Skip to Content
Get started
Open search
Focus Scroll Background

Threat Research

RSS

Threat Research

clickfix

Featured

GOLD FEATHER

human verification

infostealer

qilin

Ransomware

StealC

I am not a robot: ClickFix used to deploy StealC and Qilin

The fake human verification process led to infostealer and ransomware infections

December 18, 2025

Sophos Counter Threat Unit Research Team
Threat Intelligence Executive Report – Volume 2025, Number 6

Threat Research

EDR killer

infostealer

Ransomware

Threat Intelligence Executive Report – Volume 2025, Number 6

February 10, 2026

Malicious use of virtual machine infrastructure

Threat Research

virtual machine

cybercrime

Ransomware

ISPs

Malicious use of virtual machine infrastructure

February 4, 2026

CVE-2026-21509-hero.jpg

Threat Research

Microsoft Office

vulnerability

advisory

Microsoft Office vulnerability (CVE-2026-21509) in active exploitation

January 27, 2026

tamperedchef-featured-image.jpg

Threat Research

TamperedChef

EvilAI

infostealer

Sophos X-Ops

TamperedChef serves bad ads, with infostealers as the main course

January 16, 2026

A computer hard disk on fire against a white background

Threat Research

Ransomware

Hive

Lockbit

BlackCat

LLM

AI

Money Laundering

Laughter in the dark: Tales of absurdity from the cyber frontline and what they taught us

January 13, 2026

GettyImages-2149936164.png

Threat Research

ATT&CK

Emulation

Featured

MITRE

MUSTANG PANDA

scattered spider

Sophos X-Ops

Game of clones: Sophos and The MITRE ATT&CK Enterprise 2025 Evaluations

December 15, 2025

Inside Shanya, a packer-as-a-service fueling modern attacks

Threat Research

EDR killer

featured

packer

Ransomware

shanya

SophosLabs

Inside Shanya, a packer-as-a-service fueling modern attacks

December 6, 2025

Sharpening the knife: GOLD BLADE’s strategic evolution

Threat Research

Canada

featured

GOLD BLADE

QWCrypt

recruitment platforms

RedLoader

STAC6565

Sharpening the knife: GOLD BLADE’s strategic evolution

December 5, 2025

WhatsApp compromise leads to Astaroth deployment

Threat Research

Astaroth

Brazil

featured

Guildma

infostealer

WhatsApp

worm

WhatsApp compromise leads to Astaroth deployment

November 20, 2025