January 30, 2026 | Reading time: 18 minutes
Part 2 of our ChatGPT stealer investigation. We reverse-engineered both malicious extensions, confirmed both C2 servers are still live and actively accepting stolen data, mapped the complete exfiltration chain, and validated proof-of-concept uploads in an isolated environment. Includes YARA rules, Snort/Suricata signatures, SHA-256 hashes, and a full incident response playbook for affected organizations.
Read Full Article →
Malware Analysis
Reverse Engineering
C2 Infrastructure
Chrome Extensions
IOCs
January 11, 2026 | Reading time: 10 minutes
We confirmed malicious AI/ChatGPT-themed Chrome extensions stealing prompts and session data in a real client environment — part of a campaign potentially impacting 900,000 users. This article covers the three incidents we investigated, Microsoft Defender detections, SOC hunting queries for MDE Advanced Hunting, and practical mitigations for enterprise teams. This is prompt poaching, and it's more dangerous than most teams realize.
Read Full Article →
Incident Response
Threat Intelligence
Chrome Extensions
SOC Hunting
AI Security
December 21, 2025 | Reading time: 12 minutes
2025 was a record year for cyberattacks - and for our XDR team, it meant investigating over 1,000 high-severity security alerts across finance, healthcare, manufacturing, and critical infrastructure organizations. This comprehensive analysis breaks down 5 critical incidents that defined 2025's threat landscape: from credential breaches dismissed as "user error" to sophisticated AiTM phishing attacks that bypassed MFA. Learn what really works in threat detection and response, and what to prioritize for 2026.
Read Full Article →
Incident Response
Threat Intelligence
XDR
Real Cases
2025 Review