https://redcanary.com/threat-detection-report/
Welcome to the Red Canary Threat Detection Report
Mar 25, 2026 - Our Threat Detection Report takes a close look at the top techniques, threats, and trends to help security teams focus on what matters most.
red canary threatwelcomedetectionreport
https://redcanary.com/threat-detection-report/techniques/process-injection/
Process Injection - Red Canary Threat Detection Report
Mar 17, 2025 - Process Injection enables adversaries to execute potentially suspicious processes in the context of seemingly benign ones.
red canary threatprocessinjectiondetectionreport
https://redcanary.com/threat-detection-report/techniques/powershell/
PowerShell | Red Canary Threat Detection Report
Mar 16, 2026 - Adversaries abuse the Windows automation and configuration management framework (PowerShell) to execute commands, evade defenses, and more.
red canary threatpowershelldetectionreport
https://redcanary.com/threat-detection-report/threats/rose-flamingo/
Rose Flamingo - Red Canary Threat Detection Report
Mar 14, 2025 - Rose Flamingo relies on search engine optimization (SEO) poisoning to trick victims into infecting themselves.
red canary threatroseflamingodetectionreport
https://redcanary.com/threat-detection-report/trends/vulnerabilities/
Software Vulnerabilities | Red Canary Threat Detection Report
Mar 16, 2026 - In 2025, Red Canary tracked vulnerabilities in software such as Fortinet FortiClient EMS, ScreenConnect, and various VPN products.
red canary threatsoftware vulnerabilitiesdetectionreport
https://redcanary.com/threat-detection-report/trends/adversary-emulation-testing/
Adversary Emulation & Testing - Red Canary Threat Report
Mar 14, 2025 - More than a quarter of Red Canary’s customers performed some kind of testing or adversary emulation in 2023.
red canary threatadversaryemulationtestingreport
https://redcanary.com/threat-detection-report/threats/cobalt-strike/
Cobalt Strike - Red Canary Threat Detection Report
Mar 17, 2025 - Cobalt Strike is a favorite C2 tool among adversaries, as many rely on its functionality to maintain a foothold into victim organizations.
red canary threatcobaltstrikedetectionreport
https://redcanary.com/threat-detection-report/trends/crypters/
Crypters-as-a-Service - Red Canary Threat Detection Report
Mar 14, 2025 - In 2021, crypters like HCrypt and Snip3 joined the ranks of other “as-a-Service” threats, often delivering remote access trojans (RAT).
red canary threatservicedetectionreport
https://redcanary.com/threat-detection-report/threats/raspberry-robin/
Raspberry Robin - Red Canary Threat Detection Report
Mar 14, 2025 - Discovered by Red Canary in 2021, Raspberry Robin is an activity cluster spread by external drives that leverages Windows Installer.
red canary threatraspberry robindetectionreport
https://redcanary.com/threat-detection-report/threats/silver-sparrow/
Silver Sparrow - Red Canary Threat Detection Report
Mar 14, 2025 - Silver Sparrow is a macOS activity cluster with fully functional distribution methods and infrastructure but no final payload.
red canary threatsilversparrowdetectionreport
https://redcanary.com/threat-detection-report/techniques/ingress-tool-transfer/
Ingress Tool Transfer | Red Canary Threat Detection Report
Mar 16, 2026 - Ingress Tool Transfer is a technique adversaries leverage to bring their own external tools into a compromised network.
red canary threatingresstooltransferdetection
https://redcanary.com/threat-detection-report/threats/field-guide/
Field Guide to Color Bird Threats | Red Canary Threat Report
Mar 16, 2026 - Read our field guide to “color birds,” what we call fledgling activity clusters we’ve named after tracking patterns of malicious behavior.
red canary threatfield guidecolorbirdthreats
https://redcanary.com/threat-detection-report/trends/initial-access/
Initial Access | Red Canary Threat Detection Report
May 3, 2025 - Sketchy CAPTCHAs, fake updates, social engineering, and more; Adversaries continued their masquerading, tricking users throughout 2024.
