April 02, 2025

It takes two: The 2025 Sophos Active Adversary Report

The dawn of our fifth year deepens our understanding of the enemies at the gate, and some tensions inside it; plus, an anniversary gift from us to you

Security OperationsThreat Research

December 12, 2024

The Bite from Inside: The Sophos Active Adversary Report

A sea change in available data fuels fresh insights from the first half of 2024

Security OperationsThreat Research

August 22, 2024

Qilin ransomware caught stealing credentials stored in Google Chrome

Familiar ransomware develops an appetite for passwords to third-party sites

Security OperationsThreat Research

August 13, 2024

Don’t get Mad, get wise

The “Mad Liberator” ransomware group leverages social-engineering moves to watch out for

Security OperationsThreat Research

June 12, 2024

RD Web Access abuse: Fighting back

Investigation insights and recommendations from a recent welter of incident-response cases

Security OperationsThreat Research

May 14, 2024

Sophos Incident Response achieves NCSC Certified Incident Response (CIR) Level 2 status

Products & Services

May 13, 2024

Extracting data from encrypted virtual disks: six seven methods

For incident responders, a variety of techniques for information retrieval from locked-up VMs

Security OperationsThreat Research

April 03, 2024

It’s Oh So Quiet (?): The Sophos Active Adversary Report for 1H 2024

The latter half of 2023 found numerous fronts on which attackers failed to press ahead. Are defenders failing to take advantage?

Threat Research

March 20, 2024

Remote Desktop Protocol: The Series

What is RDP, why is it a very nearly ubiquitous finding in incident response, and how can investigators run it to ground it when it goes wrong? An Active Adversary Special Report

Security OperationsThreat Research