Cyber Security News

A major milestone: Sophos XDR delivers 100% detection coverage in the latest ATT&CK Evaluation.

Three security vulnerabilities have been disclosed in the Peripheral Component Interconnect Express (PCIe) Integrity and Data Encryption (IDE) protocol specification that could expose a local attacker to serious risks. The flaws impact PCIe Base Specification Revision 5.0 and onwards in the protocol mechanism introduced by the IDE Engineering Change Notice (ECN), according to the PCI…

Darragh Mc Donagh reports: There is no evidence that patients’ data was stolen during a second ransomware attack targeting Health Service Executive (HSE) systems earlier this year, the authority has said. Earlier this week, the HSE began offering compensation to victims of a cyberattack that caused widespread disruption in May 2021, costing the agency an estimated €102 million. It has now emerged that a second……

Damien Bancal reports: US and European agencies have updated their joint warning on Akira: nearly 250 million dollars in ransom demands, a refined attack chain and a clear inheritance from the Conti gang. An updated advisory from US and European agencies, ransom demands estimated at nearly 250 million dollars, focused exploitation of VPNs and remote……

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a security flaw impacting the WinRAR file archiver and compression utility to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2025-6218 (CVSS score: 7.8), is a path traversal bug that could enable code execution. However, for exploitation

Cloud security is changing. Attackers are no longer just breaking down the door; they are finding unlocked windows in your configurations, your identities, and your code. Standard security tools often miss these threats because they look like normal activity. To stop them, you need to see exactly how these attacks happen in the real world….

Joseph J. Lazzarotti of JacksonLewis writes: When Royal Cornwall Hospital responded to a routine Freedom of Information request in 2023, they had no idea they were about to expose sensitive staff data to the public. The hospital recently apologized after discovering that a spreadsheet published on their website contained hidden sickness absence data for 8,100 current and……

If this were a poll, DataBreaches would vote “yes.” DataBreaches has never really understood why breach notification letters do not have to reveal the name of a business associate or vendor if the breach occurred on their system. Why shouldn’t business associates or vendors risk the same reputation impact that their clients do? Doesn’t failure……

Ukrainian National Indicted and Rewards Announced for Co-Conspirators Relating to Destructive Cyberattacks Worldwide WASHINGTON — The Justice Department announced two indictments in the Central District of California charging Ukrainian national Victoria Eduardovna Dubranova, 33, also known as Vika, Tory, and SovaSonya, for her role in conducting cyberattacks and computer intrusions against critical infrastructure and other……

The University of Minnesota has published a research brief: New research from the University of Minnesota School of Public Health provides the first detailed look at whether funding provided through a federal relief program effectively reached hospitals affected by a ransomware attack on Change Healthcare, a major processor of health insurance claims. The 2024 cyberattack exposed the……