Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

How Rubrik Zero Labs Uses LLMs to Analyze Malware at Machine Speed with Amit Malik

Jan 20, 2026 By Rubrik In Rubrik
AI is changing how malware is built, and how it’s caught. In this episode, Caleb Tolin is joined by Amit Malik, Staff Security Researcher at Rubrik Zero Labs, to unpack how large language models are transforming malware analysis, enabling defenders to sift through thousands of samples and surface truly novel threats. From Chameleon malware abusing WSL to AI-generated attack code, this conversation explores what real data resilience looks like in an AI-driven threat landscape.
View Video

Ransomware, Bitcoin And Harsh Crypto Reality

Jan 19, 2026 By Razorthorn Security In Razorthorn
An estimated ninety eight percent of ransoms use cryptocurrency, with Bitcoin at the centre, which turns it into core infrastructure for extortion and fraud. The discussion questions positive impact, pointing to energy waste, slow transactions, fixed supply design and the likelihood of central banks adopting similar tech without those flaws.
View Video
safeaeon

Rondodox Botnet: Understanding a Low-Visibility Cyber Threat

Jan 16, 2026 By SafeAeon Inc. In SafeAeon
Rondodox is a botnet that operates quietly and causes damage over time. It does not flood networks with traffic or trigger obvious alerts. It continues to run in the background for extended periods without being detected. In most cases, botnets are found when something breaks, but Rondodox is different. It blends into normal activity and relies on low-noise communication. This is why detecting this botnet is difficult, even in environments with mature security tools.
Read Post
What Hackers Know About Fileless Malware (And You Should Too)

What Hackers Know About Fileless Malware (And You Should Too)

Jan 16, 2026 By SecuritySenses In SecuritySenses
Fileless malware doesn't rely on flashy exploits or obvious downloads, which is exactly why it works so well. Instead, it slips into systems quietly, using tools that already belong there. That makes it harder to notice and easier to underestimate. If you think security threats always arrive as suspicious files, you're already behind. Understanding how fileless attacks operate helps you spot warning signs earlier and adjust defenses before real damage starts.
Read Post
cyberark

UNO reverse card: stealing cookies from cookie stealers

Jan 15, 2026 By Ari Novick In CyberArk
Criminal infrastructure often fails for the same reasons it succeeds: it is rushed, reused, and poorly secured. In the case of StealC, the thin line between attacker and victim turned out to be highly exploitable. StealC is an infostealer malware that has been circulating since early 2023, sold under a Malware-as-a-Service (MaaS) model and marketed to threat actors seeking to steal cookies, passwords, and other sensitive data from infected computers.
Read Post
bluevoyant

Operation Repo Ruse

Jan 15, 2026 By Thomas Elkins and Joshua Green In BlueVoyant
BlueVoyant Security Operations Center (SOC) and Threat Fusion Cell (TFC) researchers identified an active campaign by the prolific threat actor Rift Brigantine (a.k.a. TA505, FIN11, and Graceful Spider). In this iteration, the actor is leveraging fraudulent GitHub repositories to distribute malicious batch script installers masquerading as legitimate IT and security software, including Microsoft Remote Desktop Connection Manager (RDCMan) and Palo Alto Networks GlobalProtect.
Read Post

Start Where You Are: Resilience in Healthcare Begins With Action

Jan 14, 2026 By Rubrik In Rubrik
In this episode of Building Cyber Resilience: A Healthcare Leader’s Guide, Josh Howell, Healthcare CTO at Rubrik, sits down with Heather Costa, Director of Technology Resilience at Mayo Clinic and Vice President at WiCyS Healthcare. Heather breaks down what it takes to build real resilience inside complex healthcare systems where downtime carries human consequences. She shares practical frameworks for prioritization, overcoming analysis paralysis, and aligning leadership around what matters when every minute counts.
View Video
securonix

SHADOW#REACTOR - Text-Only Staging, .NET Reactor, and In-Memory Remcos RAT Deployment

Jan 12, 2026 By Akshay Gaikwad, Shikha Sangwan, Aaron Beardslee In Securonix
The Securonix Threat Research team has analyzed a multi-stage Windows malware campaign tracked as SHADOW#REACTOR. The infection chain follows a tightly orchestrated execution path: an obfuscated VBS launcher executed via wscript.exe invokes a PowerShell downloader, which retrieves fragmented, text-based payloads from a remote host. These fragments are reconstructed into encoded loaders, decoded in memory by a .NET Reactor–protected assembly, and used to fetch and apply a remote Remcos configuration.
Read Post
Snyk

Beyond Detection: Building a Resilient Software Supply Chain (Lessons from the Shai-Hulud Post-Mortem)

Jan 8, 2026 By Liran Tal In Snyk
The Shai-Hulud npm supply chain incident was a wake-up call for the industry. The attack involved malicious packages containing hidden exfiltration scripts that targeted developers’ machines and CI environments. At Snyk, we watched this incident unfold in real-time, observing how quickly attackers can pivot from one compromised credential to a full-scale ecosystem infection.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.