logo

Expel Blog

ID: 57f65a6f-fb84-5fd7-ba2b-6623322224fb

STIX ID: identity--57f65a6f-fb84-5fd7-ba2b-6623322224fb

Feed Type: skeleton

Earliest post: 2017-08-24

Latest post: 2026-02-27

The Expel Blog shares practical insights, threat research, and expert advice on security operations, incident response, and modern defense strategies to help teams detect and respond to threats more effectively.

01/01/2020
06/04/2026
Title Date Published Describes IncidentAuthorVisible
AI malware: The claims are getting wilder, but the reality is more interesting2026-05-21TrueTrue
Patch Tuesday: May 2026 (Expel’s version)2026-05-12TrueTrue
Mini Shai Hulud: Cross-ecosystem supply chain worm targeting npm & PyPI2026-05-12TrueTrue
The AI threat that’s actually worth worrying about from Q1 2026 (part two)2026-05-01TrueTrue
How AI is reshaping the threat landscape, and what our Q1 2026 data shows (part one)2026-04-30TrueTrue
cPanel released a patch for a WebHost Manager (WHM) authentication bypass bug2026-04-29TrueTrue
More supply chain compromises: Namaste, xinference, and more2026-04-22TrueTrue
Inside Lazarus: How North Korea uses AI to industrialize attacks on developers2026-04-22TrueTrue
OAuth hijacked: How a third-party breach hit Vercel2026-04-20TrueTrue
Revisiting sound guidance: Countering the heightened threat of device code phishing2026-04-17TrueTrue
InstallFix: Not the application you were looking for2026-04-15TrueTrue
Patch Tuesday: April 2026 (Expel’s version)2026-04-14TrueTrue
Why identity security is a verb, not a noun2026-04-08TrueTrue
Security alert: Axios npm supply chain attack2026-03-31TrueTrue
On the radar: ChatGPT Stealer2026-03-24TrueTrue
Patch Tuesday: March 2026 (Expel’s version)2026-03-10TrueTrue
What security teams need to know about Iran’s cyber threat right now2026-03-06TrueTrue
Patch Tuesday: February 2026 (Expel’s version)2026-02-11TrueBen Nahorney; Matt JastramTrue
Notepad++ supply chain incident2026-02-02TrueAaron WaltonTrue
Security alert: Critical unauthenticated RCE vulnerabilities in Ivanti EPMM2026-01-30TrueAaron WaltonTrue
ClearFake gets more evasive with new living off the land (LOTL) techniques2026-01-20TrueMarcus HutchinsTrue
Planned failure: Gootloader’s malformed ZIP actually works perfectly2026-01-15TrueAaron WaltonTrue
Patch Tuesday: January 2026 (Expel’s version)2026-01-14TrueMatt Jastram; Ben NahorneyTrue
On the radar: Weeding out XMRig2026-01-07TrueBen NahorneyTrue
Stories from the SOC: The second coming of Shai Hulud2025-12-23TrueIsa Judd; Ben NahorneyTrue
Patch Tuesday: December 2025 (Expel’s version)2025-12-10TrueBen Nahorney; Matt JastramTrue
Active exploitation notice: React2Shell critical vulnerability (CVE-2025-55182)2025-12-09TrueAaron Walton; Matt JastramTrue
Stories from the SOC: Mystery of the postponed proxyware install2025-11-24TrueBen Nahorney; Sean ScullyTrue
Patch Tuesday: November 2025 (Expel’s version)2025-11-12TrueBen Nahorney; Matt JastramTrue
Expel Quarterly Threat Report, Q3 2025: Threat intel recap2025-11-06TrueBen Nahorney; Aaron WaltonTrue
Expel Quarterly Threat Report, Q3 2025: Q3 by the numbers2025-11-05TrueBen Nahorney; Aaron WaltonTrue
Certified OysterLoader: Tracking Rhysida ransomware gang activity via code-signing certificates2025-10-31TrueAaron WaltonTrue
Stories from the SOC: The curious case of termination notices2025-10-29TrueBen Nahorney; Isa Judd; Hafsah MijinyawaTrue
Security alert: WSUS remote code execution vulnerability2025-10-24TrueAaron WaltonTrue
Along for the ride: When legitimate software becomes a signed malware loader2025-10-23TrueMarcus HutchinsTrue
Patch Tuesday: October 2025 (Expel’s version)2025-10-15TrueBen Nahorney; Matt JastramTrue
Cache smuggling: When a picture isn’t a thousand words2025-10-08TrueMarcus HutchinsTrue
Stories from the SOC: When threats come from inside the house2025-09-29TrueBen Nahorney; Zach DavisTrue
Gonzo threat hunting: LapDogs & ShortLeash2025-09-24TrueMalachi WoodleeTrue
The history of AppSuite: the certs of the BaoLoader developer2025-09-11TrueAaron WaltonTrue
Patch Tuesday: September 2025 (Expel’s version)2025-09-09TrueBen Nahorney; Matt JastramTrue
You don’t find ManualFinder, ManualFinder finds you2025-08-22TrueAaron WaltonTrue
Patch Tuesday: August 2025 (Expel’s version)2025-08-13TrueBen Nahorney; Matt Jastram; Aaron WaltonTrue
An important update (and apology) on our PoisonSeed blog2025-07-25TrueTrue
Explore Expel’s auto remediations: Disable access key2025-07-25TrueJake GodgartTrue
Expel Quarterly Threat Report, Q2 2025: Threat intel recap2025-07-24TrueBen Nahorney; Aaron WaltonTrue
Update on the SharePoint ToolShell vulnerability exploitation (CVE-2025-53770)2025-07-22TrueMatt Jastram; Brandon Overstreet; Ben Nahorney; Aaron WaltonTrue
Expel Quarterly Threat Report, Q2 2025: Q2 by the numbers2025-07-22TrueAaron Walton; Ben NahorneyTrue
Patch Tuesday: July 2025 (Expel’s version)2025-07-08TrueAaron Walton; Ben Nahorney; Matt JastramTrue
Security alert: Citrix NetScaler ADC and NetScaler Gateway vulnerabilities allow unauthorized access2025-06-28TrueAaron WaltonTrue

1–50 of 178

Built by the dogesec team. Copyright 2026.