + How To Implement
3-2-1 backup rule definition The 3-2-1 backup rule is a data protection strategy where you keep three copies of your data on two different types…