Unveiling TITAN AI: A New Era of Threat-Informed Third-Party Risk Management
Request a demo Get started for free

Resources

Cybersecurity white papers, data sheets, webinars, videos and more

Resource Library

Clear filters

Beyond the Hype: Moltbot’s Real Risk Is Exposed Infrastructure, Not AI Superintelligence

Blog

Beyond the Hype: Moltbot’s Real Risk Is Exposed Infrastructure, Not AI Superintelligence
STRIKE Uncovers Widespread OpenClaw (Moltbot) Exposure Across the Internet Why are AI agents becoming a new attack surface? Over the past several days, OpenClaw (formerly known as Clawdbot and and Moltbot) has drawn intense attention across social media and headlines. Much of that attention has focused on… Read More
STRIKE Team
Operation WrtHug, The Global Espionage Campaign Hiding in Your Home Router

Blog

Operation WrtHug, The Global Espionage Campaign Hiding in Your Home Router
Your home router, the device that connects you to the internet, may have been turned into a tool for a global espionage campaign. A new report, “Operation WrtHug,” has uncovered a massive, coordinated effort that has compromised thousands of ASUS routers worldwide. This is a meticulously planned operation… Read More
STRIKE Team
When SaaS Trust Becomes a Threat: Insights from the Salesloft Drift Compromise

Blog

When SaaS Trust Becomes a Threat: Insights from the Salesloft Drift Compromise
A recent breach at Salesloft shows how attackers can use trusted tools against the very companies that rely on them. Attackers used OAuth tokens for the “Drift” chat agent integration with Salesforce to gain access to sensitive customer data in recent days. The series of incidents highlights how… Read More
STRIKE Team
From the Depths of the Shadows: IRGC and Hacker Collectives Of The 12-Day War

Blog

From the Depths of the Shadows: IRGC and Hacker Collectives Of The 12-Day War
In June 2025, during the 12-day conflict between Israel and Iran, a network of Iran-linked hackers launched a flurry of cyber-operations aligned with the war. As air strikes crossed borders, a vast array of hacking groups began working to sway public opinion, disrupt businesses, and intimidate and undermine… Read More
STRIKE Team
Unmasking A New China-Linked Covert ORB Network: Inside the LapDogs Campaign

Blog

Unmasking A New China-Linked Covert ORB Network: Inside the LapDogs Campaign
LapDogs: China-Linked ORB Network Revealed in Global Espionage Campaign   SecurityScorecard’s STRIKE team has identified a previously unreported Operational Relay Box (ORB) Network—LapDogs—a novel and prolonged espionage infrastructure campaign that marks yet another instance of China-Nexus cyber actors leveraging ORB Networks.   Key Takeaways… Read More
STRIKE Team
Massive Botnet Targets M365 with Stealthy Password Spraying Attacks

Research

Massive Botnet Targets M365 with Stealthy Password Spraying Attacks
STRIKE Team
Lazarus Group Targets Developers Through NPM Packages and Supply Chain Attacks

Blog

Lazarus Group Targets Developers Through NPM Packages and Supply Chain Attacks
North Korea’s Lazarus Group is evolving its tactics again. The latest campaign, dubbed Operation Marstech Mayhem, introduces an advanced implant named “Marstech1.” This malware is designed to compromise software developers and cryptocurrency wallets through manipulated open-source repositories. Unlike previous Lazarus operations, this campaign employs obfuscation techniques that make… Read More
STRIKE Team
Lazarus Group is Infecting Open-Source Code. Are You at Risk?

Research

Lazarus Group is Infecting Open-Source Code. Are You at Risk?
STRIKE Team
A Deep Peek at DeepSeek

Blog

A Deep Peek at DeepSeek
DeepSeek’s rapid ascent in the AI space has made it impossible to ignore. Its sophisticated models and AI assistant have captured global attention. And, while headlines focus on DeepSeek’s capabilities, STRIKE research exposes critical security flaws, hidden data flows, and unanswered questions about who has access to the… Read More
STRIKE Team
Operation Phantom Circuit: North Korea’s Global Data Exfiltration Campaign

Research

Operation Phantom Circuit: North Korea’s Global Data Exfiltration Campaign
STRIKE Team
Operation Phantom Circuit: North Korea’s Global Data Exfiltration Campaign

Blog

Operation Phantom Circuit: North Korea’s Global Data Exfiltration Campaign
In December 2024, a routine software update concealed a global threat. Attackers from the Lazarus Group, based in North Korea, infiltrated trusted development tools, compromising hundreds of victims worldwide. This sophisticated campaign, code-named “Phantom Circuit,” targeted cryptocurrency and technology developers, employing advanced obfuscation techniques through proxy servers in… Read More
STRIKE Team
Operation 99: North Korea’s Cyber Assault on Software Developers

