From Recon to Mass Exploitation: Tracking CVE-2026-3055 Across 13 Days of Honeypot Telemetry

We tracked CVE-2026-3055 from preliminary signals through reconnaissance to mass exploitation - 13 days of honeypot telemetry showing how attackers prepare before public exploit code exists.

Sleeper Shells: How Attackers Are Planting Dormant Backdoors in Ivanti EPMM

A February 2026 campaign used a internal JSP path and in-memory Java class loaders to quietly seed persistent access across Ivanti EPMM deployments - then walked away. We break down the tradecraft.

React2Shell Exploitation: A Short Summary of Honeypot Activity

We've been tracking CVE-2025-55182 (React2Shell) across our honeypot network. From stealthy memory-only payloads to China-nexus threat actors and coinminers, here is the initial breakdown of the attack landscape.

SharePoint Exploit Intelligence with Honeypots

Combining honeypots with emergent vulnerability intelligence to discover attack trends before the public.

How to Detect VMware ESXi Exploitation

A concise, technical guide for SOC analysts covering credential-theft paths, CVEs and detection tips.

When Patching Doesn't Help - CVE-2015-2291 (Bring Your Own Vulnerable Driver)

Bring Your Own Vulnerable Driver Allows Attackers to Reintroduce Vulnerabiities to your Infra

Deception Plays A Large Role in NIST SP 800-160

Discover how NIST SP 800-160 promotes deception for building cyber resilience through a systems engineering view point.

Cyber Deception Has Use Cases You Aren't Thinking Of

This blog post explores three less standard use cases for cyber deception.

Uncovering a Crypto Turfwar with Cloud Decoys

Defused cloud decoys help discover an online cryptomining turf war. Explore how deception technologies broaden defender intelligence about adversary motivations.

What is Deception Technology

Deception technologies help security teams fight back by creating enticing decoy assets within their network that attackers can’t resist interacting with.

Cyber Deception VS Honeypots

Cyber deception and honeypots are related concepts, but often used interchangeably. This blog post points out the differences between the two.

Three Threat Vectors to Watch for in H2 of 2024

Three Threat Vectors to Watch for in the second half of 2024, and their deceptive countermeasures

Misconceptions of AI-Driven Attacks in Infosec

Attackers won't need magical new techniques to succeed. This should worry us.

Revisiting CVE-2021-34527, also known as PrintNightmare

Exploring how you can use older vulnerabilities as part of effective deception operations

Backlog Crisis at the National Vulnerability Database

The NVD is struggling with a backlog of thousands of unprocessed CVEs, impacting CPE to CVE mappings, and leaving defenders in the dark on the vulnerability risk potential of their assets.

Learnings From The Dispossessor Ransomware Leak

The malware repository VXUnderground recently released a large data leak from the ransomware group Dispossessor, containing all of their tools, manuals, procedures and more.

Leveraging Deception in Zero Trust

Deception contributes to achieving Zero Trust and defend from within the network perimeter.

Vulnerabilities Long Tail

While new vulnerabilities continue to be discovered at a staggering pace, attackers focus on a much broader temporal spectrum. After all, it does not really matter which vulnerability is exploited, and older exploits are usually broadly available and stable.