Although exploit kit activity is on the decline, we recently observed RIG Exploit Kit delivering a Trojan named Grobios.

This post examines new persistence and auth bypass techniques for Pulse Secure VPNs, which we've observed being used by one or more groups.

Mandiant's experts review different approaches to NFT storage and the associated security and data availability risks.

More threat actors are leveraging the EternalBlue exploit, initially used by WannaCry ransomware.

FireEye Labs recently identified a previously unobserved version of Ploutus, dubbed Ploutus-D, that interacts with KAL’s Kalignite multivendor ATM platform. The samples we identified target the ATM vendor Diebold.

Learn some basic facts about address space layout randomization (ASLR), focusing on the Windows implementation.

We observed several high-volume FormBook malware distribution campaigns taking aim at Aerospace, Defense Contractor, and Manufacturing sectors within the U.S. and South Korea during the third quarter of 2017.

The concept of "packing" or "crypting" a malicious program is widely popular among threat actors looking to bypass or defeat analysis by static and dynamic analysis tools.

A suspected China-nexus campaign believed to have exploited a recently announced vulnerability in Fortinet's FortiOS.

Learn how to remove a simple obfuscation from a Python code object using the bytecode_graph module.