Strand
HomeBuilt ForCase StudiesThreat IntelligenceLeadershipBlog
Sign inBook a demo
Strand

AI-powered digital forensics platform for rapid incident response and threat investigation.

Product

  • Built For
  • Case Studies
  • Leadership
  • Contact

Legal

  • Trust Center
  • Privacy Policy
  • Terms of Service

© 2026 Strand Intelligence. All rights reserved.

The Strand Blog

Insights & Analysis

Expert perspectives on digital forensics, incident response, and the evolving threat landscape. Stay informed with analysis from the Strand team.

9 articles

Project Glasswing: and what does it mean for DFIR?

On 7 April 2026, Anthropic announced Project Glasswing, a coordinated industry initiative built around a single, sobering finding: AI models can now...

Apr 13, 2026·6 min readRead
Threat Intelligence

Trivy / TeamPCP - How to check if you're exposed

Stay ahead of threats

Get the latest insights on digital forensics and incident response delivered to your inbox.

Get in Touch

Strand Intelligence has released a free, open-source scanner to detect exposure to the TeamPCP supply chain attack (CVE-2026-33634) — one of the most significant software supply chain compromises of 2026. If your organisation uses Trivy, GitHub Actions, LiteLLM, or any of 66+ compromised npm packages, run this tool to find out in minutes whether your credentials, infrastructure, or developer machines were affected.

Mar 25, 2026·5 min readRead

Europol, TycoonMFA and a quiet month for phishing attacks

Phishing attack volume dropped significantly in February 2026 following the disruption of Phishing-as-a-service platform Tycoon MFA.

Mar 5, 2026·14 min readRead
Threat Intelligence

Threat Actors using Mimecast to Evade M365 Forensics

In several recent Business Email Compromise (BEC) investigations, we have observed a subtle but important shift in attacker tradecraft: threat actors are leveraging Mimecast portals to further payment diversion fraud while avoiding traditional Microsoft 365 forensic review.

Mar 2, 2026·4 min readRead
Threat IntelligenceCase Studies

The VM Next Door: When Threat Actors Build Their Own Blind Spots

Recent DFIR cases have shown that the use to VMs for persistence is a concerning, hard to detect, effective persistence mechanism for threat actors.

Jan 13, 2026·14 min readRead
Threat IntelligenceRansomware

Know Your Adversary: Qilin

Summary Qilin is a double-extortion Ransomware-as-a-Service (RaaS) that steals data first, then encrypts at scale across Windows, Linux and VMware ESXi. Recent...

Jan 5, 2026·3 min readRead
Industry News

What your SOC isn't telling you (but should)

Forensics isn't deployed enough because it never scaled well. It's time to revisit how incidents are investigated.

Jan 5, 2026·7 min readRead
Threat IntelligenceRansomware

Know Your Adversary: SafePay

Summary SafePay is a double-extortion ransomware that steals data before encrypting it, appending “.safepay” to files and dropping the note readme_safepay.txt....

Jun 14, 2025·3 min readRead
Threat IntelligenceRansomware

Know Your Adversary: Akira

Summary Akira is a double-extortion ransomware operation that steals data first, then encrypts it, pressuring victims with both operational outage and public...

May 26, 2025·4 min readRead