Introduction Scalable Vector Graphics (SVG) files are increasingly being abused as initial phishing vectors. By embedding scriptable content directly in standalone “.svg” files— which users typically perceive as benign images—, threat actors are executing JavaScript code while evading traditional static analysis and email filters. At VMRay, our continuous threat monitoring
Executive Summary VMRay strengthens the AI-enabled SOC by delivering high-fidelity, fact-based threat intelligence that powers accurate, explainable, and actionable AI outcomes. Better AI decisions: High-quality sandbox & TI data for training and enrichment. Explainable alerts: Human-readable evidence grounds AI in reality. Smarter triage: Verdicts and risk scores prioritize the right
In today’s digital landscape, threat and vulnerability management is more crucial than ever. Cyber threats are evolving rapidly, posing significant risks to organizations. Understanding these threats is the first step in safeguarding your assets. Effective management involves identifying, assessing, and mitigating risks. Vulnerability management focuses on pinpointing and addressing security
Updated On: 2025-08-11 Zero-day attacks represent one of the most challenging threats in today’s cybersecurity landscape. Understanding how to prevent zero-day attacks is crucial as these attacks exploit previously unknown vulnerabilities in software, firmware, or hardware—gaps that developers and security researchers haven’t yet discovered. What makes zero-day attacks particularly dangerous
Introduction Cyber threat intelligence (CTI) has become a cornerstone of cybersecurity operations. Yet many organizations still rely on outdated CTI models—reactive, fragmented, and often ineffective against today’s fast-evolving threat landscape. In the recent article “Enhancing Cyber Resilience: Leveraging Advanced Threat Intelligence Strategy and Tools Against Cyber Threats”, Adam Palmer, CISO
In the growing arms race between security experts and hackers, malware obfuscation is a key method for avoiding detection. This article looks at the technical details of malware obfuscation. It covers basic ideas, advanced strategies, detection methods, and ways to reduce risks. With the proliferation of sophisticated obfuscation techniques, understanding
When it comes to cybersecurity, speed and accuracy are everything — especially in the financial sector, where targeted and industry-specific attacks are on the rise. For Northwestern Mutual, a leader in financial services, the challenge was clear: streamline their threat investigation process, minimize false positives, and ensure their incident response
Executive summary: The second half of 2024 shows how attackers are continuing to refine their tactics to target both organizations and individuals. The period saw substantial financial losses, including the continuation of ransomware extortions and large-scale phishing campaigns. High-profile incidents targeted major platforms like Facebook, GitHub, and LinkedIn, alongside government
Introduction SEO poisoning, also known as search poisoning, is a cyberattack technique where threat actors manipulate search engine algorithms to rank malicious websites higher in search results. These sites appear legitimate but serve malicious payloads, steal credentials, or facilitate phishing scams. This blog will explore how SEO poisoning works, its
Introduction DLL sideloading is a widely used attack technique that exploits how Windows applications load dynamic link libraries (DLLs). Threat actors use it to execute malicious payloads while evading traditional security measures. This post explores how this attack technique works, why it is attractive to attackers, and the best methods
Keep up to date with our weekly digest of articles. Get the latest news, invites to events, and threat alerts!
