The ransomware name on the ransom note doesn't tell the full story. See how RaaS affiliates drive initial access, persistence, and exfiltration and what defenders should watch for.
Exposed RDP is still one of the most reliable ways attackers get in and most teams don't know it's open. See real cases where it was caught before it became a catastrophe.
Threat actors are actively targeting your security tools. Learn how threat actors disable antivirus and EDR through vulnerable drivers, tampering attacks, and malicious firewall rules, and how Huntress detects.
Learn how critical Linux kernel flaws in CopyFail, Dirty Frag, and Fragnesia let unprivileged users escalate to root access. See what security teams can do to remediate.
The Huntress Γ Acrisure Cyber Insurance Program now simplifies cyber insurance. Get streamlined coverage and a $0 deductible on Tech E&O or Cyber policies when using Managed EDR and Managed ITDR.
Device code phishing doesn't need stolen passwords or malwareβjust a legitimate auth flow. Learn how EvilTokens weaponized AI to run this attack across 344 organizations.
An interview with Huntress Account Executive Andrea Colon about the emotional toll of a cyber breach on small businesses and the company's mission to restore peace of mind.
A fully patched Windows Server 2025 domain is vulnerable to dMSA Ouroborosβa self-sustaining credential extraction technique requiring only standard delegated permissions. Learn how it works, why remediation fails, and how to detect it.
Social engineering has evolved. Device code phishing and AI lures bypass MFA and blend in. Build a cyber resilience strategy before the next attack lands.
Your background is gone, but malware is here. Huntress breaks down BackgroundFix, a new ClickFix social engineering tactic involving CastleLoader, NetSupport RAT, and CastleStealer. Read the analysis.
Huntress found threat actors using the Komari monitoring agent as a SYSTEM-level backdoor. Learn how they abused GitHub and what defenders should hunt for.
See how Huntress EDR/ITDR Correlations stop infostealer-driven attacks before stolen credentials can be reused, linking endpoint compromise to cloud identities for one coordinated response.
Attackers are building workflows around AIβfake tools, spoofed answers, and machine-speed phishing. See how Huntress is tracking this shift and what it means for defenders.
A developer used OpenAIβs Codex to handle suspicious activity, leading to unexpected outcomes found by Huntress SOC analysts during an investigation.
A few weeks after the major axios npm supply chain attack, a group of researchers from Huntress, Wiz, and Aikido Security debriefed on the compromiseβs lasting impacts.
Huntress observed in-the-wild use of Nightmare-Eclipse tooling, including BlueHammer, RedSun, and UnDefend, in a live intrusion involving FortiGate VPN compromise as the initial access, reconnaissance commands, and likely tunneling activity.