Beyond the kill chain: What cybercriminals do with their money (Part 5)

Get involved in the Sophos Firewall v22 Early Access Program today!

Threat hunters have disclosed two different malware campaigns that have targeted vulnerabilities and misconfigurations across cloud environments to deliver cryptocurrency miners. The threat activity clusters have been codenamed Soco404 and Koske by cloud security firms Wiz and Aqua, respectively. Soco404 “targets both Linux and Windows systems, deploying platform-specific malware,” Wiz

Hyeon Ye-Seul reports: Korea’s data protection watchdog on Wednesday told e-commerce giant Coupang to stop publishing its own findings about a data breach that compromised the personal information of millions of users, warning that unverified statements could mislead users and undermine an ongoing official investigation. The Personal Information Protection Commission (PIPC) said Coupang had disclosed……

Fortra on Thursday revealed the results of its investigation into CVE-2025-10035, a critical security flaw in GoAnywhere Managed File Transfer (MFT) that’s assessed to have come under active exploitation since at least September 11, 2025. The company said it began its investigation on September 11 following a “potential vulnerability” reported by a customer, uncovering “potentially…

Categories: Sophos Insights Tags: Sophos, Year in Review

Threat actors are leveraging bogus installers masquerading as popular software to trick users into installing malware as part of a global malvertising campaign dubbed TamperedChef. The end goal of the attacks is to establish persistence and deliver JavaScript malware that facilitates remote access and control, per a new report from Acronis Threat Research Unit (TRU)….