From Windows Telemetry to Arrest: How Microsoft’s GDID Helped Connect the Dots
Executive Summary The arrest and extradition of an alleged Scattered Spider member drew attention...
Read MoreLoaderClient Malware Analysis: How WeedHack Uses Ethereum Smart Contracts for Resilient C2 Infrastructure
Executive Summary LoaderClient is a Minecraft-based malware loader linked to the WeedHack...
Read MoreHow a Go Binary Locks Down Enterprise Networks in Minutes: The Story Behind Gentlemen Ransomware
Overview The enterprise threat landscape in 2026 has been reshaped by the rapid ascent of...
Read MoreInside Modern Supply Chain Intrusions: From CI/CD Abuse to Ecosystem-Wide Compromise
Modern supply chain intrusions are attacks that compromise trusted software development systems,...
Read MoreBeyond TTPs: A Better Way to Attribute APT Activity Through Campaign Linkage
Introduction Attribution in cyber threat intelligence has long been built around the concept of...
Read MoreCrypto Money Laundering
Crypto Money Laundering: Definition, Stages, and Common Techniques Money laundering is the process...
Read MoreThe Ransomware Ecosystem: Roles, Tools, and How Modern RaaS Attacks Work
Ransomware is no longer just a malicious program deployed by a single attacker — it has evolved...
Read MoreSmishing Triad Targets Egypt’s Financial Sector and Postal Services
Recently, during one of our threat hunting operations, our squad identified multiple malicious...
Read MoreThreat Profile: APT35 (Charming Kitten)
Executive Summary APT35, also known as Magic Hound and Charming Kitten, is an Iranian state-backed...
Read MoreSuspicious ScreenConnect Abuse by Threat Actors
Recently observed an uptick in threat actors abusing RMM tools for initial access via...
Read More