Sophos Firewall v21.5 is now available
New innovations and top-requested features
Similar Posts
3rd Circuit Clarifies Scope of Computer Fraud Abuse Act With Employer’s Policies
Bys sRiley Brennan reports: The U.S. Court of Appeals for the Third Circuit clarified this week that an employee’s purported violations of workplace computer use policies cannot be criminalized under federal law as long as there is no evidence of hacking or violations of trade secrets. On Tuesday, the federal appellate court affirmed the U.S. District Court……
Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation
Bys sGrafana has released security updates to address a maximum severity security flaw that could allow privilege escalation or user impersonation under certain configurations. The vulnerability, tracked as CVE-2025-41115, carries a CVSS score of 10.0. It resides in the System for Cross-domain Identity Management (SCIM) component that allows automated user provisioning and management. First
Chinese APT Exploits BeyondTrust API Key to Access U.S. Treasury Systems and Documents
The United States Treasury Department said it suffered a “major cybersecurity incident” that allowed suspected Chinese threat actors to remotely access some computers and unclassified documents. “On December 8, 2024, Treasury was notified by a third-party software service provider, BeyondTrust, that a threat actor had gained access to a key used by the vendor to…
Trimble Cityworks Customers Warned of Zero-Day Exploitation
Bys sTrimble Cityworks is affected by a zero-day vulnerability that has been exploited in attacks involving the delivery of malware. The post Trimble Cityworks Customers Warned of Zero-Day Exploitation appeared first on SecurityWeek.
Webinar: Learn How to Identify High-Risk Identity Gaps and Slash Security Debt in 2025
Bys sIn today’s rapidly evolving digital landscape, weak identity security isn’t just a flaw—it’s a major risk that can expose your business to breaches and costly downtime. Many organizations are overwhelmed by an excess of user identities and aging systems, making them vulnerable to attacks. Without a strategic plan, these security gaps can quickly turn into…
TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise
Bys sTeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, a Kubernetes lateral movement toolkit, and a persistent backdoor. Multiple security vendors, including Endor Labs and JFrog, revealed that litellm versions 1.82.7 and 1.82.8 were published…