Sophos achieves its best-ever results in the MITRE ATT&CK Enterprise 2025 Evaluation
A major milestone: Sophos XDR delivers 100% detection coverage in the latest ATT&CK Evaluation.
Similar Posts
X Warns Users With Security Keys to Re-Enroll Before November 10 to Avoid Lockouts
Bys sSocial media platform X is urging users who have enrolled for two-factor authentication (2FA) using passkeys and hardware security keys like Yubikeys to re-enroll their key to ensure continued access to the service. To that end, users are being asked to complete the re-enrollment, either using their existing security key or enrolling a new one,…
Public Exploit for Chained SAP Flaws Exposes Unpatched Systems to Remote Code Execution
Bys sA new exploit combining two critical, now-patched security flaws in SAP NetWeaver has emerged in the wild, putting organizations at risk of system compromise and data theft. The exploit in question chains together CVE-2025-31324 and CVE-2025-42999 to bypass authentication and achieve remote code execution, SAP security company Onapsis said. CVE-2025-31324 (CVSS score: 10.0) – Missing
Why Organizations Are Turning to RPAM
Bys sAs IT environments become increasingly distributed and organizations adopt hybrid and remote work at scale, traditional perimeter-based security models and on-premises Privileged Access Management (PAM) solutions no longer suffice. IT administrators, contractors and third-party vendors now require secure access to critical systems from any location and on any device, without compromising
Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers
Bys sNew research has uncovered security vulnerabilities in multiple tunneling protocols that could allow attackers to perform a wide range of attacks. “Internet hosts that accept tunneling packets without verifying the sender’s identity can be hijacked to perform anonymous attacks and provide access to their networks,” Top10VPN said in a study, as part of a collaboration…
Infostealers: The silent doorway to identity attacks — and why proactive defense matters
Bys sCredential theft isn’t just an inconvenience. It’s often the first move in a chain reaction that ends in full-scale compromise. Beyond the dreaded password reset process, information stealers, as shown in several recent cyberattacks, can have far more consequential follow-on effects. For many small and mid-sized organizations, a single stolen identity can lead to…
ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics
Bys sCybersecurity researchers have discovered a new phishing campaign undertaken by the North Korea-linked hacking group called ScarCruft (aka APT37) to deliver a malware known as RokRAT. The activity has been codenamed Operation HanKook Phantom by Seqrite Labs, stating the attacks appear to target individuals associated with the National Intelligence Research Association, including academic figures