DanaBot malware disrupted, threat actors named
The DanaBot malware was severely disrupted by law enforcement. Here's an in-depth look at this data-stealing workhorse for the cybercriminal underground.
SANS 2025 CTI Survey: It’s Business Time for Cyber Risk
The SANS Institute’s newly released SANS 2025 CTI Survey report reveals a major surge in use of cyber threat intelligence (CTI) by senior executive and business leaders to mitigate risk in strategic decisions, investments, an...
Intel 471 brings HUNTER behavioral threat hunts to Google Security Operations
Google SecOps customers can now access and use Intel 471’s library of advanced behavioral threat hunt packages on the HUNTER behavioral threat hunting content platform. HUNTER hunt packages go beyond reactive detections for i...
How an alleged Russian hacker slipped away
Russian man Andrei Tarasov was indicted on cybercrime charges related to the Angler exploit kit. He was arrested in Germany but slipped away to Russia — despite his anti-Russian views.
Threat hunting case study: Medusa ransomware
The Medusa gang is one of the most active ransomware-as-a-service groups. Here's how to threat hunt for a User Account Control bypass, one of the tactics, techniques and procedures this group and its affiliates use.

DragonForce Ransomware
DragonForce is a Ransomware-as-a-Service group targeting global industries with customizable payloads, enabling widespread attacks and persistent extortion through an affiliate-driven model.

CVE-2025-31324 - SAP NetWeaver Vulnerability
CVE-2025-31324 is a critical flaw in SAP NetWeaver’s Visual Composer that allows unauthenticated attackers to upload malicious files and gain full system control. Threat actors are already exploiting it in the wild using JSP ...

Managing a cyber crisis
Cyber incidents pose not only technical challenges but communications challenges. Tom Bolitho of FTI Consulting shares guidance on successful strategies to manage complex stakeholder demands and minimize reputational damage.

LabHost: A defunct but potent phishing service
The administrator of LabHost, a phishing-as-a-service (PhaaS) offering, was sentenced to 8 1/2 years in prison. Here's why PhaaS services are making it more difficult for defenders to prevent account takeovers and fraud.

Understanding and threat hunting for RMM software misuse
Remote monitoring and management software is useful for administrators and threat actors, who often abuse or install it. Here's a briefing on RMM platform misuse and guidance for how to threat hunt for misbehavior.