Sign In
Welcome to the ExtraHop Blog
FEATURED BLOG
The Agentic SOC: Autonomy Starts with Data
February 13, 2026
AI agents are often described as autonomous, but their effectiveness depends on the data they receive. Without unified, high-fidelity telemetry, agents rely on assumptions that create false positives, missed threats, and heavy analyst workload. This article explains why data is the foundation of true agentic SOC operations and what organizations must do to enable authentic autonomy.
New in RevealX: Detect More, Investigate Faster with Capabilities for Identity, Kubernetes, and Threat Hunting
February 12, 2026
The latest release of RevealX features new identity integrations, critical visibility into Kubernetes, and enhanced Threat Hunting capabilities
Anatomy of Stealth
Analyzing the EDR Evasion Techniques Behind Modern Breaches
February 5, 2026
This article describes how attackers evade EDR, delves into the subsequent damage, and explains why network based detection is critical when it comes to catching stealthy threats.
What a Major Real Estate Firm’s Encounter with Tuoni C2 Malware Reveals About Evolving Threats
January 29, 2026
Discover how malware threats are bypassing traditional security and why the network remains the only immutable record of fileless attacks.
Anatomy of an Attack
Exploiting the OpenClaw Agentic Loop
February 16, 2026
Analyze the security risks of the OpenClaw agentic framework and the CVE-2026-25253 "1-click" RCE vulnerability. Discover how autonomous AI assistants create a 24/7 attack surface for credential theft and how network detection and response (NDR) identifies these emerging agentic threats in real time.
DarkSpectre
February 4, 2026
Defend your supply chain against DarkSpectre’s evolving browser-based threats. This deep dive covers operational pillars like "The Zoom Stealer," MITRE ATT&CK TTPs, and actionable remediation strategies using allow-lists and network-centric security.
Anatomy of an Attack: European Cyber Threat Landscape: December 2025
January 14, 2026
Explore how specialized cyber operations in December 2025 weaponized BitLocker and used traffic mimicry to target critical infrastructure in Romania, France, and the UK. Learn how ExtraHop RevealX detects these "Living off the Land" tactics and supply chain breaches.
SHADOW-VOID-042 Campaign Uses Deceptive Update Lures in Targeted Global Espionage
January 8, 2026
Stop the SHADOW-VOID-042 espionage campaign. See how this Void Rabisu-linked threat uses deceptive lures and zero-days. Learn how ExtraHop decodes 90+ protocols @ 100 Gbps to catch it.
CVE-2025-55182: How ExtraHop Detects React2Shell RCE Exploits
December 9, 2025
React2Shell (CVE-2025-55182) is a CVSS 10.0 RCE flaw in Next.js and React Server Components. See how ExtraHop NDR decrypts the payload and detects post-exploit credential theft.
Defeating Akira Ransomware: Full CISA Advisory Breakdown with ExtraHop NDR and MITRE ATT&CK
December 8, 2025
ExtraHop’s guide to the CISA AA24-109A advisory on the Akira ransomware group. See full MITRE ATT&CK TTPs, how Akira targets critical infrastructure, and how ExtraHop NDR defeats evasion and detects attacks in real-time, even within encrypted traffic.
Anthropic AI Attack: How NDR Detects GTG-1002 Cyber Espionage
November 24, 2025
The GTG-1002 Campaign: Anthropic Reveals the First AI-Orchestrated Cyber Espionage Attack
Healthcare Ransomware Defense: How NDR Stops Attacks Like Tufts & Eurofins
November 13, 2025
Deconstruct the Tufts Medicine & Eurofins ransomware attacks. Learn how NDR detects the advanced TTPs and lateral movement that perimeter security misses.
Flax Typhoon's ArcGIS Backdoor: Why EDR Failed and How NDR Finds the Webshell
October 30, 2025
Anatomy of an Attack: Flax Typhoon’s ArcGIS Backdoor & NDR Detection
F5 Discloses Nation-State Attack on Cybersecurity Firm, Prompting CISA Emergency Order to Patch BIG-IP
October 20, 2025
Beyond the Patch: Why NDR is Essential for Hunting the Nation-State Actor Inside Compromised F5 Networks
Explore Topics
Showing results for:
