An industry first: Sophos Firewall and NDR Essentials

Apple on Tuesday released a security update to address a zero-day flaw that it said has been exploited in “extremely sophisticated” attacks. The vulnerability has been assigned the CVE identifier CVE-2025-24201 and is rooted in the WebKit web browser engine component. It has been described as an out-of-bounds write issue that could allow an attacker…

Google has shipped patches to address 47 security flaws in its Android operating system, including one it said has come under active exploitation in the wild. The vulnerability in question is CVE-2024-53104 (CVSS score: 7.8), which has been described as a case of privilege escalation in a kernel component known as the USB Video Class…

BakerHostetler writes: On Thursday, Jan. 23, DISA Global Solutions, Inc. (DISA) provided an update to customers regarding its April 2024 cyber incident, including the results of its data review and notification plans. According to DISA, its investigation determined an unauthorized third party accessed its environment between Feb. 9, 2024, and April 22, 2024, and “procured…

Cyberhaven and other Chrome extensions were compromised in a supply chain attack targeting Facebook advertising users. The post Several Chrome Extensions Compromised in Supply Chain Attack appeared first on SecurityWeek.

There’s a follow-up on one of the plastic surgery ransomware attacks this site first reported in October 2023 after the Hunters International threat actors added Jaime S. Schwartz, MD, to their leak site with proof of claims. At the time, Dr. Schwartz’s practice was one of a number of attacks on plastic surgery practices where…

Today’s reminder of the insider threat: Seattle – A 43-year-old Laguna Niguel, California man pleaded guilty today in U.S. District Court in Seattle to wire fraud for his scheme to steal nearly $1 million from his employer, announced Acting U.S. Attorney Teal Luthy Miller. Paul Joseph Welch was the IT manager of Kent, Washington energy…