red canary threatinitialaccessdetectionreport
https://redcanary.com/threat-detection-report/threats/bazar/
Bazar Malware - Red Canary Threat Detection Report
Mar 14, 2025 - Bazar malware spawned a number of ransomware infections in 2021, often spreading via delivery affiliates such as TA551 and BazaCall.
red canary threatbazarmalwaredetectionreport
https://redcanary.com/threat-detection-report/trends/rmm-tools/
What Is an RMM Tool? Security Risks Explained | Red Canary Threat Detection Report
May 26, 2026 - Discover why remote monitoring and management tools are increasingly appearing in real-world attack chains. Read the latest research.
red canary threatsecurity risksrmmtoolexplained
https://redcanary.com/threat-detection-report/threats/bloodhound/
BloodHound - Red Canary Threat Detection Report
Mar 14, 2025 - BloodHound is an open source tool that provides visibility into Active Directory environments and is a precursor to follow-on activity.
red canary threatbloodhounddetectionreport
https://redcanary.com/threat-detection-report/techniques/obfuscated-files-information/
Obfuscated Files or Information | Red Canary Threat Report
Mar 16, 2026 - Obfuscated files or information empower adversaries to perform malicious actions that would be trivial to prevent, detect, or mitigate.
red canary threatfilesinformationreport
https://redcanary.com/threat-detection-report/trends/webshells/
Common Web Shells - Red Canary Threat Detection Report
Mar 14, 2025 - In 2021, adversaries exploited web applications with help from web shells such as China Chopper, Godzilla, and Behinder.
red canary threatcommon webshellsdetectionreport
https://redcanary.com/threat-detection-report/techniques/
Top ATT&CK® Techniques | Red Canary Threat Detection Report
red canary threattopatttechniquesdetection
https://redcanary.com/threat-detection-report/threats/
Top Cyber Threats | Red Canary Threat Detection Report
Mar 16, 2026 - See the top cyber threats Red Canary detected most frequently across our customers' environments in 2025.
red canary threattop cyberthreatsdetectionreport
https://redcanary.com/resources/guides/threat-detection-report-exec-summary/
Executive Summary: 2026 Red Canary Threat Detection Report
Mar 18, 2026 - Download an executive summary of our 2026 Threat Detection Report with key findings about top cyber threats, techniques, and trends.
red canary threatexecutive summarydetectionreport
https://redcanary.com/threat-detection-report/techniques/rundll32/
Rundll32 | Red Canary Threat Detection Report
Mar 14, 2025 - Adversaries use Rundll32, a native Windows process, to execute malicious code through DLLs, often to bypass application controls.
red canary threatdetectionreport
https://redcanary.com/threat-detection-report/trends/affiliates/
Malware Affiliates - Red Canary Threat Detection Report
Apr 4, 2026 - The threat landscape continues to move toward a software-as-a-service (SaaS) economy with malware affiliates at the helm.
red canary threatmalwareaffiliatesdetectionreport
https://redcanary.com/threat-detection-report/trends/ransomware/
Ransomware Trends | Red Canary Threat Detection Report
Mar 31, 2026 - In 2025, ransomware operations adopted aggressive social engineering techniques and moved to exfiltration-only extortion schemes.
red canary threatransomwaretrendsdetectionreport
https://redcanary.com/threat-detection-report/threats/gootloader/
Gootloader | Red Canary Threat Detection Report
Mar 16, 2026 - A common entry point into enterprises for Cobalt Strike, Gootloader is a JScript-based malware family that leverages SEO poisoning.
red canary threatdetectionreport
https://redcanary.com/threat-detection-report/threats/yellow-cockatoo/
Yellow Cockatoo - Red Canary Threat Detection Report
Mar 14, 2025 - Yellow Cockatoo is an activity cluster involving a remote access trojan (RAT) that filelessly delivers various other malware modules.
red canary threatyellowcockatoodetectionreport
https://redcanary.com/threat-detection-report/techniques/scheduled-task/
Scheduled Task | Red Canary Threat Detection Report
Mar 16, 2026 - Scheduled tasks allow adversarial persistence and execution behaviors to blend in with activity from native tools and third-party software.
red canary threatscheduledtaskdetectionreport