Cyber Security News

For the 16th consecutive report, Sophos has been recognized by Gartner as a Leader in the Endpoint Protection Platforms (EPP) category.

Benjamin Hernandez reports: A Mississippi law firm is suing its cyber insurer, alleging the carrier wrongfully denied coverage for a roughly $150,000 loss stemming from an “elaborate” email scheme. Gore, Kilpatrick & Dambrino PLLC was duped into wiring funds to an account controlled by scammers posing as representatives from a company that was dissolved years…

Cloudflare on Tuesday said it mitigated 7.3 million distributed denial-of-service (DDoS) attacks in the second quarter of 2025, a significant drop from 20.5 million DDoS attacks it fended off the previous quarter. “Overall, in Q2 2025, hyper-volumetric DDoS attacks skyrocketed,” Omer Yoachimik and Jorge Pacheco said. “Cloudflare blocked over 6,500 hyper-volumetric DDoS attacks, an average…

Kateryna Zakharchenko reports: Cyber specialists from Ukraine’s Defense Intelligence Directorate (HUR), with support from the “Ukrainian Cyber Alliance” and the hacker group “BO Team,” have carried out a cyberattack on the network and server infrastructure of “Haskar Integration” – one of the largest drone suppliers to the Russian armed forces, HUR sources told Kyiv Post…

Cybersecurity researchers have shed light on a new ransomware-as-a-service (RaaS) operation called GLOBAL GROUP that has targeted a wide range of sectors in Australia, Brazil, Europe, and the United States since its emergence in early June 2025. GLOBAL GROUP was “promoted on the Ramp4u forum by the threat actor known as ‘$$$,’” EclecticIQ researcher Arda…

Some human errors are more dangerous than others. PA News reports: A data breach which may have put up to 100,000 people at risk of death or serious harm from the Taliban can now be reported more than three years after it took place. Here the PA news agency looks at the timeline of events…

Dimitar Abrashev reports: A computer specialist accused of leaking personal data from Bulgaria’s revenue administration has received a suspended nine-month sentence with three years’ probation, under a plea deal approved by the Sofia City Court. The case stems from a massive cyber breach in 2019 that exposed the personal details of millions of Bulgarians. Kristian…

Matthew Gault reports: Many trains in the U.S. are vulnerable to a hack that can remotely lock a train’s brakes, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the researcher who discovered the vulnerability. The railroad industry has known about the vulnerability for more than a decade but only recently began to fix it….

Cybersecurity researchers have charted the evolution of a widely used remote access trojan called AsyncRAT, which was first released on GitHub in January 2019 and has since served as the foundation for several other variants. “AsyncRAT has cemented its place as a cornerstone of modern malware and as a pervasive threat that has evolved into…

AI agents promise to automate everything from financial reconciliations to incident response. Yet every time an AI agent spins up a workflow, it has to authenticate somewhere; often with a high-privilege API key, OAuth token, or service account that defenders can’t easily see. These “invisible” non-human identities (NHIs) now outnumber human accounts in most cloud…