Blogs
The latest cybersecurity trends, best practices, security vulnerabilities, and more
Research


Aug 14, 2025
A Comprehensive Analysis of HijackLoader and its Infection Chain
HijackLoader, a stealthy loader which delivers a wide variety of payloads, has been found to be spreading using fake download links on various piracy websites as well as SEO poisoning using legitimate websites. In some cases, the malicious domains were not blocked by popular ad-blockers for an extended amount of time leaving end users who rely on ad-blockers to keep them safe from fake downloads 100% of the time vulnerable. This writeup gives a thorough analysis of the malware.

Aug 12, 2025
Exposing PathWiper: DCOM Abuse and Network Erasure
This blog explores how attackers used Distributed Component Object Model (DCOM) as a lateral movement technique to distribute PathWiper, and how Trellix Network Detection and Response (NDR) detects and visualizes such activities. The insights provided here are especially relevant for SOC analysts and cybersecurity professionals who aim to understand and defend against similar threats.

Aug 06, 2025
The Bug Report - July 2025 Edition
Beat the heat and the hackers! Our July 2025 Bug Report details unauthenticated RCEs & critical flaws in SharePoint, Git, FTP, and FortiWeb. Patch immediately!

Aug 05, 2025
Gang Wars: Breaking Trust Among Cyber Criminals
Over the past few years, the Ransomware-as-a-Service (RaaS) model rose to dominance, structured like criminal empires, complete with brands, affiliate programs, and professional operations. What once looked like organized crime, now more closely resembles a paranoid, fractured ecosystem where loyalty is temporary and betrayal is expected. Today, we’re watching the RaaS model unravel.

Jul 28, 2025
Let’s Be Objective: A Deep Dive into 0bj3ctivityStealer's Features
A new info-stealer, 0bj3ctivityStealer, is spreading via phishing emails. It uses steganography and PowerShell to evade defenses and steal data.

Jul 23, 2025
Critical SharePoint Vulnerabilities Under Active Exploitation
On-premises Microsoft SharePoint servers are currently facing high-impact, ongoing threat activity due to a set of critical vulnerabilities, notably CVE-2025-49704, CVE-2025-49706, CVE-2025-53770, and CVE-2025-53771.

Jul 21, 2025
Dark Web Roast - June 2025 Edition
At Trellix, we think it's important we don’t make cybercriminals seem larger than life or hero-worship them. This roast is about showing the human side of cybercrime and how they mess up, just like anyone else.

Jul 17, 2025
Detecting and Visualizing Lateral Movement Attacks with Trellix Helix Connect
This blog marks the third installment in our series on detecting and visualizing lateral movement attacks with Trellix Helix Connect.

Jul 15, 2025
Threat Analysis: SquidLoader - Still Swimming Under the Radar
A new wave of SquidLoader malware samples are actively targeting financial services institutions in Hong Kong. This sophisticated malware exhibits significant evasion capabilities, achieving near-zero detection rates on VirusTotal at the time of analysis.

Jul 08, 2025
The DoNot APT group, also identified by various security vendors as APT-C-35, Mint Tempest, Origami Elephant, SECTOR02, and Viceroy Tiger, has been active since at least 2016, and has been attributed by several vendors to have links to India.
Recent News
-
Aug 14, 2025
Michael K. Green Joins Trellix as CISO
-
Aug 12, 2025
Trellix Extends Data Security to ARM-Compatible Devices
-
Jul 31, 2025
Trellix Appoints Natalie Polson Chief Revenue Officer
-
Jun 17, 2025
Trellix Accelerates Organizational Cyber Resilience with Deepened AWS Integrations
-
Jun 10, 2025
Trellix Finds Threat Intelligence Gap Calls for Proactive Cybersecurity Strategy Implementation
RECENT STORIES
More from Trellix
The
CyberThreat Report
April 2025
Get the latest
Stay up to date with the latest cybersecurity trends, best practices, security vulnerabilities, and so much more.
Zero spam. Unsubscribe at any time.