Threat Research

The latest intelligence and analysis from Sophos X‑Ops threat experts

Featured Articles

RSS

May 15, 2025

Beyond the kill chain: What cybercriminals do with their money (Part 1)

Sophos X-Ops investigates what financially motivated threat actors invest their ill-gotten profits in, once the dust has settled

Threat Research

May 14, 2025

Microsoft primes 71 fixes for May Patch Tuesday

Threat Research

May 09, 2025

Lumma Stealer, coming and going

Security Operations Threat Research

May 20, 2025

A familiar playbook with a twist: 3AM ransomware actors dropped virtual machine with vishing and Quick Assist

Security Operations Threat Research

May 15, 2025

Beyond the kill chain: What cybercriminals do with their money (Part 5)

Threat Research

May 15, 2025

Beyond the kill chain: What cybercriminals do with their money (Part 4)

Threat Research

May 15, 2025

Beyond the kill chain: What cybercriminals do with their money (Part 3)

Threat Research

May 15, 2025

Beyond the kill chain: What cybercriminals do with their money (Part 2)

Threat Research

May 08, 2025

NICKEL TAPESTRY expands fraudulent worker operations

Security Operations Threat Research

April 29, 2025

Finding Minhook in a sideloading attack – and Sweden too

Threat Research

April 17, 2025

Moving CVEs past one-nation control

Security Operations Threat Research

April 16, 2025

Sophos Annual Threat Report appendix: Most frequently encountered malware and abused software

Security Operations Threat Research

Subscribe to get the latest updates in your inbox.