Strengthening cyber resilience: Introducing Internal Attack Surface Management (IASM) for Sophos Managed Risk

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Gladinet CentreStack to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2025-30406 (CVSS score: 9.0), concerns a case of a hard-coded cryptographic key that could be abused to achieve…

Some of the biggest security problems start quietly. No alerts. No warnings. Just small actions that seem normal but aren’t. Attackers now know how to stay hidden by blending in, and that makes it hard to tell when something’s wrong. This week’s stories aren’t just about what was attacked—but how easily it happened. If we’re…

Today’s reminder that even when the government audits school districts and issues recommendations, they don’t necessarily implement them fully, leaving them still vulnerable. In September 2023, DataBreaches noted a June 2023 audit report on the Hilton Central School District in New York. This month, NYS Comptroller Thomas P. DiNapoli published the results of a follow-up……

The secret of success is consistency!

Sharon Otterman reports: A potential cyberattack continued for a second day to cause widespread computer system outages at Columbia University on Wednesday as the school’s engineers worked to investigate the problem and restore service. The attack, which began in the early morning hours on Tuesday, initially shut down all systems on the school’s Morningside campus…

Docker has released fixes to address a critical security flaw affecting the Docker Desktop app for Windows and macOS that could potentially allow an attacker to break out of the confines of a container. The vulnerability, tracked as CVE-2025-9074, carries a CVSS score of 9.3 out of 10.0. It has been addressed in version 4.44.3….