My IBM Log in Subscribe
Experiencing cybersecurity issues? Contact X-Force® to help.

IBM X-Force

Meet X-Force, IBM’s team of hackers, responders and researchers. Explore their latest on critical threats, vulnerabilities and incident response to help strengthen your offensive and defensive security practices.

Isometric illustration showing vulnerability detection in a data infrastructure
made for Think Newsletter

Stay ahead with the latest tech news

 

 

 

Weekly insights, research and expert views on AI, security, cloud and more in the Think Newsletter

 

Subscribe today

Browse the latest news

28 July 2025

Insights

Cyber Frontlines: Troy Bettencourt

Learn more about IBM’s team of experts who closely monitor and assess cybersecurity trends and insights. In this edition, meet Troy Bettencourt, Global Partner & Head of X-Force.

28 July 2025

Insights

Cyber Frontlines: Mark Hughes

Learn more about IBM’s team of experts who closely monitor and assess cybersecurity trends and insights. In this edition, meet Mark Hughes, Global Managing Partner, Cybersecurity Services for IBM.

28 July 2025

Insights

Cyber Frontlines: Claire Nuñez

Learn more about IBM’s team of experts who closely monitor and assess cybersecurity trends and insights. In this edition, meet Claire Nuñez, Creative Director at IBM X-Force Cyber Range.

28 July 2025

Insights

Cyber Frontlines: Erik Svanoe

Learn more about our team of experts who closely monitor and assess cybersecurity trends and insights, including discovering and ethically disclosing the latest vulnerabilities and threats affectin...

28 July 2025

Insights

Cyber Frontlines: Golo Mühr

Learn more about our team of experts who closely monitor and assess cybersecurity trends and insights, including discovering and ethically disclosing the latest vulnerabilities and threats affectin...

23 July 2025

News

Hive0156 continues Remcos campaigns against Ukraine

IBM X-Force is monitoring active Hive0156 Remcos Remote Access Trojan (RAT) campaigns targeting victims of Ukraine. Learn more about this threat.

22 July 2025

News

In the protobuf: Web browser artifacts using Google's data interchange format

Skip the nose clip and head straight for the diving bell in this descent into the murky depths of the Resource Prefetch Predictor web artifacts found within Chromium-based web browsers, in use on b...

10 July 2025

News

Hive0145 back in German inboxes with Strela Stealer and a backdoor

Hive0145, the threat actor known for delivering Strela Stealer to exfiltrate email credentials, is back to no good and now targeting Germany using malicious SVG files to download a simple reverse s...

3 July 2025

News

Identifying and abusing Azure Arc for hybrid escalation and persistence

Explore how Azure Arc can be identified in environments, misconfigurations in deployment can allow for privilege escalation, an overprovisioned Service Principal can be used for code execution and ...

2 July 2025

News

Reproducing a million-dollar bug: WhatsApp CVE-2019-11932 (with AFL & Frida)

Dive into research on a double-free vulnerability, CVE-2019-11932, in an image processing library used by WhatsApp and a GIF-processing vulnerability affecting Android mobile phones.

23 June 2025

News

Hive0154 aka Mustang Panda shifts focus on Tibetan community to deploy Pubload backdoor

China-aligned threat actor Hive0154 has spread numerous phishing lures in targeted campaigns throughout 2025 to deploy the Pubload backdoor. As of May 2025, X-Force noticed these attacks targeting ...

17 June 2025

News

Becoming the trainer: Attacking ML training infrastructure

Learn more about machine learning training environments and infrastructure, as well as different attack scenarios against critical components, including cloud compute, model artifact storage and mo...

6 June 2025

News

Cyberattack magnet? Unyielding threats plague the industrial sector

Threat actors have been heavily targeting the industrial sector in recent years. Learn more about why this industry is being targeted and what organizations can do to protect against these cyberatt...

3 June 2025

IBM X-Force Threat Analysis: DCRat presence growing in Latin America

IBM X-Force has been monitoring phishing email campaigns from Hive0131 pretending to be The Judiciary of Colombia and using fake notifications to Colombians of criminal proceedings to deliver malwa...

2 June 2025

Weaponized SVGs: Inside a global phishing campaign targeting financial institutions

Since the start of 2025, IBM X-Force has been tracking a phishing campaign targeting financial institutions worldwide, using weaponized Scalable Vector Graphics (SVG) files to initiate multi-stage ...

No results found