Evolving the Hunt: Host Isolation for Smarter Defense
Will you be ready when the next attack happens? Cyberattacks are the new normal. It’s no longer a question of “if” an attack is going…
Category: ThreatIntelligence-IncidentResponse
Oracle Critical Security Patch Update May 2026
Oracle addresses 35 CVEs in its May 2026 Critical Security Patch Update with 35 patches, including 11 critical updates. Key Takeaways The May 2026 Critical…
Vulnerabilities & Info Disclosure in MSP Survey Software
By nature, threat hunting requires a series of traits: natural curiosity, a love of learning and the desire to break (and then fix) things –…
Top Tips and Takeaways from hack_it 2021.2
Bringing cybersecurity education to the masses is a passion of ours here at Huntress—so much so that we hosted our third hack_it training event just…
Investigating Unauthorized Access | Huntress
We’ve investigated an incident regarding unauthorized access to our quality assurance and product testing environment. In this blog, we’ll share all the gory details to…
EOL/EOS Detection for Containers: Cloud-Native Lifecycle Visibility
Key Takeaways Unsupported software increasingly exists inside container images and Kubernetes workloads, not just traditional infrastructure. Lifecycle risk extends beyond CVEs because unsupported software eventually…
Is There a Right Way to Set Up Two-Factor Authentication?
There’s been a lot of chatter lately around two-factor authentication (2FA) and multi-factor authentication (MFA). We’re seeing more and more websites and applications enforcing 2FA—like…
Download pumping: How threat actors use new npm deception technique in supply chain attacks
Learn how attackers exploit automated bot traffic as part of software supply chain attacks to artificially inflate download counters and mask malicious payloads as legitimate.…
Critical RCE Vulnerability Updates (log4j – CVE-2021-44228)
Our team is investigating CVE-2021-44228, a critical vulnerability that’s affecting a Java logging package log4j which is used in a significant amount of software, including…
Critical RCE Vulnerability: log4j – CVE-2021-44228
Our team is investigating CVE-2021-44228, a critical vulnerability that’s affecting a Java logging package log4j which is used in a significant amount of software, including…
Ditching FUD for FUN in Security Awareness Training
It’s no secret that the cyber security industry loves acronyms. Today, I’ve got the pleasure of breaking down arguably one of the cyber industry’s most…
Log4Shell: A Tradecraft Tuesday Recap
If you’re been living under a rock or have sworn off watching the news—and who could blame you?—you may not know that there’s a new…