Rising Supply Chain Attacks on Cybersecurity Ecosystems
Cybersecurity has always relied on trust. Every software update, hardware purchase, and cloud integration depends on the implicit belief that vendors will protect their customers.…
Category: ThreatIntelligence-IncidentResponse
Automate your Detection Rule Migration — Elastic Security Labs
Migrating to a new SIEM is often viewed as a daunting task. The sheer volume of legacy detection rules, dashboards, and custom configurations can keep…
Automating GOAD and Live Malware Labs — Elastic Security Labs
Introduction: The Need for a Scalable, Automated Simulation Range In modern security operations, detection engineering is no longer a “set it and forget it” discipline.…
Destructive Malware Targeting Poland’s Energy Sector — Elastic Security Labs
Summary On December 29, 2025, a coordinated campaign of destructive cyberattacks targeted Poland’s energy infrastructure, affecting over 30 renewable energy facilities and a major combined…
SolarWinds Web Help Desk Exploitation
Summary On February 6, 2026, Microsoft reported the exploitation of SolarWinds Web Help Desk (WHD) servers The exploitation facilitated multi-stage intrusions leveraging remote monitoring and…
Tradecraft Tuesday Recap: React2Shell, ClickFix, and the Rise of AI Scams
Every security professional knows the drill. You go home for the holidays and, without volunteering, you become the family’s help desk, incident responder, and fraud…
Rogue RMMs: Common Social Engineering Tactics We Saw in 2025
Special thanks to Austin Worline for his contributions to this blog post. The Huntress Security Operations Center (SOC) frequently comes across incidents involving rogue ScreenConnect…
Reflecting on AI in 2025: Faster Attacks, Same Old Tradecraft
Background Reflecting on 2025, AI didn’t produce omnipotent, mind-bending offensive capabilities as many commentators heralded. The reality we observed was much more grounded. Adversaries leaned…
Make The Most of Network Firewall Logs with Elastic Security — Elastic Security Labs
This is Part 1 of a two-part series on leveraging firewall data in Elastic Security. In this post, we cover the fundamentals of firewall logs,…
The key of AI: How Agentic Tuning can make your detection strategy sing
Stop me if you’ve heard this one before: security alerts can be noisy. Mostly, these noisy alerts are communicating information that is, on average, important…
ChatGPT in your inbox? Investigating Entra apps that request unexpected permissions
{ "TenantId": "52672484-b4e1-402d-934c-a8e2fd9b05d1", "SourceSystem": "Azure AD", "TimeGenerated": "2025-12-02T20:22:16.1185371Z", "ResourceId": "/tenants/747930ee-9a33-43c0-9d5d-470b3fb855e7/providers/Microsoft.aadiam", "OperationName": "Add service principal", "OperationVersion": "1.0", "Category": "ApplicationManagement", "ResultType": "", "ResultSignature": "None", "ResultDescription": "", "DurationMs":…
How Hacked Construction Apps Are Bringing Down Jobsite Security
One of the first steps in basic IT and security hygiene is maintaining an accurate inventory of all assets, including physical and virtual systems as…