Phake phishing: Phundamental or pholly?
Debates over the effectiveness of phishing simulations are widespread. Sophos X-Ops looks at the arguments for and against – and our own phishing philosophy
Similar Posts
Microsoft Issues Security Fixes for 56 Flaws, Including Active Exploit and Two Zero-Days
Bys sMicrosoft closed out 2025 with patches for 56 security flaws in various products across the Windows platform, including one vulnerability that has been actively exploited in the wild. Of the 56 flaws, three are rated Critical, and 53 are rated Important in severity. Two other defects are listed as publicly known at the time of…
Government will ‘robustly defend’ compensation claims from Afghans put at risk by data breach
Bys sSo after putting their lives at risk, the UK’s Ministry of Defence will firmly resist giving anyone even a pence for what they have gone through? Lettice Bromovsky reports: Thousands of Afghans included on a list of people trying to flee the Taliban are unlikely to receive compensation after their details were accidentally leaked. A spokesman for the…
NL: Hacked lab paid ransom: ‘Millions of euros demanded’
Bys sThe following is a machine translation of an article by Daniel Verlaan: The hacked Clinical Diagnostics laboratory in Rijswijk has paid a ransom to the cybercriminals. Ransomware group Nova, responsible for the hack, confirmed this to RTL Nieuws. The laboratory hopes the payment will prevent more stolen data and medical records of Dutch citizens from……
MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide
Bys sA recently disclosed security vulnerability in MongoDB has come under active exploitation in the wild, with over 87,000 potentially susceptible instances identified across the world. The vulnerability in question is CVE-2025-14847 (CVSS score: 8.7), which allows an unauthenticated attacker to remotely leak sensitive data from the MongoDB server memory. It has been codenamed MongoBleed. “A…
When Good Extensions Go Bad: Takeaways from the Campaign Targeting Browser Extensions
News has been making headlines over the weekend of the extensive attack campaign targeting browser extensions and injecting them with malicious code to steal user credentials. Currently, over 25 extensions, with an install base of over two million users, have been found to be compromised, and customers are now working to figure out their exposure…
Pen Testing for Compliance Only? It’s Time to Change Your Approach
Bys sImagine this: Your organization completed its annual penetration test in January, earning high marks for security compliance. In February, your development team deployed a routine software update. By April, attackers had already exploited a vulnerability introduced in that February update, gaining access to customer data weeks before being finally detected. This situation isn’t theoretical: it