Blog
Threat intel
Certified OysterLoader: Tracking Rhysida ransomware gang activity via code-signing certificatesTL;DR There’s an ongoing malicious ad campaign delivering a malware called OysterLoader, previously known as Broomstick and CleanUpLoader The malware is an initial access tool (IAT) that gets onto devices to run…
Product | 5 min read
How we use the Autotune algorithm in API pollingAutotune optimizes API data ingestion to improve polling efficiency and speed, resource consumption, and network request performance.
SOC | 7 min read
Stories from the SOC: Mystery of the postponed proxyware installA PowerShell alert revealed an attack chain using a download cradle and in-memory execution to install proxyware on a compromised system.
MDR | 3 min read
DORA and NIS2: what you need to know about today’s cybersecurity regulationsTwo new EU regulations—the Digital Operational Resilience Act (DORA) and Network and Information Security Directive 2 (NIS2)—are in effect.
MDR | 5 min read
Network and Information Security Directive (NIS2) compliance for businessesHere's what to know about the Network and Information Security Directive (NIS2), a new cybersecurity standard for EU essential services.
MDR | 6 min read
How the Digital Operations Resilience Act (DORA) will affect your businessHere's what you should know about The Digital Operations Resilience Act (DORA), a new cybersecurity standard for financial orgs in the EU.
Company news | 6 min read
Expel co-founder Justin Bajko transitions to new role as Chief Strategy OfficerJustin Bajko, previously Expel’s VP of Strategy and Business Development, is now Expel’s Chief Strategy Officer.
Product | 4 min read
New Ruxie AI power up: Identity Classification gives analysts a ‘gut check’ for identity alertsExpel AI has a new feature: Identity Classification. It triages and prioritizes alerts so analysts can spot identity threats faster.
Threat intel | 3 min read
Patch Tuesday: November 2025 (Expel’s version)This month, we're highlighting top critical vulnerabilities, including one zero-day and an update on Windows Server Update Services (WSUS).
Product | 4 min read
New Ruxie AI power-up: User context summary turns ‘who?’ into ‘what’s next?’User context summary is a new Expel AI power-up that automatically queries identity tools to gather relevant user details for an alert.
Product | 3 min read
Ruxie learned to think: Why our automation engine needed an AI brainWe've given Expel AI capabilities to Ruxie, our automation engine. Here's how it works, and how it benefits our customers.
Threat intel | 3 min read
Expel Quarterly Threat Report, Q3 2025: Threat intel recapHere's a refresher on the threat intel we shared throughout the third quarter of 2025. Catch up on what you missed.
Threat intel | 4 min read
Expel Quarterly Threat Report, Q3 2025: Q3 by the numbersPart I of our Quarterly Threat Report summarizes key findings and stats from Q3 of 2025. Learn what to focus on right now.