May 09, 2025 Lumma Stealer, coming and going The high-profile information stealer switches up its TTPs, but keeps the CAPTCHA tactic; we take a deep dive Security Operations Threat Research
May 08, 2025 NICKEL TAPESTRY expands fraudulent worker operations The North Korean IT worker scheme grows to include organizations in Europe and Asia and industries beyond the technology sector Security OperationsThreat Research
April 17, 2025 Moving CVEs past one-nation control A near-miss episode of attempted defunding spotlights a need for a better way Security OperationsThreat Research
April 16, 2025 Sophos Annual Threat Report appendix: Most frequently encountered malware and abused software These are the tools of the trade Sophos detected in use by cybercriminals over 2024 Security OperationsThreat Research
April 16, 2025 The Sophos Annual Threat Report: Cybercrime on Main Street 2025 Ransomware remains the biggest threat, but old and misconfigured network devices are making it too easy Security OperationsThreat Research
April 02, 2025 It takes two: The 2025 Sophos Active Adversary Report The dawn of our fifth year deepens our understanding of the enemies at the gate, and some tensions inside it; plus, an anniversary gift from us to you Security OperationsThreat Research
April 01, 2025 Qilin affiliates spear-phish MSP ScreenConnect admin, targeting customers downstream Attack matches three-year long pattern of ScreenConnect attacks tracked by Sophos MDR as STAC4365. Security OperationsThreat Research
March 28, 2025 Stealing user credentials with evilginx A malevolent mutation of the widely used nginx web server facilitates Adversary-in-the-Middle action, but there’s hope Security OperationsThreat Research
January 21, 2025 Sophos MDR tracks two ransomware campaigns using “email bombing,” Microsoft Teams “vishing” Sophos MDR identifies a new threat cluster riffing on the playbook of Storm-1811, and amped-up activity from the original connected to Black Basta ransomware. Security OperationsThreat Research
December 19, 2024 Phishing platform Rockstar 2FA trips, and “FlowerStorm” picks up the pieces A sudden disruption of a major phishing-as-a-service provider leads to the rise of another…that looks very familiar Security OperationsThreat Research
December 12, 2024 The Bite from Inside: The Sophos Active Adversary Report A sea change in available data fuels fresh insights from the first half of 2024 Security OperationsThreat Research
December 11, 2024 Sophos excels in the 2024 MITRE ATT&CK® Evaluations: Enterprise Results from the latest ATT&CK Evaluations for endpoint detection and response solutions. Products & ServicesSecurity Operations