Threat Insight

Cybersecurity research and commentary on malware, user actions, and other threats to information security
April 07, 2016

Killing a Zero-Day in the Egg: Adobe CVE-2016-1019


Proofpoint security researchers discover a new exploit in the Magnitude EK that leads to a previously unreported vulnerability in Adobe Flash.

April 05, 2016

Phish Scales: Malicious Actor Combines Personalized Email, Variety of Malware To Target Execs

Matthew Mesa

Targeted and personalized emails combined with a variety of malware represent a new and sophisticated approach from a particular actor we’ve been tracking this year.

March 30, 2016

.om Is Not .com – Attackers Increasing Use of Typosquatting

Christopher Dawson

So-called "typosquatters" aren't just getting savvier - they have a whole new world of top-level domains to use to trick businesses and consumers into giving up their personal information.

March 18, 2016

Video Malvertising Bringing New Risks to High-Profile Sites

Proofpoint Staff

On March 13, 2016, Proofpoint researchers observed a large malvertising campaign hitting many highly-ranked websites including and many others. We also surmised (and later confirmed) that there was a video malvertising involved in this campaign. While such campaigns aren't new, this appears to be the first such documented campaign leading to an exploit kit.

March 17, 2016

Gone Tax Phishing ’til April 18th

Proofpoint Staff

Obfuscation, sophisticated lures, and well-written phishing kits combine to make this a risky tax season for unsuspecting filers.

March 14, 2016

Bank robbery in progress: New attacks from Carbanak group target banks in Middle East and US

Aleksey F, Darien Huss, Chris Wakelin, Chris I, and Proofpoint Staff

The Carbanak gang appears to be back, and Proofpoint researchers analyze the early stages of a campaign that could steal another billion dollars.

March 10, 2016

Death Comes Calling: Thanatos/Alphabot Trojan Hits the Market

Proofpoint Staff

Proofpoint researchers have identified a new Trojan with robust functionality from authors who also appear to be prepared to offer a complete ecosystem of tools for malicious actors.

March 04, 2016

Beyond Vanilla Phishing - Impostor Email Threats Come of Age

Christopher Dawson

Phishing isn't going anywhere - it's simply adapting to improved detection techniques to better target users and increase the payoffs from attacks.

March 01, 2016

Operation Transparent Tribe - APT Targeting Indian Diplomatic and Military Interests

Darien Huss

Proofpoint researchers uncover details about an advanced persistent threat against Indian diplomatic and military interests, centered around a remote access Trojan called MSIL/Crimson.


Stay Connected