Skip to main content

Nebulock Blog

Insights, research, and more in threat hunting and proactive secops.

Vespyr: Your Autonomous Hunter

Autonomous hunting means the agent doesn't wait for a user directive. It monitors global intelligence, determines what's relevant to your environment, scopes and executes the hunt, and delivers findings without anyone having to kick it off. The human reviews, validates, and acts. The agent does everything before that.

Product
Read More
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
February 18, 2026

Hunting the Notepad++ Update Hijack

Software supply chain attacks have shifted from occasional, high-profile incidents into a repeatable and increasingly preferred intrusion technique and the Notepad++ incident is the latest evolution. This gives hunters a case for looking at deviations from behavioral baselines.

Hunt Mode
Read More
February 9, 2026

Nebulog: What's New in Nebulock

The latest Nebulock product updates: Insights, integrations, additional detection, SOC 2 Type 2, and more.

Product
Read More
February 3, 2026

Hunting OpenClaw and Agentic AI Through Behavior

This Hunt Mode breaks down the behaviors that give away OpenClaw (formerly ClawdBot / MoltBot), regardless of how it is packaged, renamed, or delivered.

Hunt Mode
Read More
January 28, 2026

coreSigma: Developing an Endpoint Security Framework Pipeline

The need for standardized macOS detection capabilities is clear. Based on the response to introducing coreSigma, we wanted to make it even easier for the community to gain additional macOS observability and implement their own macOS detections in their environment. That’s why we’ve made coreSigma publicly available in the Nebulock GitHub repository.

Research
Read More
January 15, 2026

Hunting DigitStealer: Behaviors That Give Away macOS Infostealers

DigitStealer is the next evolution of macOS malware evolution. This breakdown outlines the behaviors to observe to properly hunt for it in your environment.

Hunt Mode
Read More
December 17, 2025

CVE-2025-55182: Finding Behaviors That Give Away React Server Components RCE

Breakdown of the hunt for the malicious behaviors in CVE-2025-55182, a pre-authentication exploit that bypasses most traditional web app firewalls and signature-based controls.

Hunt Mode
Read More
December 10, 2025

The Agentic Threat Hunting Framework

Give your threat hunting program memory and agency.

Research
Read More
November 10, 2025

Vibe Hunting: Outcome-Driven Threat Hunting

Vibe Hunting is the meeting of human intuition with machine reasoning. Agents built by hunters to democratize threat hunting. Not just another co-pilot or AI overlay, but an enabler for security teams to add threat hunting to their skillset whether there’s dedicated threat hunters or not.

Product
Read More
November 6, 2025

coreSigma: Expanding Sigma Detection for macOS

coreSigma, a macOS endpoint telemetry collection, detection, and analysis app built with the primary goal of extending Sigma's capabilities for macOS ESF and UL logs. Learn how coreSigma expands visibility and ways take a more proactive approach to macOS threat detection and response.

Research
Read More
August 13, 2025

Why I Joined Nebulock

Read More
July 29, 2025

Introducing Nebulock: Agentic Threat Hunting for Everyone

We've launched the first autonomous threat hunting platform to democratize threat hunting for all security teams.

Company
Read More

Find hidden threats between the layers

Beacuse breaches happen in silence

Get a Demo