AI-orchestrated cyberattacks
Sophisticated attackers once struggled to scale. Now, experienced groups can scale by adding agents to their workforce, and inexperienced or…
4 minutes
Threat Intelligence
Inside EDR-Freeze: How ThreatDown stops the attack before it spreads
EDR-Freeze exploits legitimate Windows functionality to suspend security software, and it works entirely in user-mode using native Windows components.
11 minutes
EDR vs MDR vs XDR – What’s the Difference?
Learn about the differences between EDR, MDR, and XDR solutions—and how they each alleviate the challenges of cybersecurity teams.
5 minutes
KMSpico explained: No, KMS is not “kill Microsoft”
KMSpico is one of the most popular hack tools for activating pirated copies of Microsoft products. Here’s why we don’t…
3 minutes
When you shouldn’t trust a trusted root certificate
A trusted root certificate is the cornerstone of authentication and security on the Internet. But even this can be abused.…
5 minutes
Ransomware in April 2025—RansomHub is gone
While DaVita and Marks & Spencer reel from devastating attacks, the most dominant ransomware group of the last year has…
1 minute
Ransomware in March 2025
March 2025 saw a huge number of ransomware attacks, and the Pennsylvania State Education Association quietly notify over 500,000 current…
1 minute
Has AI changed malicious script obfuscation techniques?
Obfuscation techniques have changing since generative AI became widely available.
3 minutes
Fake Booking.com emails target hotels
A new phishing campaign is using a famous brand to compromise hotels.
1 minute
Ransomware in February 2025—Cl0p and RansomHub run riot
The Cl0p ransomware group posted data on 335 victims in February 2025, by far the largest one month total any…
2 minutes
Phishers go “interplanetary” to get company login credentials
An ongoing campaign to harvest company login credentials is using IPFS to host its phishing pages.
1 minute
“Enhanced Bonus” QR code phish steals Microsoft credentials
A personalized phishing attack could lead to a catastrophic loss of credentials.
2 minutes
USB worms: Still wriggling on to under-protected computers after all these years
Malware doesn't care if it's being talked about or not.
2 minutes
ThreatDown State of Malware Report 2025: Autonomous AI and Ransomware
The ThreatDown State of Malware report focuses on a few key developments that we witnessed in 2024.
3 minutes
Ransomware in December 2024—Cl0p returns
December 2024 saw the unwelcome return of the notorious Cl0p ransomware gang.
1 minute
Clipboard hijacker tries to install a Trojan
Criminals are attempting to get users to install malware from the clipboard.
2 minutes
Sysrv cryptomining botnet is still alive (and kicking out the competition)
Sysrv cryptomining botnets are still active, and analysis shows they are actively kicking out other malware.
4 minutes
Beluga phishing campaign targets OneDrive credentials
The Beluga phishing campaign uses .htm files to capture your company OneDrive credentials.
2 minutes
How the Black Basta ransomware gang hides Cobalt Strike beacons with PowerShell
Ransomware gangs love PowerShell.
4 minutes
A visit to a print shop put a password stealer on a co-worker’s laptop
Old-school malware distribution methods have a habit of hanging around long after people stop talking about them.
2 minutes
