Hacking Blog - 2026 2025 2024 2023 2022 2021 2020 2019 2018
AI blog APT blog Attack blog BigBrother blog BotNet blog Cyber blog Cryptocurrency blog Exploit blog Hacking blog ICS blog Incident blog IoT blog Malware blog OS Blog Phishing blog Ransom blog Safety blog Security blog Social blog Spam blog Vulnerebility blog
DATE | NAME | Info | CATEG. | WEB |
| 7.2.2026 | Novel Technique to Detect Cloud Threat Actor Operations | Cloud-based alerting systems often struggle to distinguish between normal cloud activity and targeted malicious operations by known threat actors. The difficulty doesn’t lie in an inability to identify complex alerting operations across thousands of cloud resources or in a failure to follow identity resources, the problem lies in the accurate detection of known persistent threat actor group techniques specifically within cloud environments. | Hacking blog | Palo Alto |
| 7.2.2026 | Knife Cutting the Edge: Disclosing a China-nexus gateway-monitoring AitM framework | Cisco Talos uncovered “DKnife,” a fully featured gateway-monitoring and adversary-in-the-middle (AitM) framework comprising seven Linux-based implants. | Hacking blog | CISCO TALOS |
| 7.2.2026 | The Crown Jewels of Active Directory: How Trellix Helix Detects NTDS.dit Theft | This blog from the Trellix Advanced Research Center examines a security incident where adversaries infiltrated a system, extracted the NTDS.dit database, and worked to remove it from the environment while circumventing standard security measures. | Hacking blog | Trelix |
| 1.2.26 | Beyond MFA: Building true resilience against identity-based attacks | As identity-driven attacks continue to rise, organizations must go beyond MFA to build resilience. Sophos experts and recent Gartner research agree: It’s time for an identity-first security strategy backed by continuous detection and response. For many organizations, keeping pace with identity threats feels overwhelming, especially as hybrid environments expand. But there’s a clear path forward. | Hacking blog | SOPHOS |
| 1.2.26 | Chrome Extensions: Are you getting more than you bargained for? | Browser extensions can be really useful, but hidden dangers may lurk beyond their marketing. | Hacking blog | SECURITY.COM |
| 24.1.26 |
We X-Rayed A Suspicious FTDI USB Cable |
We recently got an industrial X-Ray machine in the Eclypsium office to use to make the next Doctor Manhattan do serious cybersecurity research. In between X-raying yet-to-be released industrial IT technologies on behalf of giant companies whose names we cannot reveal, we have done some other fun experiments. | Hacking blog | Eclypsium |
| 17.1.26 | Closing the Door on Net-NTLMv1: Releasing Rainbow Tables to Accelerate Protocol Deprecation | Mandiant is publicly releasing a comprehensive dataset of Net-NTLMv1 rainbow tables to underscore the urgency of migrating away from this outdated protocol. Despite Net-NTLMv1 being deprecated and known to be insecure for over two decades—with cryptanalysis dating back to 1999—Mandiant consultants continue to identify its use in active environments. This legacy protocol leaves organizations vulnerable to trivial credential theft, yet it remains prevalent due to inertia and a lack of demonstrated immediate risk. | Hacking blog | |
| 17.1.26 | Key Insights on SHADOW-AETHER-015 and Earth Preta from the 2025 MITRE ATT&CK Evaluation with TrendAI Vision One™ | This blog discusses notable modern TTPs observed from SHADOW-AETHER-015 and Earth Preta, from TrendAI™ Research monitoring and TrendAI Vision One™ intelligence. These findings support the performance of TrendAI™ in the 2025 MITRE ATT&CK Evaluations. | Hacking blog | |
| 17.1.26 | Anatomy of an Attack: The Payroll Pirates and the Power of Social Engineering | No employee wants their paycheck to go missing. One organization learned about an incident when they started hearing exactly this complaint. It turned out that an attacker had modified direct-deposit details in order to redirect an organization’s paychecks into attacker-controlled accounts. | Hacking blog | Palo Alto |
| 17.1.26 | Your personal information is on the dark web. What happens next? | If your data is on the dark web, it’s probably only a matter of time before it’s abused for fraud or account hijacking. Here’s what to do. | Hacking blog | Eset |
| 17.1.26 | Hiding in Plain Sight: Multi-Actor ahost.exe Attacks | The Trellix Advanced Research Center found an active malware campaign exploiting a DLL sideloading vulnerability in the legitimate Git tools to target supply chains. Stay protected—update EDR/XDR and monitor for suspicious activity. | Hacking blog | Trelix |
| 10.1.26 | The Ghost in the Machine: Unmasking CrazyHunter's Stealth Tactics | Trellix provides an in-depth analysis of CrazyHunter ransomware and its attack flow, which has emerged as a significant and concerning threat. | Hacking blog | Trelix |