I am not a robot: ClickFix used to deploy StealC and Qilin

Threat hunters have called attention to a new campaign as part of which bad actors masqueraded as fake IT support to deliver the Havoc command-and-control (C2) framework as a precursor to data exfiltration or ransomware attack. The intrusions, identified by Huntress last month across five partner organizations, involved the threat actors using email spam as…

Defending a network at 2 am looks a lot like this: an analyst copy-pasting a hash from a PDF into a SIEM query. A red team script is being rewritten by hand so the blue team can use it. A patch waiting on a change-approval window that’s longer than the exploitation window itself. Nobody in…

There’s an update to a previously reported case from the Department of Justice: WASHINGTON – An Alabama man was sentenced today to 14 months in prison and three years of supervised release for his role in the unauthorized takeover of the U.S. Securities and Exchange Commission’s (SEC) social media account on X, formerly known as…

The April 2025 cyber attacks targeting U.K. retailers Marks & Spencer and Co-op have been classified as a “single combined cyber event.” That’s according to an assessment from the Cyber Monitoring Centre (CMC), a U.K.-based independent, non-profit body set up by the insurance industry to categorize major cyber events. “Given that one threat actor claimed…

The maintainers of the Python Package Index (PyPI) registry have announced a new feature that allows package developers to archive a project as part of efforts to improve supply chain security. “Maintainers can now archive a project to let users know that the project is not expected to receive any more updates,” Facundo Tuesca, senior…

On October 22-24, SophosAI will present research on ‘LLM salting’ (a novel countermeasure against jailbreaks) and command line classification at CAMLIS 2025