Chafer used Remexi malware to spy on Iran-based foreign diplomatic entities
Executive Summary
Throughout the autumn of 2018 we analyzed a long-standing (and still active at that time) cyber-espionage campaign that was primarily targeting foreign diplomatic...
DNS Flag Day
Read more
Putting the Reins in Good Hands
After over 300 blog posts as CEO of Centrify, this will be my last Centrify blog post.
The reason is because after having co-founded Centrify...
Razy in search of cryptocurrency
Last year, we discovered malware that installs a malicious browser extension on its victim’s computer or infects an already installed extension. To do so,...
GreyEnergy’s overlap with Zebrocy
In October 2018, ESET published a report describing a set of activity they called GreyEnergy, which is believed to be a successor to BlackEnergy...
NetMRI 7.3 Topology Viewer blog
Read more
A Zebrocy Go Downloader
Last year at SAS2018 in Cancun, Mexico, “Masha and these Bears” included discussion of a subset of Sofacy activity and malware that we call...
Latest article
Sysco – 2,691,852 breached accounts
In June 2026, the food distribution company Sysco was targeted by a ShinyHunters "pay or leak" extortion campaign. Data was subsequently published containing 2.7M...
CVE-2023-6606 Kernel: out-of-bounds read vulnerability in smbcalcsize
Information published. - Read more
Anthropic Confirms Claude Mythos 5 Redeployment for US Critical Infrastructure Organizations
Anthropic has confirmed that Claude Mythos 5, its most powerful AI cybersecurity model, will be redeployed to a select set of U.S. organizations responsible...
Chromium: CVE-2026-13027 Use after free in FileSystem
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see (https://chromereleases.googleblog.com/2025) for more information. - Read...
