Threat Briefings

TeamPCP open-sourced Shai-Hulud today. The OIDC token extraction technique that made the TanStack attack different from every previous campaign is now a public toolkit.

ShinyHunters isn't a single group. It's a pattern of attacks where authentication succeeds. Here's how to detect them before the data warehouse.

Attackers bypass MFA using non-interactive sign-ins. Learn how to detect and stop credential-based threats before they escalate.

Another supply-chain breach hit SaaS in April 2026 — Anodot tokens used to access Snowflake. Why the same ShinyHunters-branded pattern keeps repeating, and what makes the MO hard to detect.

A compromised npm package is only the entry point. The axios incident shows how quickly attackers pivot from code execution to credential abuse, identity misuse, and cloud access.

Detect how Sliver C2 evades traditional beacon detection and how behavioral AI identifies command-and-control activity hidden in encrypted traffic.

Learn how attackers move laterally across hybrid networks, abusing identity, credentials, and legitimate tools to reach critical systems before launching ransomware or stealing data.

Learn how attackers maintain hidden access inside hybrid networks and how SOC teams can detect persistence before it leads to data theft or ransomware.

Inside the Stryker incident: how Handala likely moved from identity access to disruption, and the identity, scripting, and data transfer signals SOC teams should watch.

An AI-driven AWS attack reached admin access in minutes using valid credentials. Learn how identity abuse and automation compress cloud attack timelines.

Molt Road reveals how attacker marketplaces could evolve when autonomous agents trade services, coordinate attacks, and remove humans from the loop.

Moltbook exposes how autonomous AI agents turn trust and interaction into attack paths, enabling prompt injection, lateral movement, and covert command and control.

Clawdbot – now Moltbot – shows how autonomous AI agents become shadow superusers, enabling initial access, lateral movement, and ransomware when trust is abused.

Threat actors try to stay invisible, but OPSEC mistakes keep exposing them. A look at real-world failures and what they reveal about human error and AI-driven attacks.

Pro-Russia hacktivists are disrupting critical infrastructure by abusing legitimate access. Learn how these OT attacks work and why traditional tools miss them.

How the Shai-Hulud worm hijacked trusted development tools and why defenders need behavioral visibility to catch the attack after the first package is installed.

Chinese state-backed Typhoon APTs infiltrate networks using trusted tools. Learn how the Vectra AI Platform detects their stealthy, persistent behavior.

From Conti to Black Basta to DevMan, ransomware code keeps resurfacing. See how behavioral AI detects the attacker behaviors that rebrands cannot hide.

The F5 compromise shows how attackers abuse trusted edge systems. Behavioral detection spots hidden persistence where perimeter tools fail.

Qilin’s 2025 variants use MFA bombing, SIM swapping, and AES-256-CTR encryption to evade detection. Discover how the Vectra AI Platform exposes their behavior before encryption starts.

Crimson Collective says defenders only “map the coastline.” See how Vectra AI dives deeper, turning cloud and identity telemetry into real-time detection of hidden threats.

The Cl0p ransomware group’s link to the Oracle EBS exploit sparks debate. Learn how supply chain attacks evolve and what defenders must do next.

The Crimson Collective claims to have stolen Red Hat consulting data, exposing customer engagement reports. Learn why consulting artifacts are prime attacker targets and how Vectra AI helps close the gap.

Patching stops entry, but not attacker behavior. See how detection closes the post-exploitation gap

Discover how BRICKSTORM hid for 400 days in enterprise blind spots and learn how Vectra AI closes detection gaps across network, identity, and cloud.

Scattered Lapsus$ Hunters may claim they’re gone, but The Com endures. Cybercrime has moved beyond ransomware into an era where extortion is the goal.

LockBit is back with version 5.0. Discover its new features, TTPs, and how SOC teams can detect attacks where prevention alone falls short.

Discover how GLOBAL RaaS empowers affiliates with enterprise-scale ransomware features, and how Vectra AI detects threats others miss.

Play ransomware is evolving fast. Learn how new tactics evade legacy tools and how Vectra AI delivers the coverage, clarity, and control to stop it.

Learn how threat actors are abusing Brute Ratel (BRC4): a red teaming and adversary simulation tool to evade your defenses and how to detect it.

CISA’s latest advisory warns about fast flux, a technique attackers use to evade detection. Learn how Vectra AI’s behavioral analytics detect and stop it.

Learn how attackers use metadata search engines like Shodan and FOFA to identify vulnerable systems and build lists of targets.

Attackers abuse EV certificates to sign malware and evade detection. Learn how they steal, use, and automate trusted code signing for ransomware.

Ghost ransomware exploits known CVEs to encrypt data within hours of access. Learn which behaviors signal an active Ghost intrusion.

Learn how to detect and mitigate ransomware attacks targeting AWS S3 buckets. Discover best practices and how Vectra AI can help secure your cloud.

Salt Typhoon targets global telcos. Learn how improved visibility, hardening, and Vectra AI help defend against these advanced threats.

SIM swapping and phishing proxies bypass SMS MFA. See how attackers exploit it and which alternatives reduce risk