Cyber Security News

Seventeen Critical-severity CVEs ready to deck your halls; also, new blog guidance for Windows Server admins

Sophos X-Ops looks at the realism of this year’s MITRE ATT&CK Evaluations

Results from the latest ATT&CK Evaluations for endpoint detection and response solutions.

A sea change in available data fuels fresh insights from the first half of 2024

SophosAI’s framework for upgrading the performance of LLMs for cybersecurity tasks (or any other specific task) is now open source.

From cyber attacks across the geopolitical landscapes, to product updates that help small businesses, Sophos was there in 2024.

Sophos was also ranked the #1 solution in 36 individual reports spanning the Antivirus, EDR, Endpoint Protection Suites, XDR, Firewall, and MDR markets.

A sudden disruption of a major phishing-as-a-service provider leads to the rise of another…that looks very familiar 

Sophos has released hotfixes to address three security flaws in Sophos Firewall products that could be exploited to achieve remote code execution and allow privileged system access under certain conditions. Of the three, two are rated Critical in severity. There is currently no evidence that the shortcomings have been exploited in the wild. The list…

The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware. Following the discovery, versions 1.1.7 of both libraries have been unpublished from the npm…