Threat Briefings

Stay ahead of the latest cybersecurity threats with decrypted attack and threat insights designed to keep your organization secure and resilient.

Lucie Cardiet
and
VECT and TeamPCP: The Ransomware Kill Chain, Reversed

TeamPCP collected 500,000+ cloud credentials from CI/CD pipelines before anyone was targeted. VECT used that archive to select ransomware victims. Why your exposure may already be determined.

Read more
Lucie Cardiet
and
The FBI wrote down the Scattered Spider playbook, and it starts with a phone call

An FBI complaint against a Scattered Spider member documents a full help-desk attack: vishing, an MFA reset, ngrok exfiltration, and why authentication succeeded at every step.

Read more
Lucie Cardiet
and
FortiBleed: You Cannot Patch a Valid Login

FortiBleed exposed valid logins for 86,644 Fortinet firewalls. No CVE, nothing to patch. Why a working login slips past prevention, and where to catch it.

Read more

Videos

Threat Briefings
Threat Briefing: The NPM Exploit that Turned into a Self-Spreading Worm

Discover how the initial NPM exploit evolved into a self-spreading worm, Shai Hulud, and learn key lessons to protect your software supply chain.

Briefings

Insights straight to your inbox

Sign up for bi-weekly threat briefings and security research findings