Network Security

The Good | Authorities Disrupt Proxy Network and Charge BlackCat Insider, Vendors Patch Critical RCE Bugs U.S. and European law enforcement have dismantled the SocksEscort cybercrime proxy network, which relied on Linux edge devices infected with AVRecon malware. New research found that the service maintained roughly 20,000 compromised devices weekly and offered criminals access to […]

Overview Throughout early 2026, SentinelOne’s® Digital Forensics & Incident Response (DFIR) team has responded to several incidents where FortiGate Next-Generation Firewall (NGFW) appliances have been compromised to establish a foothold into the targeted environment. Each incident was detected and stopped during the lateral movement phase of the attack. Fortinet has disclosed and issued patches for

The Good | Global Authorities Disrupt Tycoon2FA, LeakBase & Phobos Ransomware Europol has successfully disrupted Tycoon2FA in an international operation, taking down the phishing-as-a-service (PhaaS) platform responsible for sending tens of millions of phishing emails each month. Authorities seized 330 domains used to host phishing pages and control infrastructure. Active since 2023, Tycoon2FA enabled attackers

To Our Partners and Customers The following intelligence brief was sent to all SentinelOne partners and customers today: Executive Summary Recent U.S. and Israeli strikes against Iranian targets, followed by Iranian attacks on multiple regional locations, present a highly dynamic geopolitical situation with credible cyber threat implications. Iran has historically incorporated cyber operations into periods

The Good | Authorities Arrest Hacktivist & Convict L3Harris Insider for Selling Secrets to Russia Spanish authorities have arrested four suspected members of “Anonymous Fénix”, a hacktivist group accused of launching distributed denial-of-service (DDoS) attacks against government ministries, political parties, and public institutions in Spain and parts of South America. According to the Spanish Civil

The definition of identity is expanding. Employees are no longer the only actors – or ‘workers’ – inside enterprise environments. Service accounts, APIs, workload identities, and increasingly autonomous AI agents are now executing actions on behalf of humans and systems at machine speed and scale. This is the next generation of identity and its risks.

The Good | Law Enforcement Arrest Extortionist, Phobos Affiliate & Financial Scammers A Dutch man was arrested this week after he allegedly downloaded confidential documents mistakenly shared with him and tried to extort authorities by refusing to delete them without compensation. The man kept the files, prompting a hacking investigation and a search of his

Autonomous agents and personal AI assistants are moving from experimentation to enterprise reality. Tools like OpenClaw (formerly Moltbot and Clawdbot), Nanobot and Picoclaw are being embedded across development environments, cloud workflows, and operational pipelines. They install quickly, evolve dynamically, and often operate with deep system-level access. For CISOs and security leaders, this presents a new

AI adoption is accelerating faster than security programs can adapt. Organizations are already experiencing breaches tied directly to unsanctioned AI usage, at significantly higher cost than traditional incidents, while the vast majority still lack meaningful governance controls to manage the risk. Traditional cybersecurity measures are necessary but insufficient. Securing AI requires purpose-built capabilities that span

The Good | Authorities Crack Down on Identity, Romance Baiting & Phishing Schemes Two individuals have been indicted for a years-long scheme that used stolen identities from 3,000 victims to siphon $3 million from sportsbooks. Amitoj Kapoor and Siddharth Lillaney allegedly bought personally identifying information (PII) on dark markets and Telegram, opened thousands of fake