Mandiant Archives

Leucauge venusta, known as the orchard orbweaver spider, resting in the center of her web in Charleston, South Carolina. (Daniela Duncan/Getty Images)

Scattered Spider weaves web of social-engineered destruction

The cybercrime ring has infiltrated more than 100 businesses since 2022, including more than a dozen since it regrouped earlier this year.

2 days ago By Matt Kapko

A logo sign outside of the headquarters of Ivanti in South Jordan, Utah. (Kristoffer Tripplaar / Alamy Stock Photo)

China-linked attacker hit France’s critical infrastructure via trio of Ivanti zero-days last year

French authorities said government agencies and businesses spanning telecom, media, finance and transportation were impacted by the widely exploited Ivanti vulnerabilities.

Jul 3, 2025 By Matt Kapko

The Hawaiian Airlines logo is displayed at a check-in area at Los Angeles International Airport (LAX) on December 4, 2023 in Los Angeles, California. (Photo by Mario Tama/Getty Images)

Scattered Spider strikes again? Aviation industry appears to be next target for criminal group

Hawaiian Airlines announced a cybersecurity incident Friday as security experts warned of a sector-wide threat.

Jun 27, 2025 By Greg Otto

CrowdStrike, Microsoft aim to eliminate confusion in threat group attribution

Wild variances in naming taxonomies aren’t going away, but a new initiative from the security vendors aims to more publicly address obvious overlap in threat group attribution.

Jun 3, 2025 By Matt Kapko

Person’s hand holding an iPhone and using the Luma Labs Dream Machine artificial intelligence video generator, a generative AI system for creating videos, Lafayette, California, June 26, 2024. (Photo by Smith Collection/Gado/Getty Images)

Mandiant flags fake AI video generators laced with malware

A Vietnam-based group has spread thousands of advertisements, fake websites and social media posts promising access to popular prompt-to-video AI generation tools, delivering infostealers and backdoors instead.

May 27, 2025 By Derek B. Johnson

Signage at the headquarters of SAP AG, Germany’s largest software company on January 8, 2013 in Walldorf, Germany. (Photo by Thomas Lohnes/Getty Images)

SAP cyberattack widens, drawing Salt Typhoon and Volt Typhoon comparisons

Multiple firms are tracking the zero-day attacks on Europe’s top software firm.

May 15, 2025 By Tim Starks

SonicWall headquarters — SonicWall’s headquarters in Milpitas, California. (Getty Images)

SonicWall customers confront resurgence of actively exploited vulnerabilities

The network security device vendor is making a regular appearance on CISA’s known exploited vulnerabilities catalog. Unlike its competitors, SonicWall hasn’t signed the secure-by-design pledge.

May 9, 2025 By Matt Kapko

North Korean operatives have infiltrated hundreds of Fortune 500 companies

Security leaders at Mandiant and Google Cloud say nearly every major company has hired or received applications from North Korean nationals working on behalf of the country’s…

Apr 30, 2025 By Matt Kapko

VulnCheck spotted 159 actively exploited vulnerabilities in first few months of 2025

The vulnerability threat intelligence firm’s research reinforces a slew of recent reports warning about increased exploits in 2024.

Apr 24, 2025 By Matt Kapko

The four most frequently exploited vulnerabilities were all contained in edge devices, such as VPNs, firewalls and routers. (Getty Images)

Attackers hit security device defects hard in 2024

Mandiant said exploits were the most common initial access vector last year, linking software defects to 1 in 3 attacks. The most commonly exploited vulnerabilities affected network…

Apr 23, 2025 By Matt Kapko