How an alleged Russian hacker slipped away
Russian man Andrei Tarasov was indicted on cybercrime charges related to the Angler exploit kit. He was arrested in Germany but slipped away to Russia — despite his anti-Russian views.
Threat hunting case study: Medusa ransomware
The Medusa gang is one of the most active ransomware-as-a-service groups. Here's how to threat hunt for a User Account Control bypass, one of the tactics, techniques and procedures this group and its affiliates use.
DragonForce Ransomware
DragonForce is a Ransomware-as-a-Service group targeting global industries with customizable payloads, enabling widespread attacks and persistent extortion through an affiliate-driven model.
CVE-2025-31324 - SAP NetWeaver Vulnerability
CVE-2025-31324 is a critical flaw in SAP NetWeaver’s Visual Composer that allows unauthenticated attackers to upload malicious files and gain full system control. Threat actors are already exploiting it in the wild using JSP ...
Managing a cyber crisis
Cyber incidents pose not only technical challenges but communications challenges. Tom Bolitho of FTI Consulting shares guidance on successful strategies to manage complex stakeholder demands and minimize reputational damage.

LabHost: A defunct but potent phishing service
The administrator of LabHost, a phishing-as-a-service (PhaaS) offering, was sentenced to 8 1/2 years in prison. Here's why PhaaS services are making it more difficult for defenders to prevent account takeovers and fraud.

Understanding and threat hunting for RMM software misuse
Remote monitoring and management software is useful for administrators and threat actors, who often abuse or install it. Here's a briefing on RMM platform misuse and guidance for how to threat hunt for misbehavior.

Threat-hunting case study: Windows Management Instrumentation abuse
Attackers often use Windows Management Instrumentation (WMI) for reconnaissance to map networks. This case study describes how to threat hunt for malicious use of WMI, which is also used legitimately by administrators.

An in-depth look at Black Basta's TTPs
The Black Basta group constantly sought new malware and methods to infiltrate systems with ransomware. Here's a look at those tactics as drawn from a large leak of the group's chat messages.

VanHelsing Ransomware
Launched in March 2025, the cross-platform VanHelsing ransomware-as-a-service quickly attracted affiliates with its profit-sharing model and intuitive control panel, infecting multiple victims within weeks and showing signs o...