Weekly Update 481
Twelve years (and one day) since launching Have I Been Pwned, it's now a service that Charlotte and I live and breathe every day....
GOLD BLADE’s strategic evolution – Sophos News
Between February 2024 and August 2025, Sophos analysts investigated nearly 40 intrusions related to STAC6565, a campaign the analysts assess with high confidence is...
Silver Fox Uses Fake Microsoft Teams Installer to Spread ValleyRAT Malware in China
The threat actor known as Silver Fox has been spotted orchestrating a false flag operation to mimic a Russian threat group in attacks targeting...
Nothing to steal? Let’s wipe. We’re analyzing the Shai Hulud 2.0 npm worm
In September, a new breed of malware distributed via compromised Node Package Manager (npm) packages made headlines. It was dubbed “Shai-Hulud”, and we published...
[Guest Diary] Hunting for SharePoint In-Memory ToolShell Payloads
.
In July 2025, many of us were introduced to the Microsoft SharePoint exploit chain known as ToolShell. ToolShell exploits the deserialization and authentication bypass...
Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’ – Krebs on Security
A prolific cybercriminal group that calls itself “Scattered LAPSUS$ Hunters” has dominated headlines this year by regularly stealing data from and publicly mass extorting...
