Blog Posts

ShinyHunters is actively exploiting a critical Oracle PeopleSoft zero-day. Here's what to patch, check, and investigate now.

Qilin ransomware claimed over 500 victims in 2026. Explore its RaaS model, attack chain, TTPs, and the security controls that stop it.

ShinyHunters doesn't encrypt. They log in. Here's the recovery playbook built for an identity-based intrusion, from containment to hardening in the first 48 hours.

FulcrumSec has claimed 21 victims since September 2025 and isn't slowing down. The cloud extortion group exploits misconfigurations, unpatched CVEs, and exposed credentials across AWS, Azure, and GCP. Two new campaigns are already announced. Here's what they're targeting next and how to protect your organization.

In cyber investigations, the biggest breakthroughs can come from the smallest traces. In this blog, Britton Manahan explores the forensic goldmine of Remote Desktop Protocol (RDP) bitmap caches — a specialized artifact that can reveal critical evidence even when logs are wiped and systems go offline.

With spring in full swing and summer around the corner, organizations should use this season as an opportunity to audit and address these 5 key areas of cybersecurity.

Modern threat actors use large-scale, advanced persistence methods, making response harder—understanding these tactics is key to protecting critical infrastructure.

Backups are maybe the single strongest element to ransomware resilience. But during real cyber events, we often see backups that are unusable. Victims have often paid for a backup product – and developed a sense of confidence around that solution – only for the backups to fail when they are most needed.

When a ransomware decryptor fails, recovery can seem impossible. Learn how MOXFIVE and Coveware developed entropy triage, a novel repair method with a 90%+ success rate on corrupted virtual disks.

The start of the new year is a fantastic time to set new goals for yourself and your organization. In this post we explore cybersecurity roadmaps, how your organization can refine / create one, and what items to consider in 2025.

Despite its growing role in incident response, understanding cybersecurity insurance coverage can still be daunting for many organizations. In this blog, we discuss what cybersecurity insurance is, what to look for within your policy, and what is not typically covered by most policies to help you feel more prepared when submitting a claim.

Here's a quick look at cybersecurity initiatives to think about tackling in Q4 or integrating into your roadmap for this upcoming year.

How do you assess the risk to your organization when a new vulnerability is announced? Here's a quick checklist to help you gauge the severity.

Should you pay the ransom? It depends.

Do we recover first or harden security?

A short list of things to keep in mind when dealing the ransomware decryptors.

Tabletops can help improve organizational awareness and streamline Incident Response efforts. Learn how they can help mature your security posture and develop your teams' skills.

Having proper security controls in place are critical to preventing both the frequency and severity of cyber incidents.

Cybersecurity training is often treated as a task done simply to check a box on a security checklist, but in reality, it's a critical element of a mature cybersecurity program.

In this 7th post in our Understanding Costs of Incident Response series, we will explore the nuances of counsel and litigation costs in incident response and why they should be an integral part of an organization's cybersecurity planning.

Calculating business interruption costs after a cyber-attack can be complex and make insurance claims more complicated.

Understanding what data has been affected and determining a notification plan is a critical aspect of incident response that comes with substantial costs and complexities.

Recovery is the “meat & potatoes” of the incident response process. In the 4th blog of our series, Understanding the Costs of Incident Response, we look at the three primary paths organizations can take to get back to business as usual, each with its own unique set of challenges.

To Pay or not to Pay? In this post, we look at things to consider when deciding whether or not to pay a ransom and why it may not be the "easy button" many think it is.

In the second post of this series, we look at investigation costs. These are the first costs incurred and the investigation lays the foundation for the rest of the IR process.

In this series, we look at the various costs that may be incurred during a typical ransomware incident and discuss key security controls that can help organizations minimize the impact of a cyber-attack.

As cyber threats evolve, understanding the changing cyber insurance market is essential for organizations to ensure adequate coverage. This article for InsuranceNewsNet.com looks at key points to keep in mind when considering a cyber policy.

Jim Aldridge joins our partners at Airiam on their podcast to discuss parallels he sees between flying a plane and successfully preparing for and responding to cybersecurity incidents.

Ransomware containment and recovery at enterprise scale: MOXFIVE's tactical playbook covering network isolation, identity reset, backup restoration, decryption strategy, and the common pitfalls that extend recovery timelines.

When an incident progresses to the point where enterprise remediation is required, the scope and scale of the response can be daunting. In this two-part series with CrowdStrike, we lay out a roadmap from planning to recovery.