Sign In
Welcome to the ExtraHop Blog
FEATURED BLOG
The Mexican Government Breach Reveals What Attackers Can Do With AI Tools
March 12, 2026
An attacker used Claude and ChatGPT to breach multiple Mexican government agencies. Learn how AI-accelerated attacks outpace legacy monitoring and discover what continuous visibility makes possible
Anatomy of an Attack:
CHAOS in a BLACKSUIT—Triple Extortion Ransomware
March 11, 2026
Discover how the Chaos threat group utilizes triple extortion to pressure victims. See how ExtraHop RevealX provides the decryption and network visibility required to expose these stealthy attackers before data is leaked.
Why Technical Debt Has Become a Security Liability in the Age of AI
March 10, 2026
Technical debt is no longer just a backlog—it’s an operational and security concern. Learn why shadow legacy systems are increasingly in focus for AI-driven attackers and how network visibility supports modernization.
The Digital Front of Iranian Cyber Offensive Response
March 9, 2026
Analyze how Iranian threat actors like APT42 and MuddyWater are integrating Generative AI and memory-safe languages into their 2026 cyber offensive. This guide examines the "triple-threat" model of espionage and destructive hacktivism, detailing how ExtraHop RevealX uses protocol fluency and decryption to detect sophisticated backdoors like TAMECAT and CHAR.
Anatomy of an Attack
From the Wire to the Data Center: Unmasking UNC5221 and the BRICKSTORM Backdoor
February 20, 2026
Discover how UNC5221 exploits vCenter and ADFS. See how ExtraHop RevealX decrypts authentication protocols to expose the threat actors.
DarkSpectre
February 4, 2026
Defend your supply chain against DarkSpectre’s evolving browser-based threats. This deep dive covers operational pillars like "The Zoom Stealer," MITRE ATT&CK TTPs, and actionable remediation strategies using allow-lists and network-centric security.
Anatomy of an Attack: European Cyber Threat Landscape: December 2025
January 14, 2026
Explore how specialized cyber operations in December 2025 weaponized BitLocker and used traffic mimicry to target critical infrastructure in Romania, France, and the UK. Learn how ExtraHop RevealX detects these "Living off the Land" tactics and supply chain breaches.
SHADOW-VOID-042 Campaign Uses Deceptive Update Lures in Targeted Global Espionage
January 8, 2026
Stop the SHADOW-VOID-042 espionage campaign. See how this Void Rabisu-linked threat uses deceptive lures and zero-days. Learn how ExtraHop decodes 90+ protocols @ 100 Gbps to catch it.
CVE-2025-55182: How ExtraHop Detects React2Shell RCE Exploits
December 9, 2025
React2Shell (CVE-2025-55182) is a CVSS 10.0 RCE flaw in Next.js and React Server Components. See how ExtraHop NDR decrypts the payload and detects post-exploit credential theft.
Defeating Akira Ransomware: Full CISA Advisory Breakdown with ExtraHop NDR and MITRE ATT&CK
December 8, 2025
ExtraHop’s guide to the CISA AA24-109A advisory on the Akira ransomware group. See full MITRE ATT&CK TTPs, how Akira targets critical infrastructure, and how ExtraHop NDR defeats evasion and detects attacks in real-time, even within encrypted traffic.
Anthropic AI Attack: How NDR Detects GTG-1002 Cyber Espionage
November 24, 2025
The GTG-1002 Campaign: Anthropic Reveals the First AI-Orchestrated Cyber Espionage Attack
Healthcare Ransomware Defense: How NDR Stops Attacks Like Tufts & Eurofins
November 13, 2025
Deconstruct the Tufts Medicine & Eurofins ransomware attacks. Learn how NDR detects the advanced TTPs and lateral movement that perimeter security misses.
Flax Typhoon's ArcGIS Backdoor: Why EDR Failed and How NDR Finds the Webshell
October 30, 2025
Anatomy of an Attack: Flax Typhoon’s ArcGIS Backdoor & NDR Detection
F5 Discloses Nation-State Attack on Cybersecurity Firm, Prompting CISA Emergency Order to Patch BIG-IP
October 20, 2025
Beyond the Patch: Why NDR is Essential for Hunting the Nation-State Actor Inside Compromised F5 Networks
Explore Topics
Showing results for:
