Mandiant Threat Intelligence rates vulnerabilities based on the insight and experience of our analysts.

We observed a widespread, global phishing campaign from UNC2529 targeting numerous organizations across an array of industries.

The creators of DARKSIDE ransomware and their affiliates have launched a global crime spree affecting organizations in more than 15 countries and multiple industry verticals.

We take a look at simple attacks against OT systems, where actors with varying levels of skill and resources use common IT tools and techniques.

We provide an update on our investigation into compromised Pulse Secure devices by suspected Chinese espionage operators.

Mandiant observed DARKSIDE affiliate UNC2465 accessing at least one victim through a Trojanized software installer downloaded from a legitimate website.

Learn steps organizations can proactively take to harden their environment to prevent the downstream impact of a ransomware event.

Given the nature of unmanaged exports, our previously released DueDLLigence tool can also be used for DLL abuse techniques.

We discuss SAIGON, banking malware most likely based on the source code of the v3 variant of Ursnif.

An actor is blocking the ability to exploit a Citrix vulnerability, but maintaining a backdoor.