Year in Review 2025: The major headlines and moments from Sophos this year
Categories: Sophos Insights
Tags: Year in Review, security news
Similar Posts
Critical Infrastructure Ransomware Attack Tracker Reaches 2,000 Incidents
Bys sTemple University’s Critical Infrastructure Ransomware Attacks (CIRA) database now contains over 2,000 entries. The post Critical Infrastructure Ransomware Attack Tracker Reaches 2,000 Incidents appeared first on SecurityWeek.
North Korea-linked Actors Exploit React2Shell to Deploy New EtherRAT Malware
Bys sThreat actors with ties to North Korea have likely become the latest to exploit the recently disclosed critical security React2Shell flaw in React Server Components (RSC) to deliver a previously undocumented remote access trojan dubbed EtherRAT. “EtherRAT leverages Ethereum smart contracts for command-and-control (C2) resolution, deploys five independent Linux persistence mechanisms, and
Hackers Exploit Critical WordPress Theme Flaw to Hijack Sites via Remote Plugin Install
Bys sThreat actors are actively exploiting a critical security flaw in “Alone – Charity Multipurpose Non-profit WordPress Theme” to take over susceptible sites. The vulnerability, tracked as CVE-2025-5394, carries a CVSS score of 9.8. Security researcher Thái An has been credited with discovering and reporting the bug. According to Wordfence, the shortcoming relates to an arbitrary…
Brussels launched an age checking app. It took 2 minutes to hack it.
Bys sÉmile Marzolf, Ellen O’Regan, and Eliza Gkritsi report: The European Union’s unveiling of a mobile app to check people’s age online has quickly turned sour, as cybersecurity experts found glaring privacy and security problems with the code. European Commission President Ursula von der Leyen presented the age-verification tool in Brussels on Wednesday, saying it was……
OAuth Redirect Flaw in Airline Travel Integration Exposes Millions to Account Hijacking
Bys sCybersecurity researchers have disclosed details of a now-patched account takeover vulnerability affecting a popular online travel service for hotel and car rentals. “By exploiting this flaw, attackers can gain unauthorized access to any user’s account within the system, effectively allowing them to impersonate the victim and perform an array of actions on their behalf –…
Data breach in 42 Latvian municipalities: DVI imposes 300,000 euro fine on ZZ Dats
Bys sLETA reports: The Data State Inspectorate (DVI) has imposed a 300,000 euro fine on SIA “ZZ Dats” in connection with last year’s municipal data breach; the company has appealed the decision in court, the LETA news agency reports. According to the Inspectorate, the data were stored in an information system maintained by ZZ Dats. Upon……