Network Security

For decades, attackers have favored one intrusion method over all others: compromise the identity. Long before ransomware crews industrialized extortion and modern malware ecosystems matured, adversaries understood a simple truth. If you can access a legitimate account, you can bypass most security controls and operate inside a network with the same privileges as the user […]

Across organizations, AI adoption is accelerating. Tools are being deployed, workflows are being restructured, and headcount decisions are being made against the assumption that AI will absorb the analytical load. Most leaders doing this work believe they are being careful because the technology keeps reminding them it isn’t ready yet. This is a dangerous phase

Host-based Behavioral Autonomous AI Detection is by far the most effective way to generically see, and stop both Human and/or machine-speed AI Agent based rogue or malicious activities. On March 24, 2026, SentinelOne’s autonomous detection caught what manual workflows never could have: a trojaned version of LiteLLM, one of the most widely used proxy layers

The Good | U.S. Jails Ransomware Actors, Extradites Alleged RedLine Operator The DoJ has given Russian national, Aleksey Volkov, almost seven years in person and ordered him to pay full restitution for acting as an initial access broker in Yanluowang ransomware attacks. Between 2021 and 2022, he breached multiple U.S. organizations and sold network access

The Good | Operation Synergia III Disrupts Malicious Networks & the EU Sanctions State-Sponsored Attackers Operation Synergia III, an Interpol-led crackdown spanning July 2025 to January 2026, has disrupted global cybercrime infrastructure across the globe. Authorities across 72 countries sinkholed 45,000 malicious IP addresses and seized 212 devices and servers, resulting in 94 arrests and

The Good | Authorities Disrupt Proxy Network and Charge BlackCat Insider, Vendors Patch Critical RCE Bugs U.S. and European law enforcement have dismantled the SocksEscort cybercrime proxy network, which relied on Linux edge devices infected with AVRecon malware. New research found that the service maintained roughly 20,000 compromised devices weekly and offered criminals access to

Overview Throughout early 2026, SentinelOne’s® Digital Forensics & Incident Response (DFIR) team has responded to several incidents where FortiGate Next-Generation Firewall (NGFW) appliances have been compromised to establish a foothold into the targeted environment. Each incident was detected and stopped during the lateral movement phase of the attack. Fortinet has disclosed and issued patches for

The Good | Global Authorities Disrupt Tycoon2FA, LeakBase & Phobos Ransomware Europol has successfully disrupted Tycoon2FA in an international operation, taking down the phishing-as-a-service (PhaaS) platform responsible for sending tens of millions of phishing emails each month. Authorities seized 330 domains used to host phishing pages and control infrastructure. Active since 2023, Tycoon2FA enabled attackers

To Our Partners and Customers The following intelligence brief was sent to all SentinelOne partners and customers today: Executive Summary Recent U.S. and Israeli strikes against Iranian targets, followed by Iranian attacks on multiple regional locations, present a highly dynamic geopolitical situation with credible cyber threat implications. Iran has historically incorporated cyber operations into periods

The Good | Authorities Arrest Hacktivist & Convict L3Harris Insider for Selling Secrets to Russia Spanish authorities have arrested four suspected members of “Anonymous Fénix”, a hacktivist group accused of launching distributed denial-of-service (DDoS) attacks against government ministries, political parties, and public institutions in Spain and parts of South America. According to the Spanish Civil