News

Introducing Sophos Advisory Services

Bys s October 1, 2025

See how your networks, systems, and employees stand up to simulated attacks before an adversary strikes.

News

ServiceNow Flaw CVE-2025-3648 Could Lead to Data Exposure via Misconfigured ACLs
Bys s July 10, 2025

A high-severity security flaw has been disclosed in ServiceNow’s platform that, if successfully exploited, could result in data exposure and exfiltration. The vulnerability, tracked as CVE-2025-3648 (CVSS score: 8.2), has been described as a case of data inference in Now Platform through conditional access control list (ACL) rules. It has been codenamed Count(er) Strike. “A…

Read More ServiceNow Flaw CVE-2025-3648 Could Lead to Data Exposure via Misconfigured ACLs
News

DOJ Resentences BreachForums Founder to 3 Years for Cybercrime and Possession of CSAM
Bys s September 17, 2025

The U.S. Department of Justice (DoJ) on Tuesday resentenced the former administrator of BreachForums to three years in prison in connection with his role in running the cybercrime forum and possessing child sexual abuse material (CSAM). Conor Brian Fitzpatrick (aka Pompompurin), 22, of Peekskill, New York, pleaded guilty to one count of access device conspiracy,…

Read More DOJ Resentences BreachForums Founder to 3 Years for Cybercrime and Possession of CSAM
News

⚡ Weekly Recap: Scattered Spider Arrests, Car Exploits, macOS Malware, Fortinet RCE and More
Bys s July 14, 2025

In cybersecurity, precision matters—and there’s little room for error. A small mistake, missed setting, or quiet misconfiguration can quickly lead to much bigger problems. The signs we’re seeing this week highlight deeper issues behind what might look like routine incidents: outdated tools, slow response to risks, and the ongoing gap between compliance and real security….

Read More ⚡ Weekly Recap: Scattered Spider Arrests, Car Exploits, macOS Malware, Fortinet RCE and More
News

PowerSchool discloses breach affecting hosted and self-hosted school k-12 districts
Bys s January 8, 2025

Yesterday, PowerSchool disclosed that on December 28, it had become aware of a data breach that affected some, but not all, of its PowerSchool clients. PowerSchool Student Information System (SIS) is used by school districts worldwide to help schools manage student educational records including grades, attendance, and enrollment. Emails were sent to all PowerSchool clients…

Read More PowerSchool discloses breach affecting hosted and self-hosted school k-12 districts
News

New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits
Bys s January 16, 2025

Details have emerged about a now-patched security vulnerability that could allow a bypass of the Secure Boot mechanism in Unified Extensible Firmware Interface (UEFI) systems. The vulnerability, assigned the CVE identifier CVE-2024-7344 (CVSS score: 6.7), resides in a UEFI application signed by Microsoft’s “Microsoft Corporation UEFI CA 2011” third-party UEFI certificate, according to a new

Read More New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits
News

U.S. Sanctions 10 North Korean Entities for Laundering $12.7M in Crypto and IT Fraud
Bys s November 5, 2025

The U.S. Treasury Department on Tuesday imposed sanctions against eight individuals and two entities within North Korea’s global financial network for laundering money for various illicit schemes, including cybercrime and information technology (IT) worker fraud. “North Korean state-sponsored hackers steal and launder money to fund the regime’s nuclear weapons program,” said Under Secretary of

Read More U.S. Sanctions 10 North Korean Entities for Laundering $12.7M in Crypto and IT Fraud

Similar Posts