Detecting Tycoon 2FA AiTM attacks across Entra ID and Google Workspace 2026-05-26 True True Copy Fail and DirtyFrag: Linux Page Cache Bugs in the Wild 2026-05-09 True True TCLBANKER: Brazilian Banking Trojan Spreading via WhatsApp and Outlook 2026-05-07 True True DFIR: From alert to root cause using Osquery without leaving Elastic Security 2026-05-01 True True CI/CD pipeline abuse: the problem no one is watching 2026-04-29 True True The Cost of Understanding: LLM-Driven Reverse Engineering vs Iterative LLM Obfuscation 2026-04-21 True True Phantom in the vault: Obsidian abused to deliver PhantomPulse RAT 2026-04-14 True True How we caught the Axios supply chain attack 2026-04-02 True True Hooked on Linux: Rootkit Detection Engineering 2026-04-02 True True Inside the Axios supply chain compromise - one RAT to rule them all 2026-04-01 True True Elastic releases detections for the Axios supply chain compromise 2026-04-01 True True Fake Installers to Monero: A Multi-Tool Mining Operation 2026-03-31 True True Elastic Security Labs uncovers BRUSHWORM and BRUSHLOGGER 2026-03-27 True True Illuminating VoidLink: Technical analysis of the VoidLink rootkit framework 2026-03-26 True True Supercharge Your SOC 2026-03-24 True True Linux & Cloud Detection Engineering - TeamPCP Container Attack Scenario 2026-03-20 True True From Invitation to Infection: How SILENTCONNECT Delivers ScreenConnect 2026-03-19 True True Patch diff to SYSTEM 2026-03-06 True True Hooked on Linux: Rootkit Taxonomy, Hooking Techniques and Tradecraft 2026-03-05 True True The Immutable Illusion: Pwning Your Kernel with Cloud Files 2026-02-20 True True MIMICRAT: ClickFix Campaign Delivers Custom RAT via Compromised Legitimate Websites 2026-02-20 True True Speeding APT Attack Confirmation with Attack Discovery, Workflows, and Agent Builder 2026-02-18 True True BADIIS to the Bone: New Insights to a Global SEO Poisoning Campaign 2026-02-11 True True SolarWinds Web Help Desk Exploitation - February 2026 2026-02-10 True True DYNOWIPER: Destructive Malware Targeting Poland's Energy Sector 2026-02-06 True True Automating GOAD and Live Malware Labs 2026-02-05 True True NANOREMOTE, cousin of FINALDRAFT 2025-12-11 True True RONINGLOADER: DragonBreath’s New Path to PPL Abuse 2025-11-15 True True TOLLBOOTH: What's yours, IIS mine 2025-10-22 True True NightMARE on 0xelm Street, a guided tour 2025-10-14 True True What the 2025 Elastic Global Threat Report reveals about the evolving threat landscape 2025-10-08 True True WARMCOOKIE One Year Later: New Features and Fresh Insights 2025-10-01 True True FlipSwitch: a Novel Syscall Hooking Technique 2025-09-30 True True MCP Tools: Attack Vectors and Defense Recommendations for Autonomous Agents 2025-09-19 True True MaaS Appeal: An Infostealer Rises From The Ashes 2025-07-29 True True Taking SHELLTER: a commercial evasion framework abused in-the-wild 2025-07-03 True True Microsoft Entra ID OAuth Phishing and Detections 2025-06-25 True True A Wretch Client: From ClickFix deception to information stealer deployment 2025-06-18 True True Chasing Eddies: New Rust-based InfoStealer used in CAPTCHA campaigns 2025-05-30 True True De-obfuscating ALCATRAZ 2025-05-23 True True Bit ByBit - emulation of the DPRK's largest cryptocurrency heist 2025-05-06 True True Outlaw Linux Malware: Persistent, Unsophisticated, and Surprisingly Effective 2025-04-01 True True The Shelby Strategy 2025-03-26 True True Shedding light on the ABYSSWORKER driver 2025-03-20 True True Detecting Hotkey-Based Keyloggers Using an Undocumented Kernel Data Structure 2025-03-04 True True 未公開のカーネルデータ構造を使ったホットキー型キーロガーの検知 2025-03-04 True True From South America to Southeast Asia: The Fragile Web of REF7707 2025-02-13 True True You've Got Malware: FINALDRAFT Hides in Your Drafts 2025-02-13 True True Under the SADBRIDGE with GOSAR: QUASAR Gets a Golang Rewrite 2024-12-13 True True Declawing PUMAKIT 2024-12-12 True True 
