Human-in-the-loop security will define 2026: Predictions from Sophos experts
Categories: Sophos Insights
Tags: Sophos, Year in Review
Similar Posts
Is your cyberinsurance paid up? Are you sure?
Bys sPatterson-Schwartz & Associates, Inc. (“PSA”) is a real estate firm headquartered in Delaware. In May 2025, they experienced a data breach when two employee email accounts were compromised in phishing attacks on May 14 and May 29. Although PSA responded quickly to secure the compromised accounts and initiate incident response, sending notification letters to those……
CISO’s Expert Guide To AI Supply Chain Attacks
Bys sAI-enabled supply chain attacks jumped 156% last year. Discover why traditional defenses are failing and what CISOs must do now to protect their organizations. Download the full CISO’s expert guide to AI Supply chain attacks here. TL;DR AI-enabled supply chain attacks are exploding in scale and sophistication – Malicious package uploads to open-source repositories jumped…
Radiology practice reportedly working with FBI after ‘data security incident’
Bys sMarty Stempniak reports: A Pacific Northwest radiology practice has reportedly worked with the FBI following a recent “data security incident.” Mt. Baker Imaging and Northwest Radiologists posted a notice of the matter on its website March 26. The Bellingham, Washington-based group said it first noticed the network disruption around Jan. 25, immediately engaging outside forensic specialists…
Massachusetts hospitals Heywood, Athol say outage was a cybersecurity incident
Bys sJoseph Topping reports: Heywood Hospital and Athol Hospital said a network outage this week was caused by a cybersecurity incident. The hospitals said they took affected systems offline and engaged a third-party cybersecurity firm. The facilities—Heywood Hospital in Gardner, Massachusetts, and Athol Hospital in Athol, Massachusetts—remain open and caring for patients; earlier in the week……
FIN6 Uses AWS-Hosted Fake Resumes on LinkedIn to Deliver More_eggs Malware
Bys sThe financially motivated threat actor known as FIN6 has been observed leveraging fake resumes hosted on Amazon Web Services (AWS) infrastructure to deliver a malware family called More_eggs. “By posing as job seekers and initiating conversations through platforms like LinkedIn and Indeed, the group builds rapport with recruiters before delivering phishing messages that lead to…
Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication
Bys sA set of five critical security shortcomings have been disclosed in the Ingress NGINX Controller for Kubernetes that could result in unauthenticated remote code execution, putting over 6,500 clusters at immediate risk by exposing the component to the public internet. The vulnerabilities (CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, and CVE-2025-1974 ), assigned a CVSS score of