Disrupting Attacks on Endpoints | Attack Disruption Engine
Introduction Threat actors are not slowing down. We’ve seen how initial access through VPNs, RDP, and web app abuse is allowing attackers to land on…
Category: ThreatIntelligence-IncidentResponse
The Evolving Linux Threat Landscape
Introduction Linux is the backbone of the enterprise, supporting critical applications, web servers, cloud infrastructure, hypervisors, containers, CI/CD pipelines, and more. This makes it a…
Why BEC Is Now an Identity Problem
Business email compromise (BEC) isn’t new. But the way attackers execute it today looks radically different than it did even a few years ago. What…
RMM Abuse: When IT Convenience Bites Back
Cybercrime is booming, and it’s cashing in on your trusted tools and software. That’s the reality of Remote Monitoring and Management (RMM) abuse. And why…
How a Pharmacy Cyberattack is a Warning Sign for
Early in 2024, the United States healthcare sector was rocked by a devastating cyberattack on Change Healthcare, a pivotal player in health technology processes nationwide.…
Unmasking an Attack Chain of MuddyWater
Acknowledgments: Special thanks to Tyler Marzen and Anna Pham for their contributions to this investigation and write-up. TL;DR: Huntress has identified and detailed a full…
A Threat Actor Abuses Another Free Trial
TL; DR Huntress discovered a threat actor was exploiting vulnerabilities (like SolarWinds Web Help Desk) and exfiltrating victim data to a free trial instance of…
3-2-1 Backup Rule: What It Is + How To Implement
3-2-1 backup rule definition The 3-2-1 backup rule is a data protection strategy where you keep three copies of your data on two different types…
Elastic Security Labs uncovers BRUSHWORM and BRUSHLOGGER — Elastic Security Labs
Key takeaways A South Asian financial institution was targeted with two custom malware components: a modular backdoor (BRUSHWORM) and a keylogger (BRUSHLOGGER) BRUSHWORM features anti-analysis…
Huntress Expands Into Proactive Security Posture Management
At Huntress, we’ve made our name catching and wrecking the hackers who slip past defenses. Now, we’re making it hard for them to even get…
AI Model Refusal Detection for Prompt Injection, Insider Threats
Tenable One’s new Model Refusal Detection turns an LLM’s refusal to execute a risky or suspicious prompt into a high-fidelity early warning signal. It helps…
Scarlet Goldfinch’s year in ClickFix
Red Canary has just released the 2026 Threat Detection Report, unveiling the top 10 most prevalent threats we detected over last year. Six out of…