IBM X-Force

Kyri Lea and Elizabeth Christensen have developed m-Ray, an automated vulnerability scanner for IBM mainframes running the z/OS operating system.

The X-Force Red team was able to breach a hardened external perimeter and gain code execution to an on-premises SQL server, resulting in full Active Directory compromise. Learn how they did it, and...

The 2025 X-Force Threat Intelligence Index is out, and it shows that attackers are still actively stealing and selling user identities. Learn more about that and other relevant threats.

IBM X-Force observed Hive0148 spreading the Grandoreiro banking trojan to users in Mexico and Costa Rica. Learn more about this phishing and Malware-as-a-Service campaign.

The IBM X-Force Red team covers the fundamentals of COM and DCOM, dives into the RunAs setting and why authentication coercions are impactful and introduces a new credential harvesting tool - Remot...

IBM X-Force discovered a set of previously unknown malware used in a cyber espionage attack against an entity within Ukraine’s defense sector in the first half of 2024. Unpack the analysis.

New research from IBM X-Force Red has led to the development of a proof-of-concept fileless lateral movement technique by abusing trapped Component Object Model (COM) objects. Get the details.

Microsoft offers a bug bounty for qualifying bypasses into Windows Defender Application Control. Learn how IBM's X-Force team found a bypass using Loki C2.

Broadcom has released a security bulletin, VMSA-2025-0004, addressing and remediating three vulnerabilities that, if exploited, could lead to system compromise.

Due to modern defensive solutions, targeted and large-scale enumeration of Active Directory (AD) environments has become increasingly detected. Learn more on that and a new tool to help fight it.

Hugging Face announced the release of smolagents, a lightweight framework for building AI agents. However, X-Force discovered a vulnerability and Hugging Face was quick to implement a fix. Learn mo...

Learn how red teams can modernize their use of .NET assemblies using CLR customizations.

A recent CISA red team assessment of a United States critical infrastructure organization revealed systemic vulnerabilities in modern cybersecurity.

With the rush to implement AI across organizations came the increase in the use of MLOps platforms and a greater risk of attack. Learn more about MLOps platforms and how threat actors are using them.

At the end of 2024, we've reached a moment in AI development where government involvement can help shape the trajectory of this pervasive technology.