Blog
Threat intel
Patch Tuesday: April 2026 (Expel’s version)We're highlighting two critical CVEs, and we're also reviewing the Axios npm compromise from the end of March.
Threat intel | 4 min read
How AI is reshaping the threat landscape, and what our Q1 2026 data shows (part one)What Q1 2026 threat data shows about AI: how it's being used as bait and delivery—and the vectors defenders need to watch in Q2.
Rapid response | 1 min read
cPanel released a patch for a WebHost Manager (WHM) authentication bypass bugcPanel patched a critical WHM auth bypass already exploited in the wild. Here's what happened and what to do right now.
Product | 3 min read
What we built: April 2026Expel shipped two new threat hunts, AI-powered DUET and verify summaries, SentinelOne and Zendesk status syncing, and two new integrations in April.
Threat intel | 7 min read
Mythos found the canary. Here’s what’s in the mine.Expel Chief Technology Officer (CTO) Greg Notch sat down to discuss the real problem Anthropic Mythos is highlighting: patching governance.
Current events | 6 min read
How fast can AI generate a zero-day? What security teams need to knowAI can generate a zero-day exploit in under seven minutes for $2. Here's what that means for your detection and response program, and how to close the gap.
Rapid response | 1 min read
More supply chain compromises: Namaste, xinference, and moreSupply chain attacks are stealing cloud credentials via npm and PyPI. Here's what happened and what to do right now.
Threat intel | 21 min read
Inside Lazarus: How North Korea uses AI to industrialize attacks on developersExpel is tracking a North Korean (DPRK) state-sponsored APT group. This group is targeting Web3 developers to steal cryptocurrency and NFTs.
Rapid response | 1 min read
OAuth hijacked: How a third-party breach hit VercelA compromised third-party app gave attackers OAuth access to Vercel. Here's what Expel found hunting across customer environments—and what to do now.
Threat intel | 5 min read
Anthropic Mythos didn’t break your security. It found what was already broken.Anthropic Mythos didn't create new vulnerabilities. It just made them cheaper to find. Here's what defenders need to know.
Threat intel | 1 min read
Revisiting sound guidance: Countering the heightened threat of device code phishingDevice code authentication phishing bypasses MFA by exploiting a legitimate Microsoft feature. Here's how the attack works and how to stop it.
Threat intel | 4 min read
InstallFix: Not the application you were looking forInstallFix is a new watering hole attack we're seeing, and it leverages Claude Code as the lure. Here's what you need to know.
Threat intel | 3 min read
Patch Tuesday: April 2026 (Expel’s version)We're highlighting two critical CVEs, and we're also reviewing the Axios npm compromise from the end of March.