ZeroFox Blog posts | RSS Feed

Malicious Insider Threats: How Trusted Employees Turn Into Attackers

Casey Bjorn — Thu, 11 Jun 2026 10:31:03 GMT

TL;DR on Malicious Insiders What Are Malicious Insider Threats? Intentional, or malicious, insider threats represent a significant attack vector in which likely disgruntled employees compromise organizations by misusing access to sensitive networks and data or abusing advantageous positioning to enact harm against their employer. Unlike accidental insider threats, intentional insider threat actors take deliberate and […]

Malware Sandboxing for SOC Teams: How to Detonate Files and URLs Safely

Maddie Bullock — Wed, 10 Jun 2026 09:03:41 GMT

Most SOC shifts start the same way: a queue full of artifacts that might be malicious and not enough time to investigate every one deeply. A flagged attachment, a URL from a newly registered domain. Each one needs a verdict. Most are clean, but the one that isn’t could be the beginning of a breach, […]

Trust But Verif-AI: Because “Fine” Is Not an Answer

Neil Correa — Mon, 08 Jun 2026 11:31:18 GMT

Every parent knows the answer “fine” covers a lot of ground. It can mean things genuinely are fine. It can also mean a failed exam, a friendship falling apart, or a situation the child has already decided you don’t need to know about. The word is technically an answer, but it’s not information. A good […]

Security Threats at the 2026 FIFA World Cup: What Intelligence Reveals Before Kickoff

Maddie Bullock — Fri, 05 Jun 2026 11:19:16 GMT

Tickets for the 2026 FIFA World Cup are being sold on Telegram and credentials tied to fifa.com accounts are circulating on dark web marketplaces. A threat actor is even advertising server access allegedly linked to New York FIFA infrastructure. And the tournament hasn’t even started yet. The 2026 FIFA World Cup will be the biggest […]

Malware Attacks: More Than Just Ransomware

ZeroFox Team — Wed, 03 Jun 2026 10:08:05 GMT

Ransomware is all the buzz, but it isn’t the only malware attack. Take a closer look at malware to better understand the risks and how they work together.

Detonate Malware Safely: When to Sandbox, Block, or Escalate

Maddie Bullock — Wed, 27 May 2026 09:00:00 GMT

Every suspicious artifact that hits a SOC analyst’s queue forces the same decision: do I need to understand this before I act, or do I already know enough to act now? Get it wrong in one direction and you waste time analyzing something you should have blocked ten minutes ago. Get it wrong in the […]

How a Leading Airline Shut Down Social Impersonators and Phishing Comments in Under a Week

ZeroFox Team — Wed, 20 May 2026 11:16:38 GMT

A customer drops a frustrated comment under a post: “Can someone help me with my booking?” Within minutes, a “support” account replies with a friendly tone, a sense of urgency, and a link that definitely doesn’t belong there. It looks and sounds like customer service, but it’s not. In reality, it’s a scammer acting at […]

When Data Means Conversations and Code: How AI-Powered Adversaries Are Rewriting the Rules of Targeted Attacks

Neil Correa — Wed, 13 May 2026 10:10:04 GMT

For years, the security industry drew a fairly clear line around what “sensitive data” meant. Personal information, financial records, health data: the structured, regulated categories that compliance frameworks were built to protect. Encrypt it, tokenize it, and restrict access to it. The threat model was straightforward: if you protect the database, you protect the business. […]

When Phishing Takedowns Are Not Enough: ZeroFox vs. Netcraft for Enterprise Brand Protection

ZeroFox Team — Mon, 11 May 2026 08:56:33 GMT

Netcraft has been in the internet security game since 1995, and they’ve earned a credible reputation for fast phishing detection and domain phishing takedowns. If your primary concern is malicious domains, they bring speed, automation, and deep relationships with internet infrastructure providers. But modern brand abuse doesn’t stop at phishing sites. Threat actors now impersonate […]

How Malware Sandboxing Closes the Confidence Gap in External Threat Intelligence

Josh Mayfield — Thu, 07 May 2026 10:44:04 GMT

I’ve spent enough time in investigation queues to know what a bad workflow feels like. You get an alert. Something looks wrong. You already know it’s probably malicious, but “probably” doesn’t close a ticket or justify a takedown. You need confirmation. So you leave the platform, find the right tool, upload the file, wait, get […]

What We Feel Makes a Leader in the Gartner® Magic Quadrantᵀᴹ for Cyberthreat Intelligence Technologies

ZeroFox Team — Tue, 05 May 2026 09:21:38 GMT

The cyber threat intelligence market is evolving from pieced together systems to unified platforms. What used to be a landscape of necessary but siloed tools, one for digital risk protection, another for threat feeds, another for takedowns, is converging into a single discipline where discovery, validation, and disruption all need to work together. We think […]

PSI Regional Forecasts: Because Your Security Team Shouldn’t Be the Last to Know

Esmeralda Sayagues — Tue, 21 Apr 2026 09:50:54 GMT

ZeroFox PSI Regional Forecasts give security teams a monthly forward look at the threats most likely to affect their operations. Delivered directly in the ZeroFox platform, before incidents happen. The Problem With Reactive Security Most physical security programs run in the same loop: an incident happens, the team mobilizes, and an after-action report gets filed. […]

The Claude Mythos Problem: AI Vulnerability Scanning Has Trust Issues

Nico Flores — Mon, 20 Apr 2026 11:27:45 GMT

When frontier AI scanning capability lands inside organizations with competitive incentives and Anthropic’s oversight telemetry remains unspecified, the threat model gets a lot wider than jailbreakers and dark web exploit sellers. Anthropic’s announcement of Claude Mythos Preview landed the way most frontier AI milestones do: as a security story dressed in a safety narrative. The […]

Seeing Risk Isn’t Stopping Risk: What to Consider When Choosing an ASM Solution

Maddie Bullock — Wed, 08 Apr 2026 10:48:54 GMT

Your security team just got another report. Hundreds of exposed assets with dozens of flagged vulnerabilities. A dashboard full of findings, color-coded by severity, timestamped, and ready for review. None of them have been fixed yet. This is the reality for most SOC teams operating with an attack surface management tool today. Somewhere between “we […]

How to Quantify the Business Value of ZeroFox Threat Intelligence (And Why Forrester Did It For You)

Maddie Bullock — Wed, 01 Apr 2026 12:27:09 GMT

Let’s get the uncomfortable truth out of the way first: proving the value of threat intelligence is hard. Not because the value isn’t real, but because the best outcomes in security are the things that didn’t happen. There’s value in the avoided incidents. Takedowns that stopped a phishing campaign before it touched a single customer. […]

What the New NIST Secure DNS Deployment Guidance Means to Enterprises, According to a ZeroFox Expert

Carlos Alvarez — Thu, 26 Mar 2026 09:30:35 GMT

NIST’s updated guidance on secure DNS deployment has direct implications for how organizations protect their external digital presence. This is what you need to act on. The Domain Name System has long been treated as plumbing, like invisible infrastructure that just works. That perception is increasingly dangerous. In March 2026, the National Institute of Standards […]