Sophos researchers discovered that the Payouts King ransomware family deploys a fully hidden Alpine Linux VM via the open‑source QEMU emulator, allowing data theft, C2 communication, and tool deployment to remain invisible to host‑based antivirus and EDR solutions.
At RSAC 2026, analysts warned that AI is reshaping cybersecurity into two simultaneous battles—rebuilding defenses with AI and protecting AI systems themselves—while attack timelines have collapsed from nine days to thirty minutes, forcing defenders to rethink SOC operations, architecture, and readiness.
The report details how the GhostClaw/GhostLoader campaign leverages trusted GitHub repositories and AI‑assisted development workflows to deliver a multi‑stage macOS payload that steals credentials, contacts a single C2 domain, and establishes persistence, while providing blue‑team detection and mitigation guidance.
Ant Group’s “Aspect‑Fusion Intelligence” system, recognized as an outstanding cybersecurity case at the 2025 Beijing Cybersecurity Conference, leverages large‑model AI and expert knowledge to enhance threat detection, lower false positives, and improve explainability in large‑scale intrusion detection.
At the second Wuhan Cybersecurity Innovation Forum, Ant Group unveiled its AI‑powered "parallel security slice" approach for threat detection, detailing a multi‑layer defense system that leverages a DKCF framework, large‑model reasoning, and knowledge graphs to improve accuracy, reduce false alarms, and uncover unknown threats in complex digital enterprises.
The article details Ant Group’s security parallel aspect fusion AI solution, selected as an exemplary case at the 2024 World Intelligent Industry Expo, explaining its multi‑dimensional data collection, large‑model integration, baseline construction, knowledge‑graph generation, and superior threat‑detection performance.
This article explains how to enable Kubernetes audit logging, analyzes CDK‑based attack behaviors captured in audit logs, provides concrete detection rules for information collection, exploitation, and privilege escalation, and shares practical lessons learned when deploying audit‑driven security in cloud‑native environments.
The article explains how to enable Kubernetes audit logging and use its detailed fields—such as userAgent, responseStatus, requestURI, and object references—to detect CDK‑generated attacks and other threats like CVE‑2022‑3172, privilege escalation, and backdoor deployment, offering practical detection examples and security recommendations.
This article details the challenges, design choices, deployment steps, detection model creation, data processing, visualization, and future plans of JD Daojia's security operations platform, highlighting the use of Graylog, Elasticsearch, and MongoDB to achieve scalable, real‑time threat detection and response.
This article examines the security challenges of mobile apps, outlines common threat scenarios such as flash‑sale abuse and fake device attacks, and proposes a layered detection‑and‑defense framework that combines app‑side identification, device fingerprinting, scenario verification, and cloud‑based policy enforcement.
The article examines why conventional next‑generation firewalls (NGFW) struggle with sophisticated, unknown attacks, and explains how Huawei’s AI firewall leverages cloud‑trained and on‑premise unsupervised learning models, dedicated hardware, and encrypted‑traffic analysis to automatically detect and mitigate advanced threats across the attack chain.
This article explains how DNS, the Internet's core naming protocol, can be leveraged for large‑scale network measurement and security analysis, covering DNS hijacking metrics, NTP pool observations, passive DNS techniques, and the DNSMon threat‑detection system with practical insights and references.
This article explains how DNS data can be leveraged for both network measurement—such as quantifying global DNS hijacking and analyzing NTP pool servers—and security analysis, including threat detection with systems like DNSMon, highlighting the protocol’s growing importance for privacy, performance, and threat intelligence.
This article presents a comprehensive overview of DNS-based network measurement and security analysis, covering DNS fundamentals, hijacking metrics, NTP pool studies, passive DNS applications, and the DNSMon threat‑detection system, highlighting methods, findings, and practical implications for internet security.
This article explains practical methods for detecting account security threats—such as blacklisted, expired, or abnormal login behaviors—by analyzing Linux and Windows login logs, defining detection rules, and leveraging automated tools to generate timely alerts and reduce security risks.
A Cloud Access Security Broker (CASB) sits between cloud service consumers and providers to enforce security, compliance, and governance policies, offering visibility, data protection, threat detection, and control over shadow IT, with various deployment modes and integration options for modern cloud environments.
This guide explains why web log analysis is essential for security, demonstrates how to parse Apache logs, distinguishes normal from malicious requests, and provides practical Secsoso commands for business behavior statistics, traffic monitoring, and detecting attacks such as CC, SQL injection, file inclusion, and XSS.
JD Security’s Silicon Valley AI security scientist unveiled a novel container‑based sandbox at BlackHat Europe, detailing how contextual behavior analysis can detect and trace malicious code by leveraging lightweight containers, improving threat detection speed and accuracy for enterprise defenses.
This article examines Suning's evolution from a basic network‑operations unit to a comprehensive security ecosystem, detailing its organizational structure, protection platforms, integrated risk‑control mechanisms, big‑data threat perception system, and management processes that together safeguard its e‑commerce operations.
This article presents a detailed mind‑map of network security, covering introductory concepts, scanning and defense, monitoring, password cracking, deception attacks, denial‑of‑service, buffer overflow, web and trojan attacks, computer viruses, and future trends, each illustrated with explanatory images.
The article presents a comprehensive list of one hundred concrete web‑application security techniques—ranging from HTTP request analysis and token validation to WAF rule conversion, honeypot deployment, IP reputation checks, and response‑time monitoring—derived from the book “Web Application Defender's Cookbook” and illustrated with real‑world examples and tool references.
