.svg?width=185&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Home"){kind=logo}
.svg?width=13&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Top Navigation - Sign in - Icon")
Sophos Counter Threat Unit Research Team
Sophos Counter Threat Unit™ (CTU) researchers are recognized authorities in the cybersecurity field, regularly contributing expert analysis to global media, publishing technical analyses for the security community, and presenting about emerging threats at leading security conferences. Backed by Sophos’ advanced security technologies and a broad network of intelligence contacts and partners, the CTU™ plays a critical role in identifying and tracking threat actors and analyzing anomalous activity, uncovering new attack techniques, threats, and major shifts in the threat landscape.
Content by Sophos Counter Threat Unit Research Team
Threat Research
AI
Dark Web
underground
AI in the underground: Curiosity, claims, and concerns
June 17, 2026
Threat Research
AI
EDR
Pointing a Cursor at evading detection
June 2, 2026
Threat Research
Ransomware
WantToCry
SMB
WantToCry ransomware remotely encrypts files
May 19, 2026
Threat Research
advisory
Linux
Copy Fail
Proof-of-concept exploit available for Linux 'Copy Fail' vulnerability (CVE-2026-31431)
May 1, 2026
Threat Research
advisory
NPM
SAP
'Mini Shai-Hulud' supply chain attack targets SAP npm packages
April 29, 2026
Threat Research
advisory
vulnerability
Adobe Reader
Adobe Reader zero-day vulnerability in active exploitation
April 9, 2026
Threat Research
advisory
NPM
Axios
Axios npm package compromised to deploy malware
March 31, 2026
Threat Research
advisory
vulnerability
Oracle
Oracle vulnerability (CVE-2026-21992) impacts core products
March 23, 2026
Threat Research
NICKEL ALLEY
Contagious Interview
North Korea
clickfix
NICKEL ALLEY strategy: Fake it ‘til you make it
March 23, 2026
