Safeguard
Topic

Threat Intelligence

In-depth guides and analysis on threat intelligence from the Safeguard engineering team.

64 articles

Threat Intelligence

AI Deepfake Phishing Campaigns in 2025: When Seeing and Hearing Isn't Believing

AI-generated voice and video deepfakes powered a new wave of phishing campaigns in early 2025. The technology is cheap, the results are convincing, and defenses are lagging.

Feb 10, 20257 min read
Threat Intelligence

Medusa Ransomware: How Supply Chain Tactics Fuel a Growing Threat

Medusa ransomware has evolved beyond traditional encryption schemes, leveraging supply chain compromise to infiltrate victims. Here's what defenders need to know.

Jan 15, 20256 min read
Threat Intelligence

Vulnerability Exploitation Trends in 2024: What the Data Shows

Analysis of 2024 vulnerability exploitation patterns reveals faster weaponization timelines, shifting target profiles, and the growing importance of edge device vulnerabilities.

Dec 15, 20246 min read
Threat Intelligence

Fog Ransomware: Why Schools and Universities Are Under Siege

Fog ransomware has carved a niche by targeting educational institutions — organizations with tight budgets, thin security teams, and massive attack surfaces. Here is how they operate.

Nov 5, 20246 min read
Threat Intelligence

INC Ransom: Inside the Group Targeting Healthcare Infrastructure

INC Ransom has made healthcare a primary target, exploiting the sector's unique vulnerabilities and urgency. A deep dive into their operations and what healthcare security teams should prioritize.

Sep 15, 20246 min read
Threat Intelligence

Office Document Macro Security: The Attack Vector That Will Not Die

Microsoft disabled macros by default in 2022. Attackers adapted. The macro threat has evolved, not disappeared.

Sep 8, 20245 min read
Threat Intelligence

North Korean Threat Actors Flood npm with Malicious Packages

In 2024, DPRK-linked groups dramatically escalated their campaign to compromise developers through malicious npm packages, using fake job offers and typosquatting to deploy infostealers and backdoors.

Sep 1, 20246 min read
Threat Intelligence

VMware ESXi Under Siege: Ransomware Campaigns Targeting Hypervisors in 2024

Ransomware groups increasingly target VMware ESXi hypervisors to encrypt entire virtual environments at once. The 2024 campaigns exploited known and zero-day vulnerabilities for maximum impact.

Jul 30, 20247 min read
Threat Intelligence

OpenAI Internal Breach: What the 2023 Forum Hack Reveals About AI Company Security

Reports emerged that a hacker accessed OpenAI's internal messaging systems in early 2023, raising questions about AI company security practices and the risks of concentrated AI development.

Jun 5, 20246 min read
Threat Intelligence

Threat Intelligence Feeds for Supply Chain Security

Supply chain threat intelligence goes beyond CVE databases. Specialized feeds track malicious packages, compromised maintainers, and emerging attack techniques targeting the software supply chain.

Apr 5, 20245 min read
Threat Intelligence

BianLian's Pivot: From Ransomware Encryption to Pure Data Extortion

BianLian abandoned encryption entirely in favor of data theft and extortion. This shift reveals where ransomware economics are heading — and why traditional defenses are lagging behind.

Mar 10, 20246 min read
Threat Intelligence

Operation Cronos: How Law Enforcement Dismantled LockBit Ransomware

A coordinated international operation seized LockBit's infrastructure, arrested affiliates, and obtained decryption keys. But did it actually stop the world's most prolific ransomware gang?

Feb 20, 20245 min read
Threat Intelligence (Page 5) — Supply Chain Security Blog | Safeguard