GhostSocks is an emerging threat turning compromised devices into residential proxy nodes to help attackers evade detection. Darktrace identifies its growing use alongside Lumma Stealer, highlighting the malware’s stealth, payload delivery, and persistence. AI-driven detection and Autonomous Response reveal the full attack lifecycle and underscore the need for proactive defense.

This Darktrace / OT release introduces new capabilities designed to help industrial organizations better understand, document, and operationalize their operational environments. With native OT architecture visualization, structured asset and compliance reporting, and expanded industrial protocol coverage, this release focuses on improving how teams manage real operational security workflows.

This blog explores how the Darktrace’s ActiveAI Security Portal supports efficient, AI driven triage across customers and Partner deployments

Introducing the adaptive era of email security: a unified platform that connects personalized coaching, collaboration tools, and user behavior into a self-improving defense system.

ダークトレースはDarktrace / OTにおいて2026年度Gartner® CPS Protection Platforms部門のMagic Quadrant™ において唯一のVisionaryの評価を受けたことを喜んでお知らせいたします。

World Leaks, a rebrand of Hunters International, are known for their extortion-only attack model, abandoning the tactic of file encryption. However, contrary to these claims, Darktrace detected a World Leaks compromise where a ransomware payload was deployed, and customer data was encrypted.

NetSupport RAT is the malicious abuse of the legitimate NetSupport Manager remote administration tool. Originally designed for IT support, threat actors exploit it to gain unauthorized system access, exfiltrate data, and deploy malware or info‑stealers, turning trusted functionality into a dangerous attack vector.

Darktrace / Forensic Acquisition & Investigation automates cloud forensic analysis, enabling rapid investigation of compromised servers via Cloudypots honeypot data. It reveals attacker activity, highlights key events, decodes malicious payloads, and identifies malware campaigns like perfctl, helping defenders accelerate triage and understand cloud-based intrusion techniques.

A new exploitation wave targeting BeyondTrust products has emerged following disclosure of CVE‑2026‑1731. Darktrace is observing early malicious activity across customer environments and highlights the importance of proactive defenses.

ダークトレースは、React2Shellの脆弱性をエクスプロイトするAI/LLM生成によるマルウェアを自社のCloudypots環境内で検知しました。この事例は、LLM（Large Language Model：大規模原語モデル）支援の開発によって低スキルの攻撃者であっても効果的なエクスプロイトツールを迅速に作成できることを示しています。このブログではその攻撃チェーンとAIで生成されたペイロードを分析し、容易に入手可能なAIサイバー脅威がもたらす、防御上の問題の深刻化について解説します。

This blog explores a macOS phishing campaign that leverages social engineering, AppleScript loaders, and attempted abuse of the macOS’ TCC feature to gain privileged access. It highlights a broader trend: attackers increasingly exploit user trust rather than system vulnerabilities, using staged payload delivery and persistence techniques to maintain long‑term access.

his blog details how to unpack malware like SnappyBee, a modular backdoor linked to Salt Typhoon, revealing its custom packing, DLL sideloading, dynamic API resolution, and multi‑stage in‑memory decryption. It provides analysts with a step‑by‑step guide to extract hidden payloads and understand advanced evasion techniques by sophisticated malware strains.

ダークトレースは企業内のAIを防御する新製品をリリースします。 Darktrace / SECURE AIは組織をサイバー脅威や新たなリスクから保護する新時代を築く製品です。 完全な可視性、インテリジェントな動作の監視、リアルタイムコントロールを組み合わせることにより、企業内へのAIの安全な導入、管理、構築を可能にします。

This year, organizations have been racing to implement generative and agentic AI tools at a breakneck pace. Darktrace asked over 1,500 security leaders about how they’re navigating these rapid technology shifts – and the challenges and opportunities enterprise AI presents.

Darktrace detected a potential ClearFake‑related incident involving signs of EtherHiding activity and interactions with blockchain‑based infrastructure. A single device showed repeated suspicious command‑line behavior, primarily involving Microsoft HTML Application Host. The activity occurred over the course of a day and indicated early‑stage attempts to load malicious content associated with the ClearFake campaign.

金融機関が直面する脅威ランドスケープは、アイデンティティを利用した侵入、公開前のエクスプロイト、データ窃取優先型ランサムウェア、そしてクラウドとAIのガバナンスのブラインドスポット拡大などで形成されています。 本ブログでは、金融セクターのサイバーリスクを再定義しつつある主要な脅威および傾向について解説し、防御者が次に何に適応すべきかについて探ります。

Cybersecurity is no longer just an IT concern, but a business imperative shaped by AI-driven threats and accelerating risk. In this blog, Amel Edmond, CIO at the advisory, tax, and audit firm Withum, discusses his perspective on why AI is essential to modern cybersecurity and how he is building a security program designed for resilience, visibility, and scale with the help of Darktrace.

ダークトレースは、北朝鮮に関係すると思われる、韓国のユーザーを標的としたJSEベースのスピアフィッシングによる攻撃キャンペーンを検知しました。攻撃者は政府機関を装ったおとり文書を使ってVS Codeトンネルを展開し、信頼されるMicrosoftインフラ経由で隠れたリモートアクセスを可能にしました。この攻撃は、正規のツールを悪用して検知を免れ、永続的アクセスを維持しようとする攻撃の増加を裏付けています。

This blog breaks down how attackers rapidly weaponized the React2Shell vulnerability, with a particular focus on cloud‑native financial environments. Drawing on Darktrace’s honeypot research, it explores emerging threat actor tooling, exploitation timelines, and why behavioral‑anomaly‑led security is critical in today’s cloud landscape.

クラウドセキュリティはこれまで予防、ポスチャ管理、設定にかなりの重点が置かれてきました。しかし実際の攻撃はそこでは発生しません。 攻撃はランタイムにおいて、稼働中のワークロードやアイデンティティにわたって進行していきますが、そこでは可視性が限られており証拠が短時間で消滅します。 このブログではランタイムが保護すべき最もクリティカルなレイヤーである理由、動的なクラウドの挙動を攻撃者がどのように悪用しているか、なぜポスチャベースだけでは不十分かを紹介します。

Darktrace researchers observed threat actors exploiting reports of Venezuelan President Maduro’s arrest to deliver backdoor malware. Attackers often use ongoing world events make their malicious content appear more credible, increasingly the likelihood of a successful attack.

Medusa ransomware increasingly exploits remote monitoring and management (RMM) tools for persistence, lateral movement, and data exfiltration. This blog explores Medusa’s tactics, real-world detections, and how anomaly-based solutions with Autonomous Response can stop attacks.

AI is accelerating faster than governance can keep up, expanding attack surfaces and creating unseen risks. From data and models to AI agents and integrations, security starts by knowing what to protect. Discover how to identify AI-driven risks, so you can establish governance frameworks and controls that secure innovation without exposing the enterprise to new attack surfaces. 

毎年、ダークトレースのエキスパート達は、日々発生するインシデント、脆弱性、ニュースの動きを客観的に振り返り、脅威ランドスケープを形作るさまざまな力について考察することにより、これからの1年で最も重要になると思われるトレンドを調べ、発表しています。2026年に対する私たちの予測は次の通りです。

Modern data loss doesn’t always look like a regex match. It can look like everyday communication slightly out of context. Here’s how a domain specific language model paired with behavioral learning protects labeled and unlabeled data without slowing business down.