threat hunting

China-linked spies backdoored authentication stack to stay hidden for years

APT, authentication, Don't miss, enterprise, Hot stuff, intrusion detection, Linux, News, remediation, Sygnia, threat hunting /

China-linked spies backdoored authentication stack to stay hidden for years 2026-06-15 at 18:27 By Zeljka Zorz A China-linked cyber espionage group known as Velvet Ant spent nearly a decade inside the internal network of an unnamed organization without being detected, according to the results of a forensic investigation published by cybersecurity firm Sygnia. The group’s […]

China-linked spies backdoored authentication stack to stay hidden for years Read More »

What vibe hunting gets right about AI threat hunting, and where it breaks down

Artificial Intelligence, cybersecurity, Don't miss, Exaforce, Features, Hot stuff, LLMs, News, opinion, threat hunting /

What vibe hunting gets right about AI threat hunting, and where it breaks down 2026-04-10 at 08:57 By Mirko Zorz In this Help Net Security interview, Aqsa Taylor, Chief Security Evangelist, Exaforce, explains vibe hunting, an AI-driven approach to threat detection that inverts traditional hypothesis-driven methods. Instead of analysts defining attack vectors upfront, the AI

What vibe hunting gets right about AI threat hunting, and where it breaks down Read More »

Cyber Insights 2026: Threat Hunting in an Age of Automation and AI

Artificial Intelligence, CyberInsights2026, threat hunting, Threat Intelligence /

Cyber Insights 2026: Threat Hunting in an Age of Automation and AI 2026-01-26 at 14:37 By Kevin Townsend Understanding how threat hunting differs from reactive security provides a deeper understanding of the role, while hinting at how it will evolve in the future. The post Cyber Insights 2026: Threat Hunting in an Age of Automation

Cyber Insights 2026: Threat Hunting in an Age of Automation and AI Read More »

The simple shift that turns threat intel from noise into real insight

Artificial Intelligence, cybersecurity, Don't miss, Incident Response, News, Simbian, threat hunting, Threat Intelligence, Video /

The simple shift that turns threat intel from noise into real insight 2025-12-09 at 08:02 By Help Net Security In this Help Net Security video, Alankrit Chona, CTO at Simbian, explains how security teams can put threat intelligence to work in a way that supports detection, response, and hunting. Chona walks through why many teams

The simple shift that turns threat intel from noise into real insight Read More »

Proximity: Open-source MCP security scanner

Don't miss, GitHub, News, open source, penetration testing, red team, scanner, scanning, software, threat hunting /

Proximity: Open-source MCP security scanner 2025-10-29 at 08:29 By Mirko Zorz Proximity is a new open-source tool that scans Model Context Protocol (MCP) servers. It identifies the prompts, tools, and resources that a server makes available, and it can evaluate how those elements might introduce security risks. The tool also work with NOVA, a rule

Proximity: Open-source MCP security scanner Read More »

Shades of Red: Redefining the Use of Red Flags in Cybersecurity and Insurance

Managed Detection and Response, threat hunting, Vulnerabilities /

Shades of Red: Redefining the Use of Red Flags in Cybersecurity and Insurance 2025-09-29 at 16:42 By William Evers, Mudit Singhania, Scott Swanson In cybersecurity, several related but divergent meanings have been ascribed to the phrase “red flags”. This article is an excerpt from Trustwave Blog View Original Source

Shades of Red: Redefining the Use of Red Flags in Cybersecurity and Insurance Read More »

Chinese-Sponsored Threat Actors Attacks Spur International Security Advisory

DFIR, Emerging Threats, Managed Detection and Response, threat hunting /

Chinese-Sponsored Threat Actors Attacks Spur International Security Advisory 2025-09-04 at 16:18 By When nearly two dozen of the world’s leading cybersecurity agencies issue a joint warning, it underscores the severity and the global reach of the threat at hand. This article is an excerpt from Trustwave Blog View Original Source

