This blog examines a real-world Auto-Color malware attack that originated from the exploitation of CVE-2025-31324. Learn how Darktrace identified and contained the threat using AI-driven detection and response, with additional support from its expert analyst team.

Learn how Darktrace helps bridge the DFIR skills gap with user-friendly, cloud-native forensic tools that streamline investigations across complex, multi-cloud environments.

As AI reshapes the cybersecurity landscape, Darktrace’s Cyber AI Analyst automates early-stage investigations, mimicking human reasoning to detect and respond to threats at machine speed. This blog explores four real-world cases where it identified sophisticated threat actors, including nation-state adversaries.

A telecom company relies on Darktrace to uncover email threats other tools miss, save the team time on investigations, and enable 24/7 protection.

Learn about a recent Scattered Spider attack observed by Darktrace, comparing tactics with those seen in previous attacks. Widespread use of LOTL techniques alongside continued changes in TTPs such as their recent use of Ransomware-as-a-Service (RaaS) platforms can make it challenging for security teams to harden defenses.

This blog covers the five core capabilities that security teams should consider when evaluating a cloud forensics and incident response solution.

Darktrace’s latest research reveals that an evolving social engineering campaign continues to target cryptocurrency users through fake startup companies. These malicious operations impersonate AI, gaming, and Web3 firms using spoofed social media accounts and project documentation hosted on legitimate platforms like Notion and GitHub.

The AI Maturity Model for Cybersecurity is the most detailed guide of its kind, grounded in real use cases and expert insight. It empowers CISOs to make strategic decisions, not just about what AI to adopt, but how to do it in a way that strengthens their organization over time and achieves successful outcomes.

This blog examines three real-world cloud-based attacks in Azure and AWS environments, including credential compromise, data exfiltration, and ransomware detonation. Learn how Darktrace’s AI-driven threat detection and Autonomous Response capabilities help organizations defend against evolving threats in complex cloud environments.

SaaS security requires new methods to keep up with evolving threats and business infrastructure. In this blog, learn the top eight threats to identity security and how AI-based solutions can help.

Darktrace leverages AI-driven anomaly detection to identify cyber threats before public CVE disclosures. By analyzing behavioral patterns, Darktrace can help organizations detect and contain zero-day exploits early. This proactive approach strengthens cybersecurity posture against nation-state actors, ransomware gangs, and evolving threats across the threat landscape.

Since 2018, Blind Eagle has targeted Latin American organizations using phishing and RATs. Darktrace detected Blind Eagle activity on a customer network involving C2 connectivity, malicious payload downloads and data exfiltration. Without Autonomous Response, the attack escalated, highlighting the need for proactive detection and response defense to counter fast-evolving threats.

Darktrace and Microsoft have joined forces to enhance email security through a new integration, unifying threat response and quarantine capabilities. This collaboration strengthens defenses and streamlines visibility for security teams, reflecting a shared vision for proactive cyber protection.

A critical SAP vulnerability, CVE-2025-31324, allows unauthenticated remote code execution via NetWeaver Visual Composer. Despite early mitigation guidance, many systems remain exposed. Darktrace detected exploitation attempts six days before public disclosure, highlighting the importance of proactive, threat-agnostic detection.

An industry leading petrochemical manufacturer uses the Darktrace ActiveAI Security Platform to improve visibility, protect against supply chain attacks, and save the security team hundreds of hours of incident investigation.

Despite the growing popularity of hybrid environments, most organizations face challenges in achieving unified visibility between on-premises and cloud networks. AI-powered platform tools can bridge this gap in visibility to reduce detection and response times and simplify operations.

Darktrace detected a rogue Raspberry PI device that had been left by a Manufacturing customer’s vendor in the customer’s ICS network. The convergence between supply chain risk and insider risk highlights how important it is to implement continuous monitoring of the internal ICS network for proactive risk management.

ClickFix is a social engineering technique that exploits human error through fake prompts, leading users to unknowingly run malicious commands. Learn how Darktrace detects and responds to such threats!

The UK Government’s upcoming Cyber Security and Resilience Bill (CSRB) will modernise the UK’s 2018 NIS regime, extend regulatory duties to managed service providers and data‑centre operators, and tighten supply‑chain oversight. This blog explains the policy intent and outlines practical implications for service providers and enterprise security leaders.

Darktrace announces its Leader position in the inaugural Gartner® Magic Quadrant™ for Network Detection and Response (NDR).

Darktrace adds exploit prediction assessment to attack surface management with 6.3 update. Learn more about the latest innovations here.

Despite evolving email threats, many organizations still rely on SEGs or outdated, attack-focused methods. These approaches can’t counter advanced, AI-driven attacks. The solution? Business-centric email security that understands users and inbox behavior, not just threats.

Darktrace investigated “PumaBot,” a Go-based Linux botnet targeting IoT devices. It avoids internet-wide scanning, instead using a C2 server to get targets and brute-force SSH credentials. Once inside, it executes remote commands and ensures persistence.

FlowerStorm is a phishing-as-a-service platform that leverages Adversary-in-the-Middle attacks to steal Microsoft 365 credentials and bypass MFA. Darktrace detected a SaaS compromise linked to FlowerStorm, identifying suspicious logins, password resets, and privilege escalation attempts, enabling early containment through AI-driven threat detection and response.

To quickly identify and respond to threats before damage occurs, this local government relies on Darktrace to improve network visibility, stop insider threats, protect its email systems, and accelerate incident investigations.