Security Operations

Practical insights for defenders from the Sophos X‑Ops detection and response specialists

Featured Articles

RSS

May 27, 2025

DragonForce actors target SimpleHelp vulnerabilities to attack MSP, customers

Ransomware actor exploited RMM to access multiple organizations; Sophos EDR blocked encryption on customer’s network

Security Operations Threat Research

May 20, 2025

A familiar playbook with a twist: 3AM ransomware actors dropped virtual machine with vishing and Quick Assist

Security Operations Threat Research

May 09, 2025

Lumma Stealer, coming and going

Security Operations Threat Research

May 08, 2025

NICKEL TAPESTRY expands fraudulent worker operations

Security Operations Threat Research

April 17, 2025

Moving CVEs past one-nation control

Security Operations Threat Research

April 16, 2025

Sophos Annual Threat Report appendix: Most frequently encountered malware and abused software

Security Operations Threat Research

April 16, 2025

The Sophos Annual Threat Report: Cybercrime on Main Street 2025

Security Operations Threat Research

April 02, 2025

It takes two: The 2025 Sophos Active Adversary Report

Security Operations Threat Research

April 01, 2025

Qilin affiliates spear-phish MSP ScreenConnect admin, targeting customers downstream

Security Operations Threat Research

March 28, 2025

Stealing user credentials with evilginx

Security Operations Threat Research

January 21, 2025

Sophos MDR tracks two ransomware campaigns using “email bombing,” Microsoft Teams “vishing”

Security Operations Threat Research

December 19, 2024

Phishing platform Rockstar 2FA trips, and “FlowerStorm” picks up the pieces

Security Operations Threat Research

Subscribe to get the latest updates in your inbox.