Huntress

Weekend work, but we've seen compromises of SolarWinds WHD -- one especially gnarly case where threat actor set up:
1. Zoho Assist RMM
2. QEMU & Cloudflared
3. Velociraptor for C2
and a wild story (to tell more about soon 😎): an attacker controlled Elastic stack for exfil 🔗👇

⚠️ Huntress has been responding to an ongoing wave of high-severity Akira ransomware incidents originating from SonicWall devices.

Learn more about this active exploit and get an up-to-date list of indicators of compromise:

https://www.huntress.com/blog/exploitation-of-sonicwall-vpn?utm_source=twitter&utm_medium=social&utm_campaign=cy25-08-rr-multi-global-broad-all-sonicwall_vpn

Exposed RDP can lead to anything—even attempted ransomware attacks. Here’s what went down at this manufacturing business👇

CVE-2025-30406 - Critical Gladinet CentreStack & Triofox Vulnerability Exploited In The Wild!

We've got some post exploitation and detection opportunities for you:

#DFIR #threatintel #CTI

https://www.huntress.com/blog/cve-2025-30406-critical-gladinet-centrestack-triofox-vulnerability-exploited-in-the-wild

✅ Are you well versed in Linux?
✅ Do you understand Linux internals and eBPF?
✅ Do you like building out POCs?
✅ Do you understand cyber threats, how they manifest, how to investigate them, and forensic artifacts?
✅ Do you want to join a highly functioning team of top-notch researchers?

💥 Guess what? We have a job opening for a Principal Linux Researcher here at @huntress@infosec.exchange

Apply here:

👉 https://job-boards.greenhouse.io/huntress/jobs/6524934003