Sophos X-Ops (incl. former Secureworks CTU)
sophos-xops · HIGH · active
https://www.sophos.com/en-us/blog
Sophos cross-team threat research. Sophos acquired Secureworks in 2025 → former Secureworks CTU research now publishes here (the legacy `secureworks-ctu` source ID was removed 2026-05-08 to avoid duplication). The sophos.com domain occasionally serves a 503 to non-browser TLS fingerprints; if WebFetch fails, retry once before falling back to https://news.sophos.com/en-us/category/x-ops/ . (v2.55: rss_url verified — use `python3 tools/fetch_source.py feed https://www.sophos.com/en-us/blog/feed?id=blt6f15f4f7deaf4242 [N]`) | 2026-06-01: feed silent / prior 503 (rotation-priority unrecovered) | 2026-06-20 full audit (v2.62): live=Y, drill=Y. FETCH → rss: python3 tools/fetch_source.py feed https://www.sophos.com/en-us/blog/feed?id=blt6f15f4f7deaf4242 5 — clean dated entries; then WebFetch per-article /en-us/blog/{slug} for body.. AVOID: Don't WebFetch the sophos.com root first — it has 503'd on non-browser TLS fingerprints. The documented feed is the reliable entry; it has recovered from the 2026-06-01 silent/503 state noted in sources.json..
Cited in 6 briefs
Citation cadence
Brief appearances per ISO week (7 weeks of coverage span, total 4).
- CTI Weekly Summary — 2026-W23 (1–7 June 2026)2026-W23
- CTI Weekly Summary — 2026-W20 (May 11 – May 17, 2026)2026-W20
- CTI Daily Brief — 2026-06-192026-06-19
- CTI Daily Brief — 2026-06-032026-06-03
- CTI Daily Brief — 2026-05-102026-05-10
- CTI Daily Brief — 2026-05-062026-05-06