On August 29, our SOC ran into a brand-new ransomware variant named Obscura—a Go-based payload with a ransom note that reads more like a manifesto than extortion demand. Read the full breakdown, including IOCs and ransomware internals 👇

We are thrilled to announce that @_JohnHammond will be the keynote speaker at @BSidesNYC on October 18, 2025! We look forward to John sharing his insights.

Turn old photos into videos and see friends and family come to life. Try Grok Imagine, free for a limited time.

Obscura ransomware: ⚙️ Go binary 🧠 Domain-aware 🧨 Schedules tasks 🔪 Kills 120+ security procs 🔐 XChaCha20 encryption 📜 Ransom note delivered via base64 string Here’s what we found and why it matters → https://t.co/IaBHrFGe0B

Welcome to the Dark Web. Here's a handy FAQ to get you started... Take a Journey to the Center of The Dark Web with @_JohnHammond & @davekleinatland https://t.co/gmioJrSafa

This month’s Tradecraft Tuesday dives into the biggest threats shaping 2025. 👀 On the agenda: ✔️ What’s changed since our 2025 Cyber Threat Report ✔️ Tradecraft on the rise ✔️ Emerging threats like vulnerable drivers and IT worker scams Save your spot: https://t.co/v80cZueAbu

🚩 Shady logins: Attackers use sketchy user agents to mimic legitimate browsers or email clients. Red flag detection helps us spot them. Hackers know your people are the easiest way in. That’s why identity is one of their favorite attack surfaces.

🚩 Malicious inbox rules: Hackers hide warning emails or auto-forward your sensitive info. We monitor and shut these shady setups down. 🚩 Malicious infrastructure: When IP addresses link back to known attacker hubs, we move fast to kill the session.

Business Email Compromise (BEC) costs enterprises $2.9 billion every year. Here's how threat actors pull it off. 🚩 Unknown VPNs: Logins from untrusted VPNs are a dead giveaway someone is sidestepping your network controls. We flag and stop them.

Persistence = hackers biding their time for the right moment. This recent case started had a rogue RMM disguised as VMware had been lurking for years (before we were even deployed). Even verified VMware was in use before deploying. We can end the long game in real-time.

Full blog has: ✔️ More IOCs ✔️ Full command line breakdowns ✔️ Defender telemetry ✔️ Ransom note excerpts Read:

6/ Bonus: “Cephalus” comes from Greek mythology, Cephie wielded a javelin that never missed. The name (and tactics) suggest this crew isn’t here to experiment.

5/ Also this twist: The note included a link to a GoFile repository + password. Victims were encouraged to verify their stolen data. Proof of exfil. Pressure to pay.

4/ The ransom note? It links to dark web articles promoting Cephalus. Threat actor flexing their “credibility” with prior hits. Not your average note.

3/ Then came the obfuscation: ✔️ Shadow copies deleted ✔️ Defender exclusions created ✔️ Defender services disabled ✔️ Scheduled tasks created ✔️ All via PowerShell and Registry edits

2/ 🚨 DLL Sideloading via SentinelOne This attacker used: 🟢 SentinelBrowserNativeHost.exe 🟣 + SentinelAgentCore.dll 🟡 + data.bin (the ransomware payload) Legit tools abused to fly under the radar.

1/ 🔐 Initial Access ➡️ RDP ➡️ No MFA ➡️ Compromised creds ➡️ MEGA cloud storage for exfil Classic double extortion setup—but the ransomware deployment caught our attention.

🧵 Cephalus Ransomware: Don’t Lose Your Head We just ran into a new ransomware variant with a unique attack process Here’s what makes Cephalus different, and why defenders need to pay attention. 👇

Over the past 10 years, attackers have tested us. But every cutting-edge attack pushed our community to double down on wrecking hackers. 💪 As #HuntressTurns10, we’re looking back at the biggest cybersecurity moments that defined the decade: https://t.co/LMYXMK25Qo

Ransomware groups don’t just encrypt files, they steal them first. Data staging + exfiltration is the most common step before encryption. Here's how it happens (with real tactics + command lines):👇 https://t.co/deNqIKsXSM

10 years 🤯 of wrecking hackers. In this month's Product Lab, we're rewinding the highs, the lows & the lessons that shaped us. Plus, a look ahead at the threats the next decade could bring (and what we’re doing to stop them). 👀 Register now: https://t.co/HzsS4qmcCV