Tag Sophos

April 17, 2026

Malicious Actors Exploit Velociraptor Forensic Tool to Launch Visual Studio Code for C2 Tunneling

Cybersecurity experts have highlighted a recent cyber attack involving the misuse of Velociraptor, an open-source endpoint monitoring and digital forensic tool. This incident showcases the ongoing trend of leveraging legitimate software for nefarious purposes. According to a report from the Sophos Counter Threat Unit Research Team, the attackers employed Velociraptor to download and execute Visual Studio Code, likely aimed at establishing a tunnel to a command-and-control (C2) server they controlled. While the use of legitimate remote monitoring and management (RMM) tools is not new in cyber threats, the adoption of Velociraptor represents a significant shift, allowing attackers to gain a foothold without deploying their own malware. Further investigation into the attack has revealed that the perpetrators exploited Wind…

Attackers Exploit Velociraptor Forensic Tool to Deploy Visual Studio Code for Command-and-Control Tunneling On August 30, 2025, cybersecurity experts unveiled a concerning cyber attack involving the exploitation of Velociraptor, an open-source endpoint monitoring and digital forensic tool. This incident highlights a troubling trend where legitimate software is misused for nefarious…

April 15, 2026

Google Researcher Uncovers Internet Explorer Vulnerability Now Exploited in Targeted Attacks

July 11, 2013

Tensions are rising between Google and Microsoft once again. Recently, Microsoft announced that hackers have been actively taking advantage of a vulnerability disclosed by Google researcher Tavis Ormandy. This flaw, affecting Windows 7 and 8, allows local users to gain escalated privileges, facilitating system compromise.

Microsoft has addressed the vulnerability in its July “Patch Tuesday” updates. However, Ormandy has faced criticism from Microsoft and parts of the security community for publicly revealing the flaw before it was patched—an approach some believe undermines the opportunity for the software developer to respond. Ormandy, in turn, expressed frustrations with Microsoft’s hostile treatment of vulnerability researchers, suggesting that they are often difficult to collaborate with. He advised fellow researchers to consider using pseudonyms when interacting with major tech companies.

Targeted Exploitation of Internet Explorer Vulnerability by Google Researcher On July 11, 2013, a significant vulnerability within Internet Explorer was brought to light by Google researcher Tavis Ormandy, prompting a rapid response from Microsoft. Reports indicate that this specific flaw is being actively exploited by cybercriminals in targeted attacks against…

February 28, 2026

New Menlo Security CEO Focuses on Agentic AI Runtime Protection

Artificial Intelligence & Machine Learning, Data Security, Next-Generation Technologies & Secure Development Former Mandiant Executive Bill Robbins Aims to Advance Browser-Based AI Security Michael Novinson (MichaelNovinson) • February 27, 2026 Bill Robbins, CEO, Menlo Security (Image: Menlo Security) Menlo Security has appointed Bill Robbins, a seasoned leader from Mandiant, as…

February 24, 2026

Reynolds Ransomware Integrates BYOVD Driver to Bypass EDR Security Measures

Cybersecurity experts have identified a new ransomware strain, named Reynolds, which integrates a novel defense evasion tactic through a built-in Bring Your Own Vulnerable Driver (BYOVD) component. This technique allows the malware to disable security measures and evade detection effectively by exploiting legitimate drivers within its payload. BYOVD is a…

February 14, 2026

Intrusive Hackers Target Systems via Remote Monitoring Software

Fraud Management & Cybercrime, Governance & Risk Management, Ransomware VoidCrypt Ransomware Variant Exploits Remote Monitoring Tools, Reports Huntress Greg Sirico • February 13, 2026 Image: Andrey Popov/Shutterstock Recent findings from cybersecurity firm Huntress reveal that employee monitoring software is not only advantageous for management but has also become a valuable…

February 13, 2026

Microsoft Releases Patches for 80 Vulnerabilities, Including Two Currently Under Attack

In its March 2023 Patch Tuesday update, Microsoft disclosed fixes for 80 security vulnerabilities, two of which have been actively exploited in the wild. These vulnerabilities target critical components within the Microsoft ecosystem, with eight categorized as Critical, 71 as Important, and one as Moderate in severity. This update continues…

February 4, 2026

Harvard and UPenn Data Breached in ShinyHunters Scandal

Cybercrime, Fraud Management & Cybercrime Sensitive Financial and Admissions Data Leaked, Exposing Information on Major Donors Mathew J. Schwartz (euroinfosec) • February 4, 2026 Image: Shutterstock On February 4, 2026, the cyber extortion group ShinyHunters publicly took responsibility for the late 2025 data breaches impacting Harvard University and the University…

January 28, 2026

Social Engineering Attackers Target Okta’s Single Sign-On System

Fraud Management & Cybercrime, Identity & Access Management, Security Operations ShinyHunters Campaign Utilizes Voice Phishing to Circumvent MFA and Compromise Corporate Data Mathew J. Schwartz (euroinfosec) • January 28, 2026 Image: Oleksandr Yashchuk/Shutterstock Security experts are advising customers of identity provider Okta utilizing its single-sign-on (SSO) services to remain vigilant…

January 27, 2026

Real-Time Phishing Kits Now Targeting Okta, Microsoft, and Google

Cybersecurity experts are currently grappling with a surge of voice-phishing attacks aimed at single sign-on (SSO) tools. These coordinated efforts have led to instances of data theft and extortion, as various cybercrime groups, including one claiming ties to ShinyHunters, harness sophisticated voice calls and phishing kits to deceive victims into…