The Blog.
Long-form research.

Practitioner-written research, technical guides, and explainers for analysts, defenders, and learners. Every piece is hand-edited and updated as the threat landscape changes.

Articles

Updated this month

14k+

Monthly readers

Showing 10–18 of 69 articles 20 updated this month

Advanced 1.9k

Blog 15 min read

npm Supply Chain Attack Audit: Detect Mini Shai-Hulud in SAP, PyTorch Lightning, and Intercom Dependencies

Mini Shai-Hulud backdoored SAP CAP, PyTorch Lightning, and Intercom packages on npm and PyPI. Use this checklist to detect compromise and harden your pipeline.

Intermediate 4.3k

Blog 12 min read

EDR Vendor Breach Downstream Risk: Responding When Your Security Tool Is Compromised

Trellix confirmed a source code breach. Assess EDR vendor breach downstream risk, audit agent update channels, and decide whether to quarantine.

Advanced 3.1k

Blog 16 min read

Fast16 Malware Reverse-Engineering: State-Sponsored Computation Sabotage Analysis

Fast16 malware reverse-engineered: a 2005 US-attributed tool that silently corrupted scientific computation in Iran, predating Stuxnet by five years. Full IOC list.

Intermediate 1.7k

Blog 8 min read

CVE-2024-57727 SimpleHelp RMM: Patch Verification and Detection Checklist

CVE-2024-57727 in SimpleHelp RMM (CVSS 7.5) lets unauthenticated attackers read any file. Step-by-step detection, patch verification, and hardening checklist.

Intermediate 3.7k

Blog 9 min read

DDoS Mitigation Provider Compromise: Vetting and Detecting a Rogue Vendor

Huge Networks ran Mirai attacks against ISPs it claimed to protect. A framework for detecting a DDoS mitigation provider compromise and vetting vendors.

Intermediate 1.1k

Blog 11 min read

DEEP#DOOR Python Backdoor Detection: YARA Rules, Network IOCs, and Credential Theft Defences

DEEP#DOOR Python backdoor patches AMSI/ETW and tunnels via bore.pub to steal browser and cloud credentials. YARA rules, SHA-256 IOCs, and SIEM detection queries.

Intermediate 1.7k

Blog 9 min read

DPRK npm Malware Detection: Auditing npm for AI-Generated Backdoors

Famous Chollima uses Claude Opus to generate malicious npm packages. Learn DPRK npm malware detection: install hook inspection and CI/CD guardrails.

Beginner 3.8k

Blog 5 min read

France Arrests 15-Year-Old for ANTS Data Breach Exposing 11.7 Million Records

French authorities arrested a 15-year-old using the alias 'breach3d' who allegedly stole 11.7 million records from France's national ID document agency ANTS.

Intermediate 5.0k

Blog 8 min read

CVE-2026-31431 Linux Privilege Escalation Detection: Copy Fail Patch Verification Checklist

CVE-2026-31431 'Copy Fail' (CVSS 7.8) grants root to unprivileged users on Linux kernels since 2017. Patch commands, Falco rules, and module-level workarounds.