Build a prevention-first defense: The Sophos Cybersecurity Toolkit

Trend Micro has released security updates to address multiple security vulnerabilities impacting on-premise versions of Apex Central for Windows, including a critical bug that could result in arbitrary code execution. The vulnerability, tracked as CVE-2025-69258, carries a CVSS score of 9.8 out of a maximum of 10.0. The vulnerability has been described as a case…

Marc Fortier reports: City officials and police in Attleboro, Massachusetts, say they are investigating a “cybersecurity incident” that has taken several of the city’s information technology systems offline. “City leaders are working with cybersecurity specialists, the city’s insurer and state and federal partners to identify the cause and begin restoring services,” the city said in……

A recently disclosed critical security flaw impacting the Aviatrix Controller cloud networking platform has come under active exploitation in the wild to deploy backdoors and cryptocurrency miners. Cloud security firm Wiz said it’s currently responding to “multiple incidents” involving the weaponization of CVE-2024-50603 (CVSS score: 10.0), a maximum severity bug that could result in

Hardened kernel, remote integrity monitoring, an enhanced anti-malware engine, and more.

A China-linked threat actor known as Mustang Panda has been attributed to a new cyber espionage campaign directed against the Tibetan community. The spear-phishing attacks leveraged topics related to Tibet, such as the 9th World Parliamentarians’ Convention on Tibet (WPCT), China’s education policy in the Tibet Autonomous Region (TAR), and a recently published book by…

Ellen Nakashima, Joseph Menn and Carolyn Y. Johnson report: The National Institutes of Health and the federal agency responsible for securing the nation’s nuclear weapons were among the victims in a global breach of Microsoft server software over the weekend, according to officials at the agencies. The incident at NIH, which has not been previously reported, involved…