Social engineering has evolved. Device code phishing and AI lures bypass MFA and blend in. Build a cyber resilience strategy before the next attack lands.
Your background is gone, but malware is here. Huntress breaks down BackgroundFix, a new ClickFix social engineering tactic involving CastleLoader, NetSupport RAT, and CastleStealer. Read the analysis.
Huntress found threat actors using the Komari monitoring agent as a SYSTEM-level backdoor. Learn how they abused GitHub and what defenders should hunt for.
See how Huntress EDR/ITDR Correlations stop infostealer-driven attacks before stolen credentials can be reused, linking endpoint compromise to cloud identities for one coordinated response.
Attackers are building workflows around AIβfake tools, spoofed answers, and machine-speed phishing. See how Huntress is tracking this shift and what it means for defenders.
A developer used OpenAIβs Codex to handle suspicious activity, leading to unexpected outcomes found by Huntress SOC analysts during an investigation.
A few weeks after the major axios npm supply chain attack, a group of researchers from Huntress, Wiz, and Aikido Security debriefed on the compromiseβs lasting impacts.
Huntress observed in-the-wild use of Nightmare-Eclipse tooling, including BlueHammer, RedSun, and UnDefend, in a live intrusion involving FortiGate VPN compromise as the initial access, reconnaissance commands, and likely tunneling activity.
A Linux user recently tried to respond to potentially malicious behavior on their machine using OpenAIβs Codex coding agent, before installing the Huntress agent. What ensued shows the unexpected impacts of this AI use case on DFIR investigations.
Standard EDR creates a gap between detection and action. Huntress closes it. Learn how our Attack Disruption Engine automatically disrupts threat actors and reduces the impact of endpoint attacks.
VPN misconfiguration is behind 70% of intrusions. See real Huntress SOC incidents and learn the simple steps to close your biggest open door before attackers walk through it.
Huntress uncovered a malware operation using signed PUP to deploy AV killers with SYSTEM privileges. Learn how this adware crosses the line into malware territory and how anyone could have hijacked their update mechanism.
Donβt forget to secure your side doors. Attackers look for the systems you treat as secondary. Don't neglect staging environments, as theyβre a critical part of your attack surface.
Attackers are already targeting the AI tools your team just started using. Here's what that looks like when it lands in your own environment. And what actually stops it.
Event 1644 shows localhost, hiding the attacker's real IP. By correlating Event 5156 with a ~60-80ms timing window, you can attribute ADWS queries to their actual sourceβand the data was already in your SIEM.
A threat actor enumerated our entire AD with Get-ADComputer, and none of our detections fired. The problem wasn't their evasion - it was an architectural blind spot in how PowerShell talks to Active Directory.
The Stryker incident revealed that a "Weaponized Remote Wipe" via compromised MDM is a more permanent and difficult threat than ransomware. Learn concrete steps to secure management platforms and prevent your security shield from becoming a weapon.
A recent incident linked to the NightSpire ransomware workflow gives insight into why the RaaS structure and model, or lack thereof, are important β especially when it comes to scoping and recovering from the incident.