Huntress researchers weigh in on the challenge of getting feature parity across Windows, macOS, and Linux. And learn how unique security models and platform maturity shape the way products are built.

Huntress outlines 2025 AI attack speed with automated scripts, but adversaries use familiar tradecraft. Detection and hygiene remain decisive.

Huntress outlines a complex, multi-step attack designed to break out of guest VMs and target the ESXi hypervisor, using potential zero-day vulnerabilities and sneaky VSOCK communication.

From lures involving Social Security statements to top domains and hashes used in attacks, here's an in-depth look at incidents involving ScreenConnect in 2025.

Your LDAP detection rules work in the lab but fail in production. Here's why Event 1644 whitespace variations break your Sigma rules and how to fix them.

From "React2Shell" exploitation to sophisticated "Living off Trusted Sites" phishing, Huntress experts break down the threats targeting both enterprises and families today.

Learn how supply chain attacks and shifting trust are reshaping the software supply chain, and what enterprises must do to strengthen resilience.

Think all threat actors are pros? This post reveals how 'unsophisticated' malware and attacker errors help defenders stop attacks before damage is done.

Understand the critical role of cyber insurance in safeguarding your business from cyber threats. Learn how this coverage can protect your assets.

Threat actors are exploiting a vulnerability in Gladinet’s CentreStack and Triofox products that stems from hardcoded cryptographic keys in the AES implementation.

Recently, the Huntress SOC has observed threat actors increasingly use PDQ and GoTo Resolve to deploy further remote monitoring and management (RMM) tools in attacks.

Learn why your LDAP detection rules never fire and how to fix them. Hint: it's the OID-to-bitwise transformation.

CMMC is coming. Learn how to turn this challenge into a major revenue opportunity for your business.

Attackers are exploiting user trust in AI and aggressive SEO to deliver an evolved Atomic macOS Stealer. Learn why this social engineering tradecraft bypasses traditional network controls and the future of macOS infostealer defense.

A new independent report explores how Huntress’ approach to SAT supports real behavior change. Learn what works best in building security culture.

Huntress is seeing threat actors exploit React2Shell (CVE-2025-55182) to deploy a Linux backdoor, a reverse proxy tunnel, and a Go-based post-exploitation implant.

Hypervisors are a major target for ransomware attacks. Get expert guidance from Huntress on how to protect your virtualized infrastructure. Learn how to secure access, put runtime controls in place, simplify patching, and improve your recovery plans.

From fake UPS shipping notifications to PayPal-themed callback phishing, here are the five top phishing techniques we’re seeing this year.

Learn what the dark web looks like with an exploration of the far reaches of the internet, how you can get there, and what you might find… from a safe distance.

Huntress reports an uptick in threat actors abusing the Velociraptor open-source DFIR tool, linked to incidents involving WSUS exploitation, VS Code tunnels, and more.