Threat Briefs
Concise threat briefs on emerging campaigns, novel techniques, and what defenders should do this week.
9 articles
The Anatomy of a Business Email Compromise
A typical BEC investigation we run unfolds in five acts. Recognizing them in progress is the difference between a near-miss and a six-figure loss.
AI-Generated Phishing: New Defenses for an Old Problem
The grammar mistakes are gone. The bizarre formatting is gone. The "Dear Sir/Madam" salutations are gone. Generative AI removed the surface-level tells that defenders trained users to look for.
Supply Chain Attacks on npm and PyPI: What Changed in 2025
Typosquatting, dependency confusion, and the compensating controls we now recommend by default.
Zero-Click Agentic Browser Attacks
How crafted emails can exfiltrate cloud drives through AI-driven browser agents. And what to do about it.
Healthcare Ransomware During the Pandemic: Why Timing Matters
Hospitals under maximum patient load faced ransomware campaigns designed to strike when payment was most likely and most urgent.
The Vegas Strip Ransomware Attacks: How a Phone Call Took Down Two Casino Giants
In September 2023, two of the largest hospitality companies on the Las Vegas strip were felled not by malware, but by a phone call. The lesson is still not fully learned.