3CX VoIP Software Compromise & Supply Chain Threats
The 3CX VoIP Desktop Application has been compromised to deliver malware via legitimate 3CX updates. Huntress has been investigating this incident and working to validate…
Category: ThreatIntelligence-IncidentResponse
Traitorware and Living Off the Land
In a previous life before joining Huntress, I was a Splunk administrator and architect. Over time I noticed a few features/behaviors of Splunk that I…
Bringing the Hunt to Australia and New Zealand
G’Day and Kia Ora, (Yep, you guessed it!) Let me introduce myself. I’m Reece, Regional Director of Huntress ANZ, located in Sydney, and I’m incredibly…
Critical Vulnerabilities in PaperCut Print Management Software
Our team is tracking in-the-wild exploitation of zero-day vulnerabilities against PaperCut MF/NG which allow for unauthenticated remote code execution due to an authentication bypass. UPDATE…
Endpoint Security In a macOS World
At the Worldwide Developer Conference (WWDC) in 2019, Apple announced the release of macOS Catalina and along with it, system extensions and, something they referred…
Copy Fail and DirtyFrag: Linux Page Cache Bugs in the Wild — Elastic Security Labs
Introduction Recent Linux kernel privilege escalation vulnerabilities, Copy Fail (CVE-2026-31431) , Copy Fail 2, and DirtyFrag, highlight how subtle page cache corruption bugs can become…
The Power of People: Inside Huntress EDR and 24/7 Operations
Recently, the Huntress Security Operations Center (SOC) team spent some time talking about what makes our endpoint detection and response (EDR) solution—and the team behind…
Advanced CyberChef Tips: AsyncRAT Loader
The Huntress SOC team encountered and investigated an infection involving a malicious malware loader on a Huntress-protected host. This investigation was initiated via persistence monitoring,…
The Battle for macOS Management: MDM vs. RMM
There are many ways to deploy software to macOS, and each comes with its own unique set of benefits and challenges. Outside of manually downloading…
Dirty Frag (CVE-2026-43284,CVE-2026-43500): Linux Kernel Privilege Escalation FAQ
Weeks after the Copy Fail vulnerability was revealed, a new Linux kernel escalation vulnerability has been uncovered. Dubbed “Dirty Frag,” this flaw could allow a…
Threat Advisory: XMRig Cryptomining By Way Of TeamViewer
At the end of May 2023, Huntress Security Operations Center (SOC) analysts responded to an alert on an endpoint, indicating the presence of a cryptocurrency…
MOVEit Transfer Critical Vulnerability CVE-2023-34362
UPDATED: 1 June 2023 @ 1733 ET – Added shareable Huntress YARA rule for assistance in detection effort UPDATED: 1 June 2023 @ 2023 ET…