Threat Intelligence

Inside EDR-Freeze: How ThreatDown stops the attack before it spreads

EDR-Freeze exploits legitimate Windows functionality to suspend security software, and it works entirely in user-mode using native Windows components.

11 minutes

EDR vs MDR vs XDR – What’s the Difference?

Learn about the differences between EDR, MDR, and XDR solutions—and how they each alleviate the challenges of cybersecurity teams.

5 minutes

KMSpico explained: No, KMS is not “kill Microsoft”

KMSpico is one of the most popular hack tools for activating pirated copies of Microsoft products. Here’s why we don’t…

3 minutes

When you shouldn’t trust a trusted root certificate

A trusted root certificate is the cornerstone of authentication and security on the Internet. But even this can be abused.…

5 minutes

Ransomware in April 2025—RansomHub is gone

While DaVita and Marks & Spencer reel from devastating attacks, the most dominant ransomware group of the last year has…

1 minute

Ransomware in March 2025

March 2025 saw a huge number of ransomware attacks, and the Pennsylvania State Education Association quietly notify over 500,000 current…

1 minute

Has AI changed malicious script obfuscation techniques?

Obfuscation techniques have changing since generative AI became widely available.

3 minutes

Fake Booking.com emails target hotels

A new phishing campaign is using a famous brand to compromise hotels.

1 minute

Ransomware in February 2025—Cl0p and RansomHub run riot

The Cl0p ransomware group posted data on 335 victims in February 2025, by far the largest one month total any…

2 minutes

Phishers go “interplanetary” to get company login credentials

An ongoing campaign to harvest company login credentials is using IPFS to host its phishing pages.

1 minute

“Enhanced Bonus” QR code phish steals Microsoft credentials

A personalized phishing attack could lead to a catastrophic loss of credentials.

2 minutes

USB worms: Still wriggling on to under-protected computers after all these years

Malware doesn't care if it's being talked about or not.

2 minutes

ThreatDown State of Malware report 2025

The ThreatDown State of Malware report focuses on a few key developments that we witnessed in 2024.

2 minutes

Ransomware in December 2024—Cl0p returns

December 2024 saw the unwelcome return of the notorious Cl0p ransomware gang.

1 minute

Clipboard hijacker tries to install a Trojan

Criminals are attempting to get users to install malware from the clipboard.

2 minutes

Sysrv cryptomining botnet is still alive (and kicking out the competition)

Sysrv cryptomining botnets are still active, and analysis shows they are actively kicking out other malware.

4 minutes

Beluga phishing campaign targets OneDrive credentials

The Beluga phishing campaign uses .htm files to capture your company OneDrive credentials.

2 minutes

How the Black Basta ransomware gang hides Cobalt Strike beacons with PowerShell

Ransomware gangs love PowerShell.

4 minutes

A visit to a print shop put a password stealer on a co-worker’s laptop

Old-school malware distribution methods have a habit of hanging around long after people stop talking about them.

2 minutes

Watch out! Mobidash Android adware spread through phishing and online links

ThreatDown has uncovered a new campaign spreading the MobiDash adware for Android.

1 minute

Products

Services

Features

Platforms

Why ThreatDown

Inside EDR-Freeze: How ThreatDown stops the attack before it spreads

EDR vs MDR vs XDR – What’s the Difference?

KMSpico explained: No, KMS is not “kill Microsoft”

When you shouldn’t trust a trusted root certificate

Ransomware in April 2025—RansomHub is gone

Ransomware in March 2025

Has AI changed malicious script obfuscation techniques?

Fake Booking.com emails target hotels

Ransomware in February 2025—Cl0p and RansomHub run riot

Phishers go “interplanetary” to get company login credentials

“Enhanced Bonus” QR code phish steals Microsoft credentials

USB worms: Still wriggling on to under-protected computers after all these years

ThreatDown State of Malware report 2025

Ransomware in December 2024—Cl0p returns

Clipboard hijacker tries to install a Trojan

Sysrv cryptomining botnet is still alive (and kicking out the competition)

Beluga phishing campaign targets OneDrive credentials

How the Black Basta ransomware gang hides Cobalt Strike beacons with PowerShell

A visit to a print shop put a password stealer on a co-worker’s laptop

Products & Services

Partners

Managed Services Terms & Conditions

Resources

Support

Company

Get in Touch

Products

Services

Features

Platforms

Why ThreatDown

Threat Intelligence

Categories