How EDR and ITDR Elevate Your Security
In cybersecurity, we talk about attack vectors like they operate in silos—endpoint threats over here, identity-based attacks over there. But the truth is attackers don’t…
Category: ThreatIntelligence-IncidentResponse
Ransomware Initial Access Brokers Exposed
Every intrusion that we comb over here at Huntress is different in its own way. Although there are definitely discernible patterns when it comes to…
CVE-2025-30406 – Critical Gladinet CentreStack & Triofox Vulnerability Exploited In The Wild
Special thanks to Craig Sweeney, Hayden Drummond, Michael Tigges, Tanner Filip, Jevon Ang, Jamie Dumas, Stephanie Fairless, and Lindsey Welch for their contributions and support…
Why App Allowlisting and Zero Trust Solutions Alone Won’t Save You
A layered security approach isn’t just a nice-to-have—it’s a necessity. Many organizations are adopting “allowlisting” or “zero trust for endpoint” strategies, which, in theory, sound…
Credential Theft: Expanding Your Reach, Pt. II
As a follow-on to our previous blog post of the same title, sans the “Pt. II,” we wanted to illustrate the myriad of techniques behind…
Identity Threats Got a Whole Lot Nastier, But So Did We
If identity is the new perimeter, most businesses defend it with a cardboard shield and a prayer. Maybe a mouse is there, too. Over the…
Minutes Matter: Huntress Managed SIEM Makes Them Count (Here’s How)
Interest in security information and event management (SIEM) has increased over the years because it can do three things that IT and security teams desperately…
What Is Business Email Compromise? BEC Defined
Business email compromise (BEC) is a phishing scam where threat actors impersonate a trusted source to convince others to give them sensitive information or take…
What Is Business Email Compromise? BEC Defined
Business email compromise (BEC) is a phishing scam where threat actors impersonate a trusted source to convince others to give them sensitive information or take…
Do Tigers Really Change Their Stripes?
Something we often hear within the cybersecurity community, and particularly within digital forensics and incident response (DFIR), is that “threat actors are always changing their…
Rapid Response: Samsung MagicINFO 9 Server Flaw
TL;DR: While reports have indicated the latest version of Samsung MagicINFO 9 Server fixes a high-severity flaw (CVE-2024-7399), Huntress has independently verified that the latest…
Utilizing ASNs for Hunting & Response
Whether responding to incidents or hunting through large and complex data sets, IP addresses usually feature fairly heavily as a key analysis data point. When…