Blog

Operation 99: North Korea’s Cyber Assault on Software Developers
On January 9, the SecurityScorecard STRIKE team uncovered Operation 99, a cyberattack by the Lazarus Group, North Korea’s state-sponsored hacking unit. This campaign targets software developers looking for freelance Web3 and cryptocurrency work. If you thought fake job offers from the group’s Operation Dream Job campaign were bad,… Read More
STRIKE Team
The Botnet is Back: SSC STRIKE Team Uncovers a Renewed Cyber Threat

Blog

The Botnet is Back: SSC STRIKE Team Uncovers a Renewed Cyber Threat
A silent danger is sweeping through the world’s critical infrastructure. The SecurityScorecard STRIKE Team has uncovered a resurgence of Volt Typhoon—a state-sponsored cyber-espionage group from the Asia-Pacific region, known for its precision and persistence. This is no ordinary attack. Volt Typhoon exploits unprotected, outdated edge devices within targeted… Read More
STRIKE Team
Inside a North Korean Phishing Operation Targeting DevOps Employees

Blog

Inside a North Korean Phishing Operation Targeting DevOps Employees
Interested in the personal story behind the attack? Read the firsthand account here Sophisticated threat actors are increasingly targeting organizations with tailored phishing campaigns. Recently, SecurityScorecard detected a similar attempt against our team—and stopped it in its tracks. We’re sharing our findings to support the InfoSec community… Read More
Nation State Actors
Phishing
STRIKE Team
The Job Offer That Wasn’t: How We Stopped an Espionage Plot

Blog

The Job Offer That Wasn’t: How We Stopped an Espionage Plot
In cybersecurity, transparency matters—because none of us are immune. Increasingly, we’re seeing threat actors hone in on specific organizations. When we detected the recent “Contagious Interview” campaign targeting one of our own, our team acted fast to stop it in its tracks. We’re sharing this story so others… Read More
STRIKE Team
Iran-Attributed Exploitation of Log4Shell Vulnerability

Research

Iran-Attributed Exploitation of Log4Shell Vulnerability
Executive Summary CISA and the FBI issued a joint advisory warning of ongoing exploitation of the Log4Shell vulnerability (CVE-2021-44228) on November 16. The advisory noted that an unspecified Iran-linked threat actor group had exploited the vulnerability during an intrusion into a Federal Civilian Executive Branch (FCEB) organization’s network earlier… Read More
Cyber Threat Intelligence
STRIKE Team
A Detailed Analysis of the RedLine Stealer

Research

A Detailed Analysis of the RedLine Stealer
Executive Summary: What is Redline Stealer? RedLine is a stealer distributed as cracked games, applications, and services. The malware steals information from web browsers, cryptocurrency wallets, and applications such as FileZilla, Discord, Steam, Telegram, and VPN clients. The binary also gathers data about the infected machine, such as the… Read More
STRIKE Team
JBS Ransomware Attack Started in March and Much Larger in Scope than Previously Identified

Blog

JBS Ransomware Attack Started in March and Much Larger in Scope than Previously Identified
SecurityScorecard also found that 1 in 5 of the world’s food processing, production, and distribution companies rated have a known vulnerability in their exposed Internet assets Key insights Using SecurityScorecard’s proprietary tools, our Investigations & Analysis (I&A) team observed the following: The JBS campaign began with a reconnaissance phase in… Read More
Cyber Threat Intelligence
STRIKE Team
The Increase in Ransomware Attacks on Local Governments

Research

The Increase in Ransomware Attacks on Local Governments
Executive Summary of Local Government Ransomware Attacks SecurityScorecard’s threat research team undertook a broad survey of recent developments in ransomware activity affecting the state and local government and education (SLED) sectors. The ALPHV/BlackCat and LockBit 2.0 ransomware groups appear to have been responsible for a notable portion of activity targeting… Read More
Public Sector
STRIKE Team
A Deep Dive Into ALPHV/BlackCat Ransomware

Research

A Deep Dive Into ALPHV/BlackCat Ransomware
Executive summary ALPHV/BlackCat is the first widely known ransomware written in Rust. The malware must run with an access token consisting of a 32-byte value (–access-token parameter), and other parameters can be specified. The ransomware comes with an encrypted configuration that contains a list of services/processes to be stopped,… Read More
STRIKE Team
Brute Force Attempts May Have Preceded Ransomware Attack on School District

Research

Brute Force Attempts May Have Preceded Ransomware Attack on School District
Executive Summary: Vice Society Ransomware Group Attack Following reports that an attack by the Vice Society ransomware group was responsible for disrupting a US school district’s operations, SecurityScorecard researchers reviewed available data from internal sources and strategic partnerships. SecurityScorecard’s platform revealed that the school district suffered from issues that our… Read More
Public Sector
STRIKE Team