.svg?width=185&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Home"){kind=logo}
.svg?width=13&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Top Navigation - Sign in - Icon")
Sean Gallagher
Sean Gallagher is Principal Threat Researcher, Sophos X-Ops. Prior to joining Sophos, he was an information security and technology journalist for over 30 years, including 10 as information security and national security editor for Ars Technica.
Content by Sean Gallagher
AI Research
Threat Research
AI
cybercrime
Dark Web
Featured
threat activity cluster
threat actors
Using AI to identify cybercrime masterminds
June 30, 2025
Security Operations
Threat Research
Dragonforce
Featured
MSP
Simplehelp
Sophos MDR Incident Response
Sophos X-Ops
supply chain compromise
DragonForce actors target SimpleHelp vulnerabilities to attack MSP, customers
May 27, 2025
Security Operations
Threat Research
3am ransomware
Featured
vishing
A familiar playbook with a twist: 3AM ransomware actors dropped virtual machine with vishing and Quick Assist
May 20, 2025
Security Operations
Threat Research
Annual Threat Report
Attack Tools
Dual-use tools
malware trends 2024
Sophos Annual Threat Report appendix: Most frequently encountered malware and abused software
April 16, 2025
Security Operations
Threat Research
Annual Threat Report
Featured
midsize businesses
small businesses
The Sophos Annual Threat Report: Cybercrime on Main Street 2025
April 16, 2025
Security Operations
Threat Research
adversary in the middle
Featured
MFA
MFA phishing
qilin
RMM
ScreenConnect
Sophos X-Ops
supply chain compromise
Qilin affiliates spear-phish MSP ScreenConnect admin, targeting customers downstream
April 1, 2025
Security Operations
Threat Research
Black Basta
Featured
Fin7
Java malware
legitimate service abuse
Microsoft Office 365
python malware
Quick Assist
remote machine management
Sophos X-Ops
STAC5143
stac5777
Teams
Sophos MDR tracks two ransomware campaigns using “email bombing,” Microsoft Teams “vishing”
January 21, 2025
Security Operations
Threat Research
CloudFlare
Featured
FlowerStorm
legitimate service abuse
Phishing
phishing-as-a-service
Rockstar
Rockstar2FA
Sophos MDR
Sophos X-Ops
Phishing platform Rockstar 2FA trips, and “FlowerStorm” picks up the pieces
December 19, 2024
AI Research
deepspeed
Featured
LLM
LLM tuning
DeepSpeed: a tuning tool for large language models
December 13, 2024
