Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Chris Jacob, Field CISO, Securonix For years, security operations has been measured by effort. More alerts are reviewed. More logs are ingested. More tools are deployed. More dashboards are built. On paper, that can look like progress. In practice, many CIOs know better.

Securonix threat researchers have been tracking an ongoing campaign targeting French-speaking corporate environments through fake resumes. The campaign uses highly obfuscated VBScript file disguised as resume/CV documents, delivered through phishing emails. Once executed, the malware deploys a mutli-purpose toolkit that combines credential theft, data exfiltration, and Monero cryptocurrency mining for maximum monetization.

Security leaders are under pressure to reduce risk faster while proving value to the board and controlling costs as environments expand across cloud, identity, and SaaS. Traditional SIEM pricing models were not built for this reality. They charge equally for every gigabyte of data and often introduce unpredictable AI consumption costs, forcing security teams to manage budgets instead of focusing on risk.

Modern SOC teams are overwhelmed by volume, fragmented tools, and manual pivots. Here’s how integrated intelligence turns Tier 1 alerts into decisive, evidence-backed action without escalation. Security operations today are defined by scale, speed, and scrutiny. Tier 1 analysts face a constant stream of alerts, many of which lack context, prioritization, or clear indicators of impact. Every manual pivot between tools introduces delay. Every delayed verdict increases risk.

Securonix Threat Research analyzed a stealthy, multi-stage malware intrusion chain utilizing an obfuscated batch script (non.bat) to deliver multiple encrypted RAT shellcode payloads corresponding to XWorm, XenoRAT, and AsyncRAT.

Authors: Dheeraj Kumar and Nitish Singh The Monthly Intelligence Insights report provides a summary of top threats curated, monitored, and analyzed by Securonix Threat Labs in January 2026. The report also includes a synopsis of the threats, indicators of compromise (IoCs), tactics, techniques, and procedures (TTPs), and related tags. Each threat has a comprehensive summary from Threat Labs and search queries from the Threat Research team.

Most people don’t manage their personal finances by spending every dollar the same way. You don’t pay rent, groceries, retirement savings, and entertainment out of one undifferentiated bucket. You allocate intentionally covering daily necessities, protecting the future, and investing in things that improve quality of life. Yet that’s exactly how traditional SIEM pricing works. Every log costs the same. Every gigabyte is treated equally.

Security operations teams are facing a structural problem that tools alone cannot solve. Alert volumes continue to rise. Telemetry is fragmented across cloud, SaaS, identity, and endpoint environments. Experienced analysts are stretched thin, and hiring additional talent has become increasingly difficult. At the Same time, boards are demanding faster response, stronger governance, and clear proof that security investments are delivering measurable value. AI is often presented as the answer.

Security operations have never been more complex. Analysts face more alerts, more tools, and more pressure to make the right decision at the right moment. The work feels less like running a security program and more like trying to keep an orchestra in sync while each musician plays from a different sheet of music. This is the challenge Sam was created to solve. Sam, the Securonix AI SOC Analyst, acts like a skilled conductor guiding a symphony.

The 2025 Annual Cyber Threat Intelligence Report captures the year’s most impactful attack patterns across exploitation-led intrusion, advanced malware (including AI-assisted techniques), and the ongoing evolution of ransomware/RaaS economics.