Reports

Hosted by The DFIR Report

TechnologyInterviews guests

Website RSS feed

Episodes

Latest episode

Feb 2026

Language

About the show

The Digital Forensics and Incident Response (DFIR) Report. Real Intrusions by Real Attackers, The Truth Behind the Intrusion. A new report comes out every month! Read the rest of the reports at https://thedfirreport.com/. In addition to our publicly available reports, we provide a range of specialized services to meet your needs, such as private reports, Command and Control tracking, personalized mentoring, and access to an exclusive detection ruleset. Explore our comprehensive offerings on our Services page at https://thedfirreport.com/services/.

Listen to episodes

26 recent

February 23, 20265 min

Apache MQ Exploit Leads to LockBit Ransomware

Report: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/2026/02/23/apache-activemq-exploit-leads-to-lockbit-ransomware/Contact Us: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/contact/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

November 17, 20256 min

Cat's Got Your Files: Lynx Ransomware

Report: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/2025/11/17/cats-got-your-files-lynx-ransomware/Contact Us: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/contact/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Services: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/services/⁠⁠⁠⁠⁠⁠⁠⁠

September 29, 20256 min

From a Single Click: How Lunar Spider Enabled a Near Two-Month Intrusion

Report: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/2025/09/29/from-a-single-click-how-lunar-spider-enabled-a-near-two-month-intrusionContact Us: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/contact/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Services: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/services/⁠⁠⁠⁠⁠⁠⁠

September 8, 20256 min

Blurring the Lines: Intrusion Shows Connection With Three Major Ransomware Gangs

Report: ⁠⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/2025/09/08/blurring-the-lines-intrusion-shows-connection-with-three-major-ransomware-gangs/Contact Us: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/contact/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Services: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/services/⁠⁠⁠⁠⁠⁠⁠

June 30, 20255 min

Hide Your RDP: Password Spray Leads to RansomHub Deployment

Report: ⁠⁠⁠⁠https://thedfirreport.com/2025/06/30/hide-your-rdp-password-spray-leads-to-ransomhub-deploymentContact Us: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/contact/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Services: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/services/⁠⁠⁠⁠⁠⁠⁠

June 16, 202538 min

DFIR Discussions: Another Confluence Bites the Dust: Falling to ELPACO-team Ransomware

We dive into our latest public report with Randy Pargman, Jake Ouellette, Kostas T., and Mangatas Tondang.Report: https://thedfirreport.com/2025/05/19/another-confluence-bites-the-dust-falling-to-elpaco-team-ransomware/Contact Us: ⁠⁠⁠⁠⁠https://thedfirreport.com/contact/⁠⁠⁠⁠⁠Services: ⁠⁠⁠⁠⁠https://thedfirreport.com/services/⁠⁠⁠⁠⁠Music by FASSounds from Pixabay

May 19, 20256 min

Another Confluence Bites the Dust: Falling to ELPACO-team Ransomware

Report: ⁠https://thedfirreport.com/2025/05/19/another-confluence-bites-the-dust-falling-to-elpaco-team-ransomware/Contact Us: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/contact/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Services: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/services/⁠⁠⁠⁠⁠⁠

April 28, 20253 min

Navigating Through The Fog

Report: ⁠https://thedfirreport.com/2025/04/28/navigating-through-the-fog/Contact Us: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/contact/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Services: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/services/⁠⁠⁠⁠⁠⁠

March 31, 20256 min

Fake Zoom Ends in BlackSuit Ransomware

Report: https://thedfirreport.com/2025/03/31/fake-zoom-ends-in-blacksuit-ransomware/Contact Us: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/contact/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Services: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/services/⁠⁠⁠⁠⁠

February 24, 20255 min

Confluence Exploit Leads to LockBit Ransomware

Report: https://thedfirreport.com/2025/02/24/confluence-exploit-leads-to-lockbit-ransomwareContact Us: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/contact/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Services: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/services/⁠⁠⁠⁠⁠