Don’t Sweat the ClickFix Techniques: Variants & Detection Evolution
Executive summary Since the inception of ClickFix last year, this malicious copy-and-paste technique has become an initial access vector of choice for threat actors looking…
Category: ThreatIntelligence-IncidentResponse
Be Offensive: A bold take on Cybersecurity Awareness Month.
Happy Cybersecurity Awareness Month to all who observe. There have now been 21 years of this momentous occasion. Twenty-one years! Old enough to buy…
Top Cyber Threat Trends of 2025 from Deepfakes, ClickFix, and ViewState Exploits
Cloudflare Turnstile challenges leading to MetaStealer. Deepfake meetings impersonating company executives, which trick employees into downloading malicious extensions. Exposed ASP.NET machine keys that open the…
Build a Stronger Security Awareness Program with Huntress
One of the most effective ways to stop a cyberattack is to implement a security awareness training program. Every employee, from the C-suite to the…
Ditch Lame Cybersecurity Tips: These Best Practices Actually Work
For years, we’ve heard the same advice on how to unlock higher levels of cybersecurity greatness. We’re here to tell you that these well-meaning cybersecurity…
How to Offend Your IT Team: Cybersecurity Tips
Cybersecurity Awareness Month is here, and it’s an ideal time to reflect on whether your silly security mishaps have earned your photo a place on…
How to Offend Your IT Team: Cybersecurity Tips
Cybersecurity Awareness Month is here, and it’s an ideal time to reflect on whether your silly security mishaps have earned your photo a place on…
Active Exploitation of Gladinet CentreStack and Triofox Local File Inclusion Flaw
Update #1: 10/15/25 @ 1pm ET On October 14, Gladinet released version 16.10.10408.56683 of CentreStack, which includes a fix for the local file inclusion vulnerability…
The Crown Prince, Nezha: A New Tool Favored by China-Nexus Threat Actors
Update: 10/15/25 @ 1pm ET An anonymous individual from Mainland China who is said to be familiar with the activity, detailed here, reached out to…
The Crown Prince, Nezha: A New Tool Favored by China-Nexus Threat Actors
Update: 10/15/25 @ 1pm ET An anonymous individual from Mainland China who is said to be familiar with the activity, detailed here, reached out to…
Microsoft’s March 2026 Patch Tuesday Addresses 83 CVEs (CVE-2026-21262, CVE-2026-26127)
8Critical 75Important 0Moderate 0Low Microsoft addresses 83 CVEs including two vulnerabilities that were publicly disclosed prior to a patch being released. Microsoft patched 83 CVEs…
Microsoft’s March 2026 Patch Tuesday Addresses 83 CVEs (CVE-2026-21262, CVE-2026-26127)
8Critical 75Important 0Moderate 0Low Microsoft addresses 83 CVEs including two vulnerabilities that were publicly disclosed prior to a patch being released. Microsoft patched 83 CVEs…