Despite evolving email threats, many organizations still rely on SEGs or outdated, attack-focused methods. These approaches can’t counter advanced, AI-driven attacks. The solution? Business-centric email security that understands users and inbox behavior, not just threats.

Darktrace investigated “PumaBot,” a Go-based Linux botnet targeting IoT devices. It avoids internet-wide scanning, instead using a C2 server to get targets and brute-force SSH credentials. Once inside, it executes remote commands and ensures persistence.

FlowerStorm is a phishing-as-a-service platform that leverages Adversary-in-the-Middle attacks to steal Microsoft 365 credentials and bypass MFA. Darktrace detected a SaaS compromise linked to FlowerStorm, identifying suspicious logins, password resets, and privilege escalation attempts, enabling early containment through AI-driven threat detection and response.

To quickly identify and respond to threats before damage occurs, this local government relies on Darktrace to improve network visibility, stop insider threats, protect its email systems, and accelerate incident investigations.

In today’s saturated market for email security, it can be difficult to cut through the noise of AI hype and vendor claims. CISOs should be using a structured evaluation framework to support informed, objective comparisons of different vendors – to allow them to make the best decision for their organization.

Darktrace uses AI-led OT, IoT, and IT Network Security to help secure maritime transportation systems. This blog describes some of the new mandated requirements by the USCG and demonstrates Darktrace’s security capabilities.

Darktrace's AI-driven tools identified and disrupted AsyncRAT activity, detecting suspicious connections and blocking them autonomously. This proactive response prevented the compromise from escalating and safeguarded sensitive data from exfiltration.

Darktrace / OT introduces IEC-62443 compliance reporting, expanded protocol visibility, and dynamic risk modeling, redefining how OT teams prioritize risks with contextual insights now additionally powered by firewall rule analysis and KEV scoring, all purpose-built to protect industrial operations and safety.

This blog outlines Darktrace's model-based anomaly detection and how security teams can leverage custom models for targeted threat hunts. Recently, Darktrace's Threat Research team applied this method in their report, "AI & Cybersecurity: The State of Cyber in UK and US Energy Sectors."

The biggest sources of risk in the cloud are misconfigurations, IAM failures, and infrastructure that is unprepared to handle cross-domain threats. Learn how AI-powered cloud security tools can help security teams identify and mitigate these risks.

In early 2025, Darktrace uncovered SocGholish-to-RansomHub intrusion chains, including loader and C2 activity, alongside credential harvesting via WebDAV and SCF abuse. Learn more about SocGholish and its kill chain here!

Discover why Darktrace is a launch partner for the Public Preview of Microsoft Azure Virtual Network Terminal Access Point (TAP).

Protecting against supply chain cyber-attacks means safeguarding not just your network, but your customers’ trust. Learn why securing vendor relationships is essential in today’s threat landscape.

Tycoon 2FA uses AiTM phishing and legitimate services to bypass MFA. Darktrace AI stopped it, read the blog to learn how Self-Learning AI detects sophisticated threats.

Learn how NDR and SASE solutions complement and interact with each other to create a robust network security strategy.

Docker is a prime target for malware, with new strains emerging daily. This blog explores a novel campaign showcasing advanced obfuscation and cryptojacking techniques.

Learn why EDR alone is not enough and how NDR uncovers and stops threats that disable or bypass endpoint security.

In a world of growing data volume and diversity, protecting and keeping track of your organization’s sensitive information is increasingly complex – particularly when 63% of breaches stem from malicious insiders or human error. This blog explores how security teams can achieve visibility beyond the limits of data classification, without adding to the burden of data management.

Learn how Darktrace’s DEMIST-2 embedding model delivers high-accuracy threat classification and detection across any environment, outperforming larger models with efficiency and precision.

Discover how Darktrace’s new DIGEST model enhances Cyber AI Analyst by using GNNs and RNNs to score and prioritize threats with expert-level precision before damage is done.

See how Darktrace Cyber AI Analyst™, an agentic AI virtual analyst, cuts through alert noise, accelerates threat response, and strengthens your security team — all without adding headcount.

Discover how anomaly detection deployed across core network segments delivers a more effective approach to ICS security.

Not only has Darktrace Federal achieved its FedRAMP High Authority to Operate, one of the few cybersecurity vendors to do this, but we have also released Darktrace Commercial Government Cloud High/Email, a FedRAMP High-compliant email security solution for customers using Microsoft Government Community Cloud High.

Darktrace detected an email bomb attack flooding inboxes with high volumes of messages, uncovering unusual email patterns and subsequent network anomalies.

While many internal teams contribute to general cloud hygiene, the security team has increasingly taken the lead on cloud security. Learn how AI-powered cloud detection and response tools can help these teams with new responsibilities.