Sophos Emergency Incident Response is now available
The first service combining the power of Sophos and Secureworks.
Similar Posts
ThreatsDay Bulletin: AI Malware, Voice Bot Flaws, Crypto Laundering, IoT Attacks — and 20 More Stories
Bys sHackers have been busy again this week. From fake voice calls and AI-powered malware to huge money-laundering busts and new scams, there’s a lot happening in the cyber world. Criminals are getting creative — using smart tricks to steal data, sound real, and hide in plain sight. But they’re not the only ones moving fast….
Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API
Bys sA critical security vulnerability in Weaver (Fanwei) E-cology, an enterprise office automation (OA) and collaboration platform, has come under active exploitation in the wild. The vulnerability (CVE-2026-22679, CVSS score: 9.8) relates to a case of unauthenticated remote code execution affecting Weaver E-cology 10.0 versions prior to 20260312. The issue resides in the “/papi/esearch/data/devops/
7-Zip Vulnerability Lets Hackers Write Files and Run Malicious Code
Bys sDivya reports: A security vulnerability has been discovered in the popular 7-Zip file compression utility that could allow attackers to write arbitrary files to victim systems and potentially execute malicious code. The flaw, tracked as CVE-2025-55188, affects all versions of 7-Zip prior to the recently released version 25.01 and stems from improper handling of symbolic links……
SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation
Bys sSonicWall is alerting customers of a critical security flaw impacting its Secure Mobile Access (SMA) 1000 Series appliances that it said has been likely exploited in the wild as a zero-day. The vulnerability, tracked as CVE-2025-23006, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. “Pre-authentication deserialization of untrusted data…
New York Upgrades Its Firewall Against Cyberattacks
Bys sNew York State Senator Monica R. Martinez writes: The frequency and sophistication of cybersecurity attacks on state and local governments across the United States are on the rise, but now New York state has enacted legislation to ensure public entities’ responses to these incidents won’t glitch. Earlier this summer, Gov. Kathy Hochul signed S.7672A/A.6769A, sponsored by state…
Ex-Google Engineer Guilty of Stealing AI Tech for Chinese Firm
Bys sHere’s yet another example of the insider threat, and this time, Google was the victim. Isaiah Poritz reports that after a criminal trial in federal court in the Northern District of California, Linwei Ding has been found guilty of 14 counts of economic espionage and trade secrets theft. Ding, also known as Leon Ding, was……