Michael Freeman
Michael Freeman is Head of Threat Intelligence at Armis. He brings more than 25 years of experience, with a background in cryptography, vulnerability research, reverse engineering and exploit writing. He has previously developed offensive and defensive capabilities for various intelligence agencies. Most recently, Michael was the Co-Founder and CTO of CTCI, which was acquired by Armis in February 2024.
Blogs by Michael Freeman
Priority-Zero Patching Event: React2Shell
Learn about the Critical (CVSS 10.0) Unauthenticated Remote Code Execution (RCE) vulnerability, tracked as CVE-2025-55182.
2026: The Year an Individual Operates Like a Nation-State
Michael Freeman shares his predictions for 2026 and about the future of decentralized cyber threats. AI is making advanced destructive capabilities accessible to anyone, blurring the lines of traditional cyber warfare.
Cyber Threat Trends: Living Off the Land (LOTL)
This blog details observed LOTL trends, technical specifics, and mitigation recommendations based on open-source intelligence and recent threat reporting.
Breaking Down Medusa Ransomware
This report provides insights from Armis Labs on Medusa ransomware, incorporating insights from multiple threat intelligence sources, including FBI, CISA, and MS-ISAC advisories.
Unpacking the Black Basta Leak
This blog analyzes the Black Basta leak, including its origins, Black Basta’s history, leaked chat messages, CVEs, GitHub repositories, and how researchers can use the data.