Blog

The Good | Authorities Dismantle XSS.is Cybercrime Forum & Release Free Phobos/8Base Decryptor After a 12-year long run, XSS[.]is (formerly DaMaGeLaB) faced major disruptions this week with the arrest of its suspected administrator as part of a joint operation led by French and Ukrainian authorities. The Russian-speaking cybercrime forum had been active since 2013 with …

The Good, the Bad and the Ugly in Cybersecurity – Week 30 Read More »

A new, critical zero-day vulnerability dubbed “ToolShell” (CVE-2025-53770) poses a significant threat to on-premises SharePoint Server deployments. This vulnerability enables unauthenticated remote code execution (RCE), posing a significant risk to organizations worldwide. SentinelOne has detected exploitation in the wild, elevating the active threat posed by this new attack and the importance of organizations taking mitigative …

Defending Against ToolShell: SharePoint’s Latest Critical Vulnerability Read More »

Recently, SentinelOne published two reports highlighting each side of the cloud security challenge: The Cloud Security Survey Report presents insights from 400 cybersecurity managers and practitioners covering current cloud security operations, responsibilities, perceptions of technologies, and future investment plans. The Cloud Security Risk Report details five emerging risk themes for 2025 with in-depth examples of attacks …

AI’s Double Edge: How AI Expands the Attack Surface & Empowers Defenders Read More »

On July 19th, Microsoft confirmed that a 0-day vulnerability impacting on-premises Microsoft SharePoint Servers, dubbed “ToolShell” (by researcher Khoa Dinh @_l0gg), was being actively exploited in the wild. This flaw has since been assigned the identifier CVE‑2025‑53770, along with an accompanying bypass tracked as CVE‑2025‑53771. These two new CVEs are being used alongside the previously …

SharePoint ToolShell | Zero-Day Exploited in-the-Wild Targets Enterprise Servers Read More »

The Good | Cybercriminals Face Disruptions Across Ransom, DDoS & Extortion Campaigns Cameron John Wagenius, a 21-year-old former U.S. Army soldier, has pleaded guilty to attacking and extorting at least ten U.S. telecom and tech companies, including AT&T and Verizon. Operating under aliases like “kiberphant0m” and “’cyb3rph4nt0m”, he used tools like SSH Brute and SIM-swapping …

The Good, the Bad and the Ugly in Cybersecurity – Week 29 Read More »

The speed and innovation of our cloud and AI age is undeniable. However, opportunity comes paired with responsibility and risk. The duality of the cloud security challenge is that these two opposing forces are markedly different. To keep cloud environments safe and secure, we need to introspectively examine how we can improve our internal people, …

Primary Attack Vectors Persist Read More »

Cyber threats and attacks like ransomware continue to increase in volume and complexity with the endpoint typically being the most sought after and valued target. With the rapid expansion and adoption of AI, it is more critical than ever to ensure the endpoint is adequately secured by a platform capable of not just keeping pace, …

Endpoint Protection Redefined: Insights from the 2025 Gartner® Magic Quadrant™ for EPP, and How Agentic AI and Platformization Are Shaping the Market Read More »

Katz Stealer is a feature-rich infostealer marketed and operated as Malware-as-a-Service (MaaS). It was launched in early 2025 and quickly garnered attention within the infostealer landscape. The stealer includes robust credential and data discovery with theft capabilities as well as modern evasion and anti-analysis features. It is used to exfiltrate a broad range of personal …

Katz Stealer | Powerful MaaS On the Prowl for Credentials and Crypto Assets Read More »

The Good | DoJ Charges “IntelBroker” Cyberattacker Responsible for $25M in Data Theft A British national linked to a series of globally-reaching, high-impact data breaches has been formally charged by U.S. authorities. Kai West, 25, is accused of operating under the alias “IntelBroker” and orchestrating cyberattacks that led to an estimated $25 million in damages …

The Good, the Bad and the Ugly in Cybersecurity – Week 26 Read More »

AWS re:Inforce is the place where cloud security leaders come together to learn, connect, and innovate with SentinelOne being a proud sponsor of this year’s event. A special event particularly for cloud innovators, we’re excited to join AWS, our partners, and customers to explore how we can secure the future of cloud, together. SentinelOne believes …

Inside the SentinelOne + AWS Partnership: Smarter Cloud Security at re:Inforce 2025 Read More »