Phishing Techniques Spotted: Email Examples & Red Flags
In this article, we break down five real phishing email examples using the latest email phishing techniques, and share the phishing red flags that can…
Category: ThreatIntelligence-IncidentResponse
Attackers Love Your VPN To-Do List
This blog was updated on April 17 to include threat activity we’re observing with Nightmare-Eclipse’s BlueHammer, RedSun, and UnDefend exploitation techniques. One of the many…
Untangling a Linux Incident With an OpenAI Twist
Acknowledgments: Special thanks to Harlan Carvey and Lindsey O’Donnell-Welch for their contributions to this blog and research. Everyone’s talking about AI’s impact on cybersecurity, from…
From Bulk Export to AI-ready Security Workflows: Introducing Rapid7’s Open-Source MCP Server and Agent Skill
A new open-source bridge helps customers connect Rapid7 vulnerability data to AI agents, assistants and custom workflows with more flexibility, control, and faster access to…
Uptick in Bomgar RMM Exploitation
Acknowledgments: Special thanks to Olly Maxwell, Josh Kiriakoff, Jordan Sexton, Ryan Dowd, Jamie Dumas, Amelia Casley, Austin Worline, and Lindsey O’Donnell-Welch for their contributions to…
Attacking MSSQL Servers | Huntress
Ever since the SQL Slammer worm of 2003, and even before then, MSSQL database servers exposed to the Internet with default configurations have been targeted,…
Threat Intel Accelerates Detection and Response
Identifying the Exploit In November 2023, the Huntress team identified novel indicators of an attack where the threat actor used finger.exe (top portion illustrated in…
The Health Sector is Under Attack. But You Can Fight Back.
In the first eight months of 2023, nearly 71.5M individuals’ health records had been breached. On top of this startling stat, 88% of surveyed healthcare…
Enterprise Patch & Remediation Benchmark 2026: How Do You Compare?
Executive Summary In the last 12 months, enterprises deployed millions of patches, yet many organizations remain exposed due to delayed remediation and unpatched third-party software.…
Solving Endpoint Security Challenges with a Managed EDR
Cybercriminals are some of the hardest working people around. For those of us who aren’t among the criminally inclined, a 40-hour work week is more…
Detection Guidance for ConnectWise CWE-288
UPDATE: Read our full analysis of CVE-2024-1709 & CVE-2024-1708 and detection guidance here. On February 19, 2024, ConnectWise released an advisory related to the disclosure of…
ConnectWise ScreenConnect CVE-2024-1709 & CVE-2024-1708
On February 19, 2024, ConnectWise published a security advisory for ScreenConnect version 23.9.8, referencing two vulnerabilities and software weaknesses. The same day, Huntress researchers worked…