Secplicity Blog
Cybersecurity Headlines & Trends Explained
TimbreStealer Malware Targets Mexico Companies with Advanced Evasion Techniques
WatchGuard telemetry identified a campaign associated to TimbreStealer, which is known to target companies based in Mexico. This research, conducted by Euler Neto and Cristóbal Tárraga, describes behaviors similar to those observed in a previous campaign documented by Cisco Talos in 2024, which uses…
The WatchGuard Geopolitical Cyber Report: Iran-Affiliated Cyber-Espionage Against Global High-Value Organizations
TL;DR: Iran-linked MuddyWater, also known as Seedworm, is using trusted software, DLL side-loading, and legitimate tools to quietly spy on high-value organizations across manufacturing, aviation, finance, education, government, and public sector environments. This campaign is not focused on…
NoisyS0cks: Undocumented SOCKS5 Pivot Framework Giving Ransomware Affiliates a Foothold Inside Networks
The WatchGuard Attestation Team has uncovered an undocumented pivot framework written in Golang that opens a Smux-multiplexed SOCKS5-style pivot channel on each compromised host using one of two interchangeable transports: KCP-over-UDP with DTLS obfuscation or Noise-over-TCP with TLS obfuscation…
AI Export Controls, FortiBleed Credentials, and Windows Zero-Days: What Security Teams Should Take Away
Artificial intelligence, exposed edge devices, and vulnerability disclosure are colliding in ways that security teams can no longer treat as separate risks. In Episode 375 of The 443: Security Simplified, WatchGuard’s Marc Laliberte and Corey Nachreiner unpack three timely cybersecurity stories: the…
How MSPs Can Help APAC Businesses Strengthen Cyber Resilience
Cybersecurity across the Asia-Pacific region is becoming more complex, more urgent, and more business-critical. Small and midsized businesses are no longer asking whether they need stronger security. Increasingly, they are asking how quickly they can improve it, how much risk they can realistically…
DeadLock Ransomware Group Embeds Data Leak Site Within Ransom Note
The DeadLock ransomware operation has existed since mid-2025, with most of the first reported sightings in mid-July, according to ThreatScene. Their report mentioned the group “now conducts double extortion” following a subsequent analysis in September 2025, which revealed newer DeadLock payloads…