Dependency-Track is an open source platform that helps organizations identify and mitigate risks in their software supply chain. It achieves this by analyzing Software Bill of Materials (SBOMs), which is a detailed inventory of all software components, libraries, and modules that comprise an application. Dependency-Track can be integrated into CI/CD pipelines to analyze SBOMs generated […]

Auto-color is a stealthy Linux backdoor used in cyberattacks targeting government institutions and universities across North America and Asia. Attributed to an unknown threat actor, Auto-color is specifically designed for persistence and evasion, allowing it to remain undetected on infected systems for extended periods. The malware disguises itself as a harmless color-enhancement utility to avoid […]

Wazuh ruleset as code (RaC) introduces a DevOps-driven approach to consistently manage Wazuh threat detection and security monitoring rulesets. It allows security teams to use version control systems and CI/CD pipelines to automatically deploy Wazuh rules and decoders. This approach leverages the principles of infrastructure as code (IaC) to enable collaboration, change tracking, and rollback […]

ESET PROTECT Hub allows administrators to manage identities, licenses, and users across various ESET services from a single location. These services, including ESET PROTECT, ESET Inspect, and ESET Cloud Office Security, are designed to provide threat detection and endpoint protection solutions for businesses and individuals. Wazuh is an open source security platform designed for threat […]

Mamona is a lightweight ransomware strain that is widely available and primarily targets Windows endpoints. Unlike more sophisticated ransomware families, it operates entirely offline, encrypting files locally without any command-and-control (C2) communication or data exfiltration. This absence of network activity makes it harder to detect using network traffic analysis alone. Mamona ransomware uses custom encryption […]

The DOGE Big Balls is a sophisticated ransomware variant linked to the Fog ransomware group, first observed in early 2025. It has affected organizations across various sectors, such as technology, education, and finance, by combining technical exploits with psychological manipulation. Delivered primarily through phishing campaigns containing malicious ZIP archives, the ransomware uses PowerShell scripts to […]

Cybersecurity frameworks are structured standards, guidelines, and best practices for managing and reducing cybersecurity risks. Some examples include NIST, HIPAA Security Rule, PCI DSS, and CMMC. These frameworks provide a foundational blueprint for securing sensitive data and strengthening cyber resilience, especially in regulated industries. Wazuh, an open source Security Information and Event Management (SIEM) and […]

XWorm is a .NET-based Remote Access Trojan (RAT) that initially emerged in early 2022 and resurfaced in 2025 with enhanced capabilities and renewed activity in targeted cyberattacks. Designed to compromise Windows endpoints, XWorm is widely adopted by threat actors due to its modular design and low detection rates when obfuscated, making it a persistent threat […]

Artificial intelligence (AI) makes threat hunting in Wazuh more efficient and effective as it can process vast amounts of security data at high speeds. It can spot subtle patterns and anomalies that human analysts might miss. By leveraging AI in Wazuh threat hunting, security teams can be more efficient and focus their expertise where it’s […]

Recent articles have linked CVE-2025-24016, an old Wazuh server vulnerability, to botnet activity via remote code execution. This issue was fixed in October 2024 with version 4.9.1. Any instance running 4.9.1 or later is fully patched and secure. It’s also important to understand the nature of CVE-2025-24016. This is an authenticated vulnerability, meaning it can […]