Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Picture the first meeting after a serious security event. The Security Operations team is talking about alerts, detections, and lateral movement. Threat Intelligence is talking about adversary tradecraft and known campaigns. Governance and Risk is talking about control gaps, exposure, and business risk. And leadership? They only care about how bad this event is, and what the team is doing about it. Security teams often agree on the mission: deter and stop threat actors at all costs.

The rise of AI-driven vulnerability discovery using Anthropic's Claude Mythos, as well as similar tools from Google and OpenAI, is completely changing the calculus of cyber risk. The number of vulnerabilities is exploding. The time it takes for exploits to appear is shrinking. The patching cadences and scan intervals, assessments and risk registers that many organizations still rely on are rapidly becoming ineffective.

A few weeks ago we published the first part of this series where we described the infrastructure used by the RondoDox threat actors to scan and exploit vulnerable systems. In this second post we’ll take a deep dive into the malware that is deployed into vulnerable systems. Specifically, we’ll look at the initial implant used to fetch the RondoDox binary and the binary itself, detailing its behaviour, how it communicates with the Command and Control (C2), and its malicious capabilities.

Security compliance audits can feel intimidating, especially if your team has never been through one before. For many organizations, an audit feels like a high-pressure project with a hard deadline, a long list of evidence requests, and a lot of manual work spread across security, IT, legal, and compliance teams. For vendors and companies in highly regulated industries, audits and risk assessments may already be a routine part of doing business.

Risk is expanding faster than most organizations can measure it, communicate it, and act on it. The convergence of AI, an ever-expanding attack surface, and deep, often hidden supply chain risks—extending into third-, fourth-, and fifth-party connections—all pose strategic and material risks to companies. Security leaders are ultimately looking for better ways to identify risk, prioritize action, and support stronger risk decisions across the entire business ecosystem.

When people talk about AI security risks, the conversation usually starts with the model. Can it be jailbroken? Can someone get around the guardrails? Can an attacker make it say or do something it should not? Those are fair questions, but they are not the most important ones. The bigger risk is not the model on its own: it’s everything the model is connected to.

Phorpiex, also known as Trik, is a resilient and long-running botnet with a history dating back to 2011. While it has grabbed some headlines, its sustained presence and adaptability make it a subject of ongoing concern for the cybersecurity community. Phorpiex has consistently demonstrated its capability to evolve, shifting from a pure spam operation to a sophisticated platform.