Threat Intelligence
In-depth guides and analysis on threat intelligence from the Safeguard engineering team.
64 articles
AI Deepfake Phishing Campaigns in 2025: When Seeing and Hearing Isn't Believing
AI-generated voice and video deepfakes powered a new wave of phishing campaigns in early 2025. The technology is cheap, the results are convincing, and defenses are lagging.
Medusa Ransomware: How Supply Chain Tactics Fuel a Growing Threat
Medusa ransomware has evolved beyond traditional encryption schemes, leveraging supply chain compromise to infiltrate victims. Here's what defenders need to know.
Vulnerability Exploitation Trends in 2024: What the Data Shows
Analysis of 2024 vulnerability exploitation patterns reveals faster weaponization timelines, shifting target profiles, and the growing importance of edge device vulnerabilities.
Fog Ransomware: Why Schools and Universities Are Under Siege
Fog ransomware has carved a niche by targeting educational institutions — organizations with tight budgets, thin security teams, and massive attack surfaces. Here is how they operate.
INC Ransom: Inside the Group Targeting Healthcare Infrastructure
INC Ransom has made healthcare a primary target, exploiting the sector's unique vulnerabilities and urgency. A deep dive into their operations and what healthcare security teams should prioritize.
Office Document Macro Security: The Attack Vector That Will Not Die
Microsoft disabled macros by default in 2022. Attackers adapted. The macro threat has evolved, not disappeared.
North Korean Threat Actors Flood npm with Malicious Packages
In 2024, DPRK-linked groups dramatically escalated their campaign to compromise developers through malicious npm packages, using fake job offers and typosquatting to deploy infostealers and backdoors.
VMware ESXi Under Siege: Ransomware Campaigns Targeting Hypervisors in 2024
Ransomware groups increasingly target VMware ESXi hypervisors to encrypt entire virtual environments at once. The 2024 campaigns exploited known and zero-day vulnerabilities for maximum impact.
OpenAI Internal Breach: What the 2023 Forum Hack Reveals About AI Company Security
Reports emerged that a hacker accessed OpenAI's internal messaging systems in early 2023, raising questions about AI company security practices and the risks of concentrated AI development.
Threat Intelligence Feeds for Supply Chain Security
Supply chain threat intelligence goes beyond CVE databases. Specialized feeds track malicious packages, compromised maintainers, and emerging attack techniques targeting the software supply chain.
BianLian's Pivot: From Ransomware Encryption to Pure Data Extortion
BianLian abandoned encryption entirely in favor of data theft and extortion. This shift reveals where ransomware economics are heading — and why traditional defenses are lagging behind.
Operation Cronos: How Law Enforcement Dismantled LockBit Ransomware
A coordinated international operation seized LockBit's infrastructure, arrested affiliates, and obtained decryption keys. But did it actually stop the world's most prolific ransomware gang?