Cl0p Ransomware Lists NHS UK as Victim, Days After Washington Post Breach

Cl0p ransomware lists NHS UK as a victim days after The Washington Post confirms a major Oracle E-Business breach linked to CVE-2025-61882...

Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign

Microsoft 365 Defender researchers recently uncovered and disrupted a large-scale business email compromise BEC infrastructure hosted in multiple web services. Attackers used this cloud-based infrastructure to compromise mailboxes via phishing and add forwarding rules, enabling these attackers to...

Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign

Microsoft 365 Defender researchers recently uncovered and disrupted a large-scale business email compromise BEC infrastructure hosted in multiple web services. Attackers used this cloud-based infrastructure to compromise mailboxes via phishing and add forwarding rules, enabling these attackers to...

A case study in industry collaboration: Poisoned RDP vulnerability disclosure and response

Earlier this year, I reached out to Check Point researcher Eyal Itkin, who had published multiple flaws in several Remote Desktop Protocol RDP clients, including a vulnerability in mstsc.exe, the built-in RDP client application in Windows. While there were no active exploits detected in the wild,...

Countdown to Black Hat: Top 10 Sessions to Attend — #7

Black Hat USA 2019 is just weeks away, and with scores of training courses and research briefings to choose from, planning your schedule can be a challenge. To help you, we’re posting a weekly recommendation on our blog, and explaining why we think Qualys customers could find it useful and...

Honeybits - A Simple Tool Designed To Enhance The Effectiveness Of Your Traps By Spreading Breadcrumbs & Honeytokens Across Your Systems

A simple tool designed to enhance the effectiveness of your traps by spreading breadcrumbs & honeytokens across your production servers and workstations to lure the attacker toward your honeypots. Author: Adel "0x4D31" Karimi. Background The problem with the traditional implementation of honeypot...

Uncovering cross-process injection with Windows Defender ATP

Windows Defender Advanced Threat Protection Windows Defender ATP is a post-breach solution that alerts security operations SecOps personnel about hostile activity. As the nature of attacks evolve, Windows Defender ATP must advance so that it continues to help SecOps personnel uncover and address...

Data Breaches Show Difficulty of Defenders' Task

When attackers broke into the network of the University of Maryland last month, the university’s wasn’t sure how to react. The organization had never had a major security incident before, and this one qualified as major: 310,000 Social Security numbers and other information was gone. And then thr...