Threat Research

RSS

Threat Research

MacOS

infostealer

clickfix

MacSync

Social engineering

Evil evolution: ClickFix and macOS infostealers

Across three recent campaigns, Sophos X-Ops notes shifts in both lures and malware capabilities, as threat actors leveraging ClickFix techniques increasingly target macOS users with infostealers

Threat Research

hacktivism

Iran

israel

Operation Epic Fury

Hacktivist campaigns increase as United States, Iran, and Israel conflict intensifies

Rising tensions have sparked an increase in regional hacktivist activity, but impact has been minimal

Sophos Counter Threat Unit Research Team

Security Operations

Threat Research

Active Adversary

Active Adversary Report

Nowhere, man: The 2026 Active Adversary Report

AI headline hype didn’t deliver a sea change for practical defense — but one below-the-radar development should

Threat Research

Ransomware

cybercrime

state-sponsored ransomware

victimization

Eeny, meeny, miny, moe? How ransomware operators choose victims

Most ransomware attacks are opportunistic, not targeted at a specific sector or region

Threat Research

advisory

vulnerability

SD-WAN

Cisco SD-WAN vulnerabilities (CVE-2026-20127, CVE-2022-20775) in active exploitation

A silver-white robot hand holding a silver tray on its fingertips, against a blurred background of a large room

Threat Research

LLM

OpenClaw

CISO

risk

Sophos X-Ops

The OpenClaw experiment is a warning shot for enterprise AI security

Threat Research

X-ops

Patch Tuesday

Microsoft

Windows

February’s Patch Tuesday assumes battle stations

Threat Intelligence Executive Report – Volume 2025, Number 6

Threat Research

EDR killer

infostealer

Ransomware

Threat Intelligence Executive Report – Volume 2025, Number 6

Threat Research

virtual machine

cybercrime

Ransomware

ISPs

Malicious use of virtual machine infrastructure

Threat Research

Microsoft Office

vulnerability

advisory

Microsoft Office vulnerability (CVE-2026-21509) in active exploitation

Threat Research

TamperedChef

EvilAI

infostealer

Sophos X-Ops

TamperedChef serves bad ads, with infostealers as the main course

A computer hard disk on fire against a white background

Threat Research

Ransomware

Hive

Lockbit

BlackCat

LLM

Money Laundering

Laughter in the dark: Tales of absurdity from the cyber frontline and what they taught us

Threat Research

ATT&CK

Emulation

Featured

MITRE

MUSTANG PANDA

scattered spider

Sophos X-Ops

Game of clones: Sophos and The MITRE ATT&CK Enterprise 2025 Evaluations

…