Chinese-Sponsored Threat Actors Attacks Spur International Security Advisory Read More »

Malicious Screen Connect Campaign Abuses AI-Themed Lures for Xworm Delivery

Artificial Intelligence, threat hunting /

Malicious Screen Connect Campaign Abuses AI-Themed Lures for Xworm Delivery 2025-08-27 at 21:47 By Bolesław Szołtysik, Chris Tomboc, Serhii Melnyk During a recent Advanced Continual Threat Hunt (ACTH) investigation, the Trustwave SpiderLabs Threat Hunt team identified a deceptive campaign that abused fake AI-themed content to lure users into executing a malicious, pre-configured ScreenConnect installer. This

Malicious Screen Connect Campaign Abuses AI-Themed Lures for Xworm Delivery Read More »

How Researchers Collect Indicators of Compromise

Emerging Threats, Security Research, threat hunting, Tips & Tricks /

How Researchers Collect Indicators of Compromise 2025-08-14 at 23:06 By Messiah Dela Cruz As security researchers, we actively monitor the latest CVEs and their publicly available exploits to create signatures. Beyond CVEs, we also hunt for malware on platforms such as MalwareBazaar, which enhances our visibility into attacks occurring across networks. This article is an

How Researchers Collect Indicators of Compromise Read More »

When Hackers Call: Social Engineering, Abusing Brave Support, and EncryptHub’s Expanding Arsenal

Emerging Threats, Security Research, threat hunting, Vulnerabilities /

When Hackers Call: Social Engineering, Abusing Brave Support, and EncryptHub’s Expanding Arsenal 2025-08-13 at 21:40 By Nathaniel Morales and Nikita Kazymirskyi Trustwave SpiderLabs researchers have recently identified an EncryptHub campaign that combines social engineering with abuse of the Brave Support platform to deliver malicious payloads via the CVE-2025-26633 vulnerability. In this blog post, we will

When Hackers Call: Social Engineering, Abusing Brave Support, and EncryptHub’s Expanding Arsenal Read More »

KAWA4096’s Ransomware Tide: Rising Threat With Borrowed Styles

Emerging Threats, News, threat hunting /

KAWA4096’s Ransomware Tide: Rising Threat With Borrowed Styles 2025-07-16 at 21:38 By Nathaniel Morales and John Basmayor KAWA4096, a ransomware whose name includes “Kawa”, the Japanese word for “river”, first emerged in June 2025. This new threat features a leak site that follows the style of the Akira ransomware group, and a ransom note format

KAWA4096’s Ransomware Tide: Rising Threat With Borrowed Styles Read More »

How to threat hunt Living Off The Land binaries

cybersecurity, Don't miss, News, strategy, threat hunting, tips, Video /

How to threat hunt Living Off The Land binaries 2025-05-29 at 07:32 By Help Net Security In this Help Net Security video, Lee Archinal, Senior Threat Hunter at Intel 471, walks through practical strategies for detecting malicious activity involving Living Off The Land binaries (LOLBins). These are legitimate tools built into operating systems, such as

How to threat hunt Living Off The Land binaries Read More »

From Facebook Ad to Near Breach: The Power of Threat Hunting in Modern MDR

Managed Detection and Response, Reports, threat hunting /

From Facebook Ad to Near Breach: The Power of Threat Hunting in Modern MDR 2025-05-09 at 16:12 By While security professionals know well that a defense-in-depth strategy is crucial to proper cybersecurity, sometimes a detailed story of how a threat was discovered and eradicated can bring the value home, especially to the uninitiated. This is

From Facebook Ad to Near Breach: The Power of Threat Hunting in Modern MDR Read More »

