Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The Hackers Who Left Their Entire Playbook Online

A ransomware group called Warlock tore through more than 60 organisations in six months, targeting the nuclear energy, aerospace, and government sectors. They chain zero-days and neutralise antivirus software using signed Chinese drivers. This is how they operate and how the Sophos CTU tracked them across eleven incidents to expose their full playbook​

CYJAX Launches Compromised Device Alerting to Detect Threats Earlier

Detect compromised devices before attackers act. CYJAX’s new alerting identifies stealer malware infections and exposed credentials in near real time. CYJAX today announced the launch of Compromised Device Alerting, a new capability designed to help organisations identify compromised devices within their environment before attackers can act on stolen credentials.

Episode 14 - Harvest Now, Decrypt Later: The Shift to Post-Quantum Cryptography

The emergence of quantum computing has introduced a definitive expiration date for classical encryption, fueling a "harvest now, decrypt later" strategy among sophisticated nation-state actors. In this episode, Vince Stoffer joins Richard Bejtlich to demystify Post-Quantum Cryptography (PQC) and explain why organizations must move beyond a "set it and forget it" mentality regarding their encryption standards.

Donuts and Beagles: Fake Claude site spreads backdoor

A malicious imitation of Anthropic’s Claude site leads to DLL sideloading – and a backdoor As we reported on social media recently, Sophos X-Ops has been investigating reports of a fake Claude AI website distributing malware. Like other researchers, we thought this might be a PlugX-like campaign, given that the attack chain shares several characteristics with observed PlugX attacks.

How AI-accelerated threat discovery is reshaping network security

How AI-accelerated threat discovery is reshaping network security As vulnerabilities are discovered faster than ever, organizations must rethink how they reduce exposure and contain risk at the network edge. Claude Mythos Preview has reignited debate about AI-driven cyber attacks, but the real shift isn’t what AI finds, it’s how quickly issues at the network edge can turn into impact. This post explores what’s changed and how network security must adapt to keep up.

The New Vanguard: Strategic Leadership in the Age of Autonomous Threats

The threat landscape of 2026 is no longer defined by the singular hacker or the isolated malware strain. We have entered the era of the "Autonomous Adversary"-a period where AI-driven social engineering, automated vulnerability discovery, and polymorphic code are the standard tools of state-sponsored and criminal actors alike. For the security professional, the traditional defensive perimeter has dissolved. To navigate this complexity, the industry is moving away from purely tactical responses toward a model of "Cyber-Resilience and Strategic Governance.".