ExtraHop named a leader in the Gartner® Magic Quadrant™ for Network Detection and Response

Search
  • Platformchevron right
  • Solutionschevron right
  • Modern NDRchevron right
  • Resourceschevron right
  • Companychevron right
lock Icon

Anatomy of an Attack

post image

VIPERTUNNEL

June 30, 2026

Examine how VIPERTUNNEL uses Python execution, file-type masquerading, and SOCKS5 tunneling to support ransomware-linked intrusions, and how ExtraHop RevealX helps detect the activity.

cover image for Inside Interlock Ransomware Operations
Inside Interlock Ransomware Operations

June 16, 2026

Examine how the Interlock ransomware group leverages living off the land techniques and cloud exfiltration, and how ExtraHop RevealX detects the intrusion.

cover image for The DINDOOR Backdoor
The DINDOOR Backdoor

May 12, 2026

Iranian APT MuddyWater (Seedworm) is targeting organizations with a new, undocumented backdoor called DINDOOR. Discover how this campaign exploits the Deno runtime and Rclone for cloud exfiltration to bypass EDR, and learn how network detection and response (NDR) can help provide the visibility needed to stop these stealthy threats.

cover image for The Copy Fail: Linux Kernel Local Privilege Escalation
The Copy Fail: Linux Kernel Local Privilege Escalation

May 4, 2026

Uncover the "Copy Fail" logic flaw (CVE-2026-31431) that enables instant root access on nearly all major Linux distributions. Learn how this vulnerability bypasses file integrity monitoring and why network-based behavioral analysis is critical for securing containerized and cloud environments.

cover image for The MIMICRAT CLICKFIX Campaign
The MIMICRAT CLICKFIX Campaign

April 28, 2026

Expose how the MIMICRAT campaign weaponizes compromised financial sites and ClickFix lures to deploy fileless malware. See how ExtraHop RevealX provides the network-level ground truth to detect telemetry suppression and stealthy C2 patterns that bypass EDR.

cover image for The Chrysalis Backdoor and the Notepad++ Supply Chain Hijack
The Chrysalis Backdoor and the Notepad++ Supply Chain Hijack

April 6, 2026

Unmask the Chrysalis backdoor and the sophisticated Notepad++ supply chain hijack orchestrated by Lotus Blossom. Learn how these state-sponsored attackers bypass traditional defenses and why network-level visibility is the ultimate key to stopping them.

cover image for CHAOS in a BLACKSUIT—Triple Extortion Ransomware
CHAOS in a BLACKSUIT—Triple Extortion Ransomware

March 11, 2026

Discover how the Chaos threat group utilizes triple extortion to pressure victims. See how ExtraHop RevealX provides the decryption and network visibility required to expose these stealthy attackers before data is leaked.

cover image for From the Wire to the Data Center: Unmasking UNC5221 and the BRICKSTORM Backdoor
From the Wire to the Data Center: Unmasking UNC5221 and the BRICKSTORM Backdoor

February 20, 2026

Discover how UNC5221 exploits vCenter and ADFS. See how ExtraHop RevealX decrypts authentication protocols to expose the threat actors.

cover image for DarkSpectre
DarkSpectre

February 4, 2026

Defend your supply chain against DarkSpectre’s evolving browser-based threats. This deep dive covers operational pillars like "The Zoom Stealer," MITRE ATT&CK TTPs, and actionable remediation strategies using allow-lists and network-centric security.

cover image for Anatomy of an Attack: European Cyber Threat Landscape: December 2025
Anatomy of an Attack: European Cyber Threat Landscape: December 2025

January 14, 2026

Explore how specialized cyber operations in December 2025 weaponized BitLocker and used traffic mimicry to target critical infrastructure in Romania, France, and the UK. Learn how ExtraHop RevealX detects these "Living off the Land" tactics and supply chain breaches.

Explore Topics

post image

Five Eyes AI Warning: How Security Leaders Can Prepare

July 1, 2026

Five Eyes agencies warned boards to prove their controls hold. See how network detection and response answers that challenge.

Threat DetectionNDRAIDefense in DepthFive Eyes
post image

Anatomy of an Attack

VIPERTUNNEL

June 30, 2026

Examine how VIPERTUNNEL uses Python execution, file-type masquerading, and SOCKS5 tunneling to support ransomware-linked intrusions, and how ExtraHop RevealX helps detect the activity.

Anatomy of an AttackVIPERTUNNELRansomwareThreat IntelligenceNetwork Detection and ResponseNDR
post image

Deconstructing the Agentic SOC Ecosystem: The 4 Pillars of a Modern Architecture

June 25, 2026

Learn how context, tooling, reasoning, and human oversight work together to build an autonomous SOC that can safely execute decisions at machine speed.

AINDRAgentic SOCThreat Response
post image

Is Your AI Security Strategy Falling Short? Inside the 2026 Global Threat Landscape Report

June 24, 2026

The 2026 ExtraHop Global Threat Landscape Report reveals where AI defenses fail and how stealth tactics blind security teams.

Global Threat Landscape ReportNetwork VisibilityAIGTLRIncident Response
post image

5 Kubernetes Threats Behind Real-World Breaches and How to Defend Against Them

June 23, 2026

High-profile cloud breaches increasingly begin inside Kubernetes, where threat actors turn routine runtime container access into expansive multi-cloud compromise. This article analyzes five critical vulnerabilities driving modern infrastructure exploits — from service account token theft to overprivileged RBAC abuse — and details the continuous network visibility required to isolate and contain threat actors at speed.

Network VisibilitySecurity
post image

Anthropic Disables Fable 5 & Mythos 5: Is Your AI More Secure After the Suspension?

June 22, 2026

The Fable 5 suspension exposed a gap organizations can't afford to ignore. Learn why model-level guardrails fall short and how to build independent AI security from the inside out.

AIAI AgentsNetwork Detection and ResponseBehavioral DetectionNetwork VisibilityCybersecurity

Experience RevealX NDR for Yourself

Schedule a demo