SophosAI at Black Hat USA ’25: Anomaly detection betrayed us, so we gave it a new job

June 30, 2025

Using AI to identify cybercrime masterminds

Analyzing dark web forums to identify key experts on e-crime

AI ResearchThreat Research

June 26, 2025

Taking the shine off BreachForums

ShinyHunters threat group members were arrested in a coordinated law enforcement action for their association with BreachForums

Threat Research

June 13, 2025

June Patch Tuesday digs into 67 bugs

An extremely Windows-heavy month, with a surprise cameo by... Sophos?!

Threat Research

June 04, 2025

The strange tale of ischhfd83: When cybercriminals eat their own

A simple customer query leads to a rabbit hole of backdoored malware and game cheats

Threat Research

May 27, 2025

DragonForce actors target SimpleHelp vulnerabilities to attack MSP, customers

Ransomware actor exploited RMM to access multiple organizations; Sophos EDR blocked encryption on customer’s network

Security OperationsThreat Research

May 21, 2025

DragonForce targets rivals in a play for dominance

Not content with attacking retailers, this aggressive group is fighting a turf war with other ransomware operators

Threat Research

May 20, 2025

A familiar playbook with a twist: 3AM ransomware actors dropped virtual machine with vishing and Quick Assist

Another adversary picks up the email bombing / vishing Storm-1811 playbook, doing thorough reconnaissance to target specific employees with fake help desk call—this time, over the phone.

Security OperationsThreat Research

May 15, 2025

Beyond the kill chain: What cybercriminals do with their money (Part 5)

In the last of our five-part series, Sophos X-Ops explores the implications and opportunities arising from threat actors’ involvement in real-world industries and crimes

Threat Research

May 15, 2025

Beyond the kill chain: What cybercriminals do with their money (Part 4)

In the fourth of our five-part series, Sophos X-Ops explores threat actors’ real-world criminal business interests

Threat Research