Learn how the Incident Report Timeline within Huntress Managed ITDR offers clear, chronological insights, enabling a decisive response to incidents.

SmarterMail versions prior to Build 9511 are vulnerable to privileged account takeover and remote code execution. Learn more about the latest Huntress DE&TH Team’s findings.

Vertical-specific construction applications face unique risks. Hacked apps stem from flaws in the software or its components, expanding the jobsite attack surface.

Fake ad blocker crashes your browser, then offers a "fix." Go inside KongTuke's CrashFix campaign, from malicious extension to ModeloRAT for VIP targets.

While investigating LDAP filters and attributes, I completely missed "SDFlags" in my Event 1644 logs. When I finally noticed it, the investigation led to nTSecurityDescriptor, attack path discovery, and a high-confidence detection signature.

Huntress researchers weigh in on the challenge of getting feature parity across Windows, macOS, and Linux. And learn how unique security models and platform maturity shape the way products are built.

Huntress outlines 2025 AI attack speed with automated scripts, but adversaries use familiar tradecraft. Detection and hygiene remain decisive.

Huntress outlines a complex, multi-step attack designed to break out of guest VMs and target the ESXi hypervisor, using potential zero-day vulnerabilities and sneaky VSOCK communication.

From lures involving Social Security statements to top domains and hashes used in attacks, here's an in-depth look at incidents involving ScreenConnect in 2025.

Your LDAP detection rules work in the lab but fail in production. Here's why Event 1644 whitespace variations break your Sigma rules and how to fix them.

From "React2Shell" exploitation to sophisticated "Living off Trusted Sites" phishing, Huntress experts break down the threats targeting both enterprises and families today.

Learn how supply chain attacks and shifting trust are reshaping the software supply chain, and what enterprises must do to strengthen resilience.

Think all threat actors are pros? This post reveals how 'unsophisticated' malware and attacker errors help defenders stop attacks before damage is done.

Understand the critical role of cyber insurance in safeguarding your business from cyber threats. Learn how this coverage can protect your assets.

Threat actors are exploiting a vulnerability in Gladinet’s CentreStack and Triofox products that stems from hardcoded cryptographic keys in the AES implementation.

Recently, the Huntress SOC has observed threat actors increasingly use PDQ and GoTo Resolve to deploy further remote monitoring and management (RMM) tools in attacks.

Learn why your LDAP detection rules never fire and how to fix them. Hint: it's the OID-to-bitwise transformation.

CMMC is coming. Learn how to turn this challenge into a major revenue opportunity for your business.

Attackers are exploiting user trust in AI and aggressive SEO to deliver an evolved Atomic macOS Stealer. Learn why this social engineering tradecraft bypasses traditional network controls and the future of macOS infostealer defense.

A new independent report explores how Huntress’ approach to SAT supports real behavior change. Learn what works best in building security culture.