News

What happens when a cybersecurity company gets phished?

Bys s September 22, 2025

A Sophos employee was phished, but we countered the threat with an end-to-end defense process

News

GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers
Bys s March 14, 2026

Cybersecurity researchers have flagged a new iteration of the GlassWorm campaign that they say represents a “significant escalation” in how it propagates through the Open VSX registry. “Instead of requiring every malicious listing to embed the loader directly, the threat actor is now abusing extensionPack and extensionDependencies to turn initially standalone-looking extensions into transitive

Read More GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers
News

New PathWiper Data Wiper Malware Disrupts Ukrainian Critical Infrastructure in 2025 Attack
Bys s June 6, 2025

A critical infrastructure entity within Ukraine was targeted by a previously unseen data wiper malware named PathWiper, according to new findings from Cisco Talos. “The attack was instrumented via a legitimate endpoint administration framework, indicating that the attackers likely had access to the administrative console, that was then used to issue malicious commands and deploy…

Read More New PathWiper Data Wiper Malware Disrupts Ukrainian Critical Infrastructure in 2025 Attack
News

Linux-Based Lenovo Webcams’ Flaw Can Be Remotely Exploited for BadUSB Attacks
Bys s August 9, 2025

Cybersecurity researchers have disclosed vulnerabilities in select model webcams from Lenovo that could turn them into BadUSB attack devices. “This allows remote attackers to inject keystrokes covertly and launch attacks independent of the host operating system,” Eclypsium researchers Paul Asadoorian, Mickey Shkatov, and Jesse Michael said in a report shared with The Hacker News. The

Read More Linux-Based Lenovo Webcams’ Flaw Can Be Remotely Exploited for BadUSB Attacks
News

First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials
Bys s February 11, 2026

Cybersecurity researchers have discovered what they said is the first known malicious Microsoft Outlook add-in detected in the wild. In this unusual supply chain attack detailed by Koi Security, an unknown attacker claimed the domain associated with a now-abandoned legitimate add-in to serve a fake Microsoft login page, stealing over 4,000 credentials in the process….

Read More First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials
News

Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)
Bys s July 11, 2025

Fortinet has released fixes for a critical security flaw impacting FortiWeb that could enable an unauthenticated attacker to run arbitrary database commands on susceptible instances. Tracked as CVE-2025-25257, the vulnerability carries a CVSS score of 9.6 out of a maximum of 10.0. “An improper neutralization of special elements used in an SQL command (‘SQL Injection’)…

Read More Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)
News

The Ultimate MSP Guide to Structuring and Selling vCISO Services
Bys s February 19, 2025

The growing demand for cybersecurity and compliance services presents a great opportunity for Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) to offer virtual Chief Information Security Officer (vCISO) services—delivering high-level cybersecurity leadership without the cost of a full-time hire. However, transitioning to vCISO services is not without its challenges

Read More The Ultimate MSP Guide to Structuring and Selling vCISO Services

Similar Posts