Blog
MDR
The Complimentary 2025 Gartner® Market Guide for Managed Detection & Response Services is here (and Expel is recognized, again)The 2025 Gartner® Market Guide for Managed Detection & Response Services is here, and Expel is recognized as a Representative Vendor again.
Threat intel | 6 min read
Certified OysterLoader: Tracking Rhysida ransomware gang activity via code-signing certificatesRhysida ransomware gang has been using code-signing certificates to validate their malware campaigns repeatedly. Here's the latest.
SOC | 4 min read
Stories from the SOC: The curious case of termination noticesOur new "Stories from the SOC" series shares real-world attacks we've seen and stopped. This one covers a phishing attack on a university.
Threat intel | 4 min read
Beyond alert management: How threat intelligence actually helps your SOCWe're expanding our dedicated threat intel function to provide our customers with smarter, faster, threat intelligence they can use.
Rapid response | 2 min read
Security alert: WSUS remote code execution vulnerabilityA critical WSUS vulnerability (CVE-2025-59287) is under active exploitation. Learn what happened, why to care, and how to protect your org.
Threat intel | 7 min read
Along for the ride: When legitimate software becomes a signed malware loaderAnalyzing a highly evasive malware loader that exploits legitimate, signed Greenshot software through DLL sideloading. See our detailed technical analysis.
Threat intel | 2 min read
Patch Tuesday: October 2025 (Expel’s version)This month, we're highlighting top critical vulnerabilities, including six zero-day vulnerabilities, and one in Cisco IOS.
Current events | 2 min read
Cybersecurity Awareness Month: Good reminders for the entire yearOctober is Cybersecurity Awareness Month. Here are four tips for staying secure this month (and the rest) at work and at home.
MDR | 3 min read
The Complimentary 2025 Gartner® Market Guide for Managed Detection & Response Services is here (and Expel is recognized, again)The 2025 Gartner® Market Guide for Managed Detection & Response Services is here, and Expel is recognized as a Representative Vendor again.
Threat intel | 6 min read
Cache smuggling: When a picture isn’t a thousand wordsWe recently observed an innovative campaign using the ClickFix attack tactic for cache smuggling. Here's what you need to know.
MDR | 3 min read
Stop counting integrations. Start counting what matters.With integrations and security, quantity is not the same as quality. Integration counts are a vanity metric that make you less secure.
Expel culture | 3 min read
How Expletives use AI in their day-to-day workExpel’s approach to AI is measured and thoughtful, but that doesn’t stop us from getting creative. Check out these ideas on using AI at work.
SOC | 3 min read
Stories from the SOC: When threats come from inside the houseMDR email coverage is more than just flagging spam to contain threats. Here's what happens when malicious emails come from within an org.