Sign In
Welcome to the ExtraHop Blog
FEATURED BLOG
See the Unseen: Detect Lateral Movement Within Encrypted Traffic
January 15, 2026
IDC research explains why traditional perimeters are blind to identity-driven threats. Learn how to expose attackers hiding in encrypted traffic to stop lateral movement before it turns into a breach.
Data Rich, Insight Poor: The Hard Truth About Your Threat Intelligence Strategy
January 14, 2026
Most threat intelligence gives organizations the “mugshots” but not the “CCTV footage.” Learn why network context is essential for turning threat data into actionable security insights.
Anatomy of an Attack
Anatomy of an Attack: European Cyber Threat Landscape: December 2025
January 14, 2026
Explore how specialized cyber operations in December 2025 weaponized BitLocker and used traffic mimicry to target critical infrastructure in Romania, France, and the UK. Learn how ExtraHop RevealX detects these "Living off the Land" tactics and supply chain breaches.
Anatomy of an Attack:
SHADOW-VOID-042 Campaign Uses Deceptive Update Lures in Targeted Global Espionage
January 8, 2026
Stop the SHADOW-VOID-042 espionage campaign. See how this Void Rabisu-linked threat uses deceptive lures and zero-days. Learn how ExtraHop decodes 90+ protocols @ 100 Gbps to catch it.
Anatomy of an Attack
Anatomy of an Attack: European Cyber Threat Landscape: December 2025
January 14, 2026
Explore how specialized cyber operations in December 2025 weaponized BitLocker and used traffic mimicry to target critical infrastructure in Romania, France, and the UK. Learn how ExtraHop RevealX detects these "Living off the Land" tactics and supply chain breaches.
SHADOW-VOID-042 Campaign Uses Deceptive Update Lures in Targeted Global Espionage
January 8, 2026
Stop the SHADOW-VOID-042 espionage campaign. See how this Void Rabisu-linked threat uses deceptive lures and zero-days. Learn how ExtraHop decodes 90+ protocols @ 100 Gbps to catch it.
CVE-2025-55182: How ExtraHop Detects React2Shell RCE Exploits
December 9, 2025
React2Shell (CVE-2025-55182) is a CVSS 10.0 RCE flaw in Next.js and React Server Components. See how ExtraHop NDR decrypts the payload and detects post-exploit credential theft.
Defeating Akira Ransomware: Full CISA Advisory Breakdown with ExtraHop NDR and MITRE ATT&CK
December 8, 2025
ExtraHop’s guide to the CISA AA24-109A advisory on the Akira ransomware group. See full MITRE ATT&CK TTPs, how Akira targets critical infrastructure, and how ExtraHop NDR defeats evasion and detects attacks in real-time, even within encrypted traffic.
Anthropic AI Attack: How NDR Detects GTG-1002 Cyber Espionage
November 24, 2025
The GTG-1002 Campaign: Anthropic Reveals the First AI-Orchestrated Cyber Espionage Attack
Healthcare Ransomware Defense: How NDR Stops Attacks Like Tufts & Eurofins
November 13, 2025
Deconstruct the Tufts Medicine & Eurofins ransomware attacks. Learn how NDR detects the advanced TTPs and lateral movement that perimeter security misses.
Flax Typhoon's ArcGIS Backdoor: Why EDR Failed and How NDR Finds the Webshell
October 30, 2025
Anatomy of an Attack: Flax Typhoon’s ArcGIS Backdoor & NDR Detection
F5 Discloses Nation-State Attack on Cybersecurity Firm, Prompting CISA Emergency Order to Patch BIG-IP
October 20, 2025
Beyond the Patch: Why NDR is Essential for Hunting the Nation-State Actor Inside Compromised F5 Networks
Ransomware Hits JLR Supply Chain, Results in Five Week Disruption
October 17, 2025
The JLR Ransomware Attack: A Supply Chain Under Siege
Iranian Cyber Actors Target U.S. Interests: A Heightened Alert for Critical Infrastructure
September 15, 2025
An urgent alert warns of escalating Iranian cyberattacks targeting U.S. critical infrastructure, leveraging disinformation, phishing, and DDoS. Proactive measures, including NDR solutions like ExtraHop RevealX, are crucial for defense against these evolving threats.
Explore Topics
Showing results for:
