Sign In
Anatomy of an Attack
The Copy Fail: Linux Kernel Local Privilege Escalation
May 4, 2026
Uncover the "Copy Fail" logic flaw (CVE-2026-31431) that enables instant root access on nearly all major Linux distributions. Learn how this vulnerability bypasses file integrity monitoring and why network-based behavioral analysis is critical for securing containerized and cloud environments.
The MIMICRAT CLICKFIX Campaign
April 28, 2026
Expose how the MIMICRAT campaign weaponizes compromised financial sites and ClickFix lures to deploy fileless malware. See how ExtraHop RevealX provides the network-level ground truth to detect telemetry suppression and stealthy C2 patterns that bypass EDR.
The Chrysalis Backdoor and the Notepad++ Supply Chain Hijack
April 6, 2026
Unmask the Chrysalis backdoor and the sophisticated Notepad++ supply chain hijack orchestrated by Lotus Blossom. Learn how these state-sponsored attackers bypass traditional defenses and why network-level visibility is the ultimate key to stopping them.
CHAOS in a BLACKSUIT—Triple Extortion Ransomware
March 11, 2026
Discover how the Chaos threat group utilizes triple extortion to pressure victims. See how ExtraHop RevealX provides the decryption and network visibility required to expose these stealthy attackers before data is leaked.
From the Wire to the Data Center: Unmasking UNC5221 and the BRICKSTORM Backdoor
February 20, 2026
Discover how UNC5221 exploits vCenter and ADFS. See how ExtraHop RevealX decrypts authentication protocols to expose the threat actors.
DarkSpectre
February 4, 2026
Defend your supply chain against DarkSpectre’s evolving browser-based threats. This deep dive covers operational pillars like "The Zoom Stealer," MITRE ATT&CK TTPs, and actionable remediation strategies using allow-lists and network-centric security.
Anatomy of an Attack: European Cyber Threat Landscape: December 2025
January 14, 2026
Explore how specialized cyber operations in December 2025 weaponized BitLocker and used traffic mimicry to target critical infrastructure in Romania, France, and the UK. Learn how ExtraHop RevealX detects these "Living off the Land" tactics and supply chain breaches.
SHADOW-VOID-042 Campaign Uses Deceptive Update Lures in Targeted Global Espionage
January 8, 2026
Stop the SHADOW-VOID-042 espionage campaign. See how this Void Rabisu-linked threat uses deceptive lures and zero-days. Learn how ExtraHop decodes 90+ protocols @ 100 Gbps to catch it.
CVE-2025-55182: How ExtraHop Detects React2Shell RCE Exploits
December 9, 2025
React2Shell (CVE-2025-55182) is a CVSS 10.0 RCE flaw in Next.js and React Server Components. See how ExtraHop NDR decrypts the payload and detects post-exploit credential theft.
Defeating Akira Ransomware: Full CISA Advisory Breakdown with ExtraHop NDR and MITRE ATT&CK
December 8, 2025
ExtraHop’s guide to the CISA AA24-109A advisory on the Akira ransomware group. See full MITRE ATT&CK TTPs, how Akira targets critical infrastructure, and how ExtraHop NDR defeats evasion and detects attacks in real-time, even within encrypted traffic.
Explore Topics
Showing results for:
