This inaugural report covers seven years of data from the DBIR as well as additional Verizon information, providing an overview of the cyber-espionage landscape. (more available)

This report reflects on the key threats that emerged or expanded in the 4th quarter of 2020.

This report looks at the malware used by a group called Sunburst. It gives a detailed timeline of attacks, and the code used in them. (more available)

This report provides a look into FIN11, a financially motivated threat group that has conducted some of the largest and longest running malware distribution campaigns to date. (more available)

This report from Kaspersky explains changes in the threat landscape for industrial automation systems for the first half of 2020. It goes in detail on the variety of malware, the main threat sources, regional differences, and more. (more available)

Now in its sixth year, Sonatype’s State of the Software Supply Chain Report continues to examine measurable practices of secure open source software development and delivery. (more available)

This report sought to understand the health and security of Free and Open Source Software (FOSS) as it is today. It identifies the most commonly used free and open source software components in production applications, and examines them for potential vulnerabilities. (more available)

The annual report on trends in malware and hacked website from the incident response and malware research teams at GoDaddy Security /Sucuri. (more available)

A detailed technical analysis of the Kingminer botnet malware, including the C&C network, infection vectors, payload, and auxiliary components.

A survey-based report from March 2020 on the impacts of staff shortages in the cybersecurity industry. A special focus on remote work and COVID-19 impacts. (more available)

In the following report, Naikon describes the tactics, techniques, procedures and infrastructure that have been used by the Naikon APT group over the 5 years since the last report, and offer some insight into how they were able to remain under the radar. (more available)

The recent Chinese New Year ushered in the Year of the Rat, but from the perspective of the many corporations, government agencies and other organizations around the world who continue to be the targets of Advanced Persistent Threat (APT) groups acting in the interest of the Chinese government, recent years could aptly be described as the Decade of the RATs - Remote Access Trojans, that is. (more available)

FireEye Threat Intelligence assesses with high confidence that APT41 is a prolific cyber threat group that carries out Chinese state-sponsored espionage activity in addition to financially motivated activity potentially outside of state control. (more available)

With this common understanding in mind, we have taken a comprehensive look at previously disclosed activity that can now be attributed to the GRU. (more available)

Our 2019 Threat Research Report is a deep dive into our logs, experiences, and collected analysis. It summarizes and identifies the latest tactics, techniques, and procedures seen by the Malware Research team, Vulnerability Research team, Threat Intel Research team and Remediation Groups at Sucuri/GoDaddy. (more available)

This Spotlight report provides in-depth analysis of vulnerabilities and weaponization patterns across the entire family of Adobe products. By focusing on weaponization, we go beyond simply counting vulnerabilities, and instead reveal how popular software from a leading vendor becomes a beacon for attackers. (more available)

The purpose of this research is to provide a comprehensive description of the technical details and approach IOActive used to discover vulnerabilities affecting widely deployed radiation monitoring devices. (more available)

This report takes a look at the risk involved with third party cybersecurity issues.

From the report, “What does 2018 hold in store for the defenders? Unfortunately, more of the same security drama, according to Cybereason’s researchers and analysts. (more available)

In this whitepaper, they look at three categories of approaches taken by malware to evade sandboxes and explore techniques associated with each approach. (more available)

This report takes an inside look at the Cyber Security challenge for healthcare today and more specifically looks at the medical device security challenge. (more available)