Kunai: Open-source threat hunting tool for Linux

Don't miss, GitHub, Linux, News, open source, software, threat hunting /

Kunai: Open-source threat hunting tool for Linux 2025-02-19 at 08:19 By Mirko Zorz Kunai is an open-source tool that provides deep and precise event monitoring for Linux environments. “What sets Kunai apart is its ability to go beyond simple event generation. While most security monitoring tools rely on syscalls or kernel function hooking, Kunai takes

Kunai: Open-source threat hunting tool for Linux Read More »

How human-led threat hunting complements automation in detecting cyber threats

APT, Artificial Intelligence, automation, cybersecurity, Don't miss, Features, Hot stuff, MorganFranklin Consulting, News, threat hunting /

How human-led threat hunting complements automation in detecting cyber threats 2024-09-10 at 07:01 By Mirko Zorz In this Help Net Security interview, Shane Cox, Director, Cyber Fusion Center at MorganFranklin Consulting, discusses the evolving methodologies and strategies in threat hunting and explains how human-led approaches complement each other to form a robust defense. Cox also

How human-led threat hunting complements automation in detecting cyber threats Read More »

YetiHunter: Open-source threat hunting tool for Snowflake environments

Don't miss, Hot stuff, Mandiant, News, open source, Permiso, Snowflake, threat detection, threat hunting /

YetiHunter: Open-source threat hunting tool for Snowflake environments 2024-06-14 at 13:31 By Zeljka Zorz Cloud identity protection company Permiso has created YetiHunter, a threat detection and hunting tool companies can use to query their Snowflake environments for evidence of compromise. YetiHunter executing queries (Source: Permiso Security) Recent attacks against Snowflake customers Cloud-based data storage and

YetiHunter: Open-source threat hunting tool for Snowflake environments Read More »

1,700 Ivanti VPN devices compromised. Are yours among them?

0-day, APT, Don't miss, enterprise, Hot stuff, Ivanti, Mandiant, News, SMBs, threat hunting, Volexity, VPN, web shell /

1,700 Ivanti VPN devices compromised. Are yours among them? 2024-01-16 at 17:16 By Zeljka Zorz Over 1,700 Ivanti Connect Secure VPN devices worldwide have been compromised by attackers exploiting two zero-days with no patches currently available. “Additional threat actors beyond UTA0178 appear to now have access to the exploit and are actively trying to exploit

1,700 Ivanti VPN devices compromised. Are yours among them? Read More »

The primary pain points for SOC teams

automation, burnout, cybersecurity, News, report, SOC, survey, threat hunting, Tines /

The primary pain points for SOC teams 24/10/2023 at 06:42 By Help Net Security Security professionals want to pursue high-impact work, but they’re being held back by growing workloads, shrinking budgets, and a worsening skills shortage, according to Tines. Nine out of 10 security teams are automating at least some of their work, and 93%

The primary pain points for SOC teams Read More »

Microsoft announces wider availability of AI-powered Security Copilot

Artificial Intelligence, Don't miss, enterprise, Hot stuff, machine learning, malware analysis, Microsoft, News, threat hunting /

Microsoft announces wider availability of AI-powered Security Copilot 23/10/2023 at 15:04 By Helga Labus Microsoft Security Copilot has been made available to a larger number of enterprise customers, via an invitation-only Early Access Program. What is Microsoft Security Copilot? “Security Copilot is an AI assistant for security teams that builds on the latest in large

Microsoft announces wider availability of AI-powered Security Copilot Read More »

How cyber fusion is helping enterprises modernize security operations

Cloud, collaboration, cybersecurity, Cyware, Don't miss, Hot stuff, orchestration, security operations, SOC, threat hunting, Video /

How cyber fusion is helping enterprises modernize security operations 11/10/2023 at 07:02 By Help Net Security In this Help Net Security video, Anuj Goel, CEO at Cyware, explains how cyber fusion is helping enterprises modernize their security operations and turn their SOC from reactive to proactive. The post How cyber fusion is helping enterprises modernize

How cyber fusion is helping enterprises modernize security operations Read More »

Scroll to Top