Sophos Workspace Protection Enables Secure SaaS App Control

Fortinet has begun releasing security updates to address a critical flaw impacting FortiOS that has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2026-24858 (CVSS score: 9.4), has been described as an authentication bypass related to FortiOS single sign-on (SSO). The flaw also affects FortiManager and FortiAnalyzer. The company said…

Here’s today’s reminder not to just repeat threat actors’ claims without checking or attempting to verify them first: Qilin added a company to their dark web leak site that they misidentified as Richardson Sales Performance. It wasn’t Richardson Sales Performance. What they appear to have hit, based on their proof of claims screenshot, was a…

Catalin Cimpanu reports: A Russian man has pleaded guilty to hacking US companies and selling access to ransomware groups. Aleksei Olegovich Volkov went online under the hacker name of chubaka.kor, and worked as an initial access broker (IAB) for the Yanluowang ransomware. Volkov used various techniques to breach a corporate employee’s account, escalate access to the employer’s……

Organizations in Ukraine have been targeted by threat actors of Russian origin with an aim to siphon sensitive data and maintain persistent access to compromised networks. The activity, according to a new report from the Symantec and Carbon Black Threat Hunter Team, targeted a large business services organization for two months and a local government…

Ashden Fein, Jess Gonzalez Valenzuela, Analese Bridges, John Webster Leslie, and Claire O’Rourke of Covington and Burling write: The Cybersecurity Information Sharing Act of 2015 (“CISA 2015”), which provides liability protections and other safeguards for sharing certain cybersecurity information with the U.S. federal government and private entities, was reauthorized as part of the funding bill……

Microsoft throws a farewell party for Win10, Office 2016, and Office 2019… a very big party