Weekly Update 472
This probably comes through pretty strongly in this week's video, but I love the vibe at CERN. It's a place so focused on the...
GOLD SALEM’s Warlock operation joins busy ransomware landscape – Sophos News
Counter Threat Unitâ„¢ (CTU) researchers are monitoring a threat group that refers to itself as Warlock Group. The group, which CTUâ„¢ researchers track as...
Zimbra Zero-Day Exploited to Target Brazilian Military via Malicious ICS Files
î ‚Oct 06, 2025î „Ravie LakshmananEmail Security / Zero-Day
A now patched security vulnerability in Zimbra Collaboration was exploited as a zero-day earlier this year in cyber...
NICKEL TAPESTRY expands fraudulent worker operations – Sophos News
With this post, the X-Ops blog is thrilled to present research from our Sophos siblings newly joining us from Secureworks, of which CTU (the...
AmCache artifact: forensic value and a tool for data extraction
Introduction
When it comes to digital forensics, AmCache plays a vital role in identifying malicious activities in Windows systems. This artifact allows the identification of...
More .well-known Scans – SANS Internet Storm Center
I have been writing about the ".well-known" directory a few times before. Recently, about attackers hiding webshells , and before that, about the purpose...
