threat hunting

Microsoft has recently announced the addition of two significant data tables—CampaignInfo and FileMaliciousContentInfo—to its Defender XDR advanced hunting capabilities. This enhancement aims to bolster threat detection and investigation within Microsoft 365 environments, providing security...

The story of Chaos RAT is emblematic of a larger cybersecurity trend: the migration of benign open-source tools into the shadowy corners of the cyber threat landscape. Once celebrated for their technical flexibility and communal development, these tools increasingly become the foundation for...

Every cyber incident headline seems to ping-pong between shifting brands: Cozy Bear, Midnight Blizzard, APT29, UNC2452, Voodoo Bear—names that sound like the roll call from a hacker-themed comic, not the carefully curated codenames for state-sponsored threat actors plaguing the digital world. If...

In the complex arena of cybersecurity, few challenges have hindered swift threat intelligence sharing as much as the long-standing inconsistency in threat actor naming conventions. Security professionals, from incident responders to CISOs, have faced moments of hesitation and confusion when...

In the rapidly evolving landscape of cybersecurity, organizations are increasingly turning to specialized service providers to safeguard their digital assets. Among these, Wizard Cyber has emerged as a notable contender, particularly for enterprises deeply integrated into Microsoft's ecosystem...

The cybersecurity landscape continues to evolve at an unprecedented pace, with malware creators and defenders locked in a relentless contest of innovation. Nowhere is this battle more apparent than in the dynamic interplay between cutting-edge malware packaging tools and the latest operating...

Any investigation into the volatile intricacies of Windows security inevitably draws the analyst’s focus to memory: a digital landscape where fleeting evidence, live threats, and operational secrets coexist in the blink of a process. Within this domain, memory analysis has become an...

In recent months, Commvault, a prominent data management and security firm, has been the target of sophisticated cyberattacks attributed to nation-state actors. These incidents have raised alarms within the cybersecurity community, prompting the U.S. Cybersecurity and Infrastructure Security...

The announcement of cyber threat activity targeting Commvault’s flagship SaaS cloud application, Metallic, marks a pivotal moment for cloud security and Managed Service Providers (MSPs), especially those tasked with safeguarding Microsoft 365 (M365) environments. As the wave of sophisticated...

Over the past year, the threat landscape for Windows users has evolved with increasing sophistication, and few examples illustrate this shift better than the rise of Lumma Stealer—a prolific infostealer that has aggressively targeted individuals and organizations across industries. The...

The rise of LummaC2 malware as a potent threat to organizational cybersecurity has garnered front-page attention among security professionals and system administrators alike, and with good reason: a joint advisory from the Federal Bureau of Investigation (FBI) and the Cybersecurity and...

The recently disclosed CVE-2025-29958 has brought new attention to the perennial issue of information disclosure vulnerabilities within core Windows networking services, specifically the Routing and Remote Access Service (RRAS). As enterprise and cloud environments increasingly rely on Windows...

In the rapidly evolving landscape of cyber-espionage, the convergence of zero-day vulnerabilities, niche third-party communications software, and geopolitically motivated actors presents formidable risks for organizations in sensitive regions. The recent disclosure by Microsoft Threat...

As Microsoft’s AI Incident Detection and Response team traces their way through the rough digital corridors of online forums and anonymous web boards, a new kind of cyber threat marks a stark escalation in the ongoing battle to preserve the integrity and safety of artificial intelligence...

Here is a summary of the recognition Trustwave received at the 2025 SC Awards, specifically for its Managed Security Service: Trustwave: Best Managed Security Service – SC Awards 2025 Awarded For: Managed Extended Detection and Response (MXDR) for Microsoft Target Clients: Organizations using...

Microsoft has unveiled a suite of AI-powered Security Copilot agents, now available in public preview, marking a significant advancement in cybersecurity automation. These agents are designed to streamline high-volume security tasks, enabling security teams to concentrate on more complex...

The cybersecurity landscape is undergoing a profound transformation, driven at its core by the rapid evolution of artificial intelligence (AI) and the dynamic nature of modern data flows. Jonathan Roizin, CEO of Flow Security—now part of CrowdStrike—offers a candid perspective on this shift...

When the Cybersecurity and Infrastructure Security Agency (CISA) issues a rare Malware Analysis Report (MAR), security professionals across the Windows and wider enterprise world take notice. In late March 2025, CISA published such a report for a new malware variant dubbed RESURGE, associated...

When Node.js Turns Rogue: The Emerging Threat of JavaScript Malware Delivery In recent cybersecurity developments, a new breed of threat actors is weaponizing Node.js, a popular JavaScript runtime environment, to deliver malware and execute malicious payloads. This rise in under-the-radar...

Original release date: August 31, 2021 Summary Immediate Actions You Can Take Now to Protect Against Ransomware • Make an offline backup of your data. • Do not click on Link Removed. • If you use RDP, secure and monitor it. • Link Removed your OS and software. • Use Link Removed. • Use Link...