Skip to Content
Get started
Open search
Focus Scroll Background

Threat Research

RSS

Threat Research

STAC6405

infostealer

RMM

Phishing

Incident responders, s'il vous plait: Invites lead to odd malware events

A phishing campaign targeting multiple organizations led to RMM installations – but not much else (yet). A threat actor experimenting, or an access-as-a-service attack underway?
Vidura Ehalapitiya
Frankie Franko
Marcus Jacobson
Pratik Gujar
Mallikarjuna Kanike

Threat Research

Iran

initial access

Initial access techniques used by Iran-based threat actors

Analysis of attacks originating from Iran-linked threat groups reveals a preference for certain techniques
Sophos Counter Threat Unit Research Team

Threat Research

MacOS

infostealer

clickfix

MacSync

Social engineering

Evil evolution: ClickFix and macOS infostealers

Across three recent campaigns, Sophos X-Ops notes shifts in both lures and malware capabilities, as threat actors leveraging ClickFix techniques increasingly target macOS users with infostealers
Jagadeesh Chandraiah
Tonmoy Jitu
Dmitry Samosseiko
Matt Wixey
Adobe Reader advisory feature image

Threat Research

advisory

vulnerability

Adobe Reader

Adobe Reader zero-day vulnerability in active exploitation

Axios npm advisory featured image

Threat Research

advisory

NPM

Axios

Axios npm package compromised to deploy malware

Fake building, just a facade

Threat Research

NICKEL ALLEY

Contagious Interview

North Korea

clickfix

NICKEL ALLEY strategy: Fake it 'til you make it

Oracle 21992 advisory featured image

Threat Research

advisory

vulnerability

Oracle

Oracle vulnerability (CVE-2026-21992) impacts core products

Feature image - Android devices ship with firmware-level malware

Threat Research

Android

Keenadu

Android devices ship with firmware-level malware

getty-1357700030-pt2603-illo-path.jpg

Threat Research

Patch Tuesday

x-ops

Microsoft

Windows

detection

March Patch Tuesday visits 15 product families

SDWAN2602-hero.jpg

Threat Research

advisory

vulnerability

SD-WAN

Cisco SD-WAN vulnerabilities (CVE-2026-20127, CVE-2022-20775) in active exploitation

GettyImages-472053573.jpg

Threat Research

X-ops

Patch Tuesday

Microsoft

Windows

February’s Patch Tuesday assumes battle stations

A silver-white robot hand holding a silver tray on its fingertips, against a blurred background of a large room

Threat Research

AI

LLM

OpenClaw

CISO

risk

Sophos X-Ops

The OpenClaw experiment is a warning shot for enterprise AI security