Cyber Security News

Expanding customer choice and bringing Sophos Central closer to customers and partners across the Middle East.

This week saw a lot of new cyber trouble. Hackers hit Fortinet and Chrome with new 0-day bugs. They also broke into supply chains and SaaS tools. Many hid inside trusted apps, browser alerts, and software updates. Big firms like Microsoft, Salesforce, and Google had to react fast — stopping DDoS attacks, blocking bad links,…

Multiple security vendors are sounding the alarm about a second wave of attacks targeting the npm registry in a manner that’s reminiscent of the Shai-Hulud attack. The new supply chain campaign, dubbed Sha1-Hulud, has compromised hundreds of npm packages, according to reports from Aikido, HelixGuard, Koi Security, Socket, and Wiz. “The campaign introduces a new…

At the Autonomous University of Yucatán (UADY), technology has long been central to supporting academic excellence.  As the university expanded to serve more than 20,000 students across five campuses, its IT team faced increasing pressure on an aging cybersecurity infrastructure. Manual patching, limited firmware support, and rising costs made it harder to defend against evolving…

New research from CrowdStrike has revealed that DeepSeek’s artificial intelligence (AI) reasoning model DeepSeek-R1 produces more security vulnerabilities in response to prompts that contain topics deemed politically sensitive by China. “We found that when DeepSeek-R1 receives prompts containing topics the Chinese Communist Party (CCP) likely considers politically sensitive, the likelihood of it

A recently patched security flaw in Microsoft Windows Server Update Services (WSUS) has been exploited by threat actors to distribute malware known as ShadowPad. “The attacker targeted Windows Servers with WSUS enabled, exploiting CVE-2025-59287 for initial access,” AhnLab Security Intelligence Center (ASEC) said in a report published last week. “They then used PowerCat, an open-source

Caleb Skeath, Emily Pehrsson, and Jess Gonzalez Valenzuela of Covington and Burling write: On November 20, 2025, the Securities and Exchange Commission (“SEC”) announced that it was voluntarily dismissing the case it brought against SolarWinds Corp. (“SolarWinds”) and its information security officer, Timothy Brown, regarding the company’s security practices and related statements in connection with……

GMA Integrated News reports: The Department of Interior and Local Government (DILG) said Sunday it is verifying claims that its internal systems were breached by hackers. In a statement, the agency said their systems remain stable but that they have activated containment and security protocols to secure data. “Our technical teams and government cybersecurity units……

Rob Copeland, Stacy Cowley, and Devlin Barrett report: Some of the nation’s biggest banks were scrambling on Saturday night to assess the fallout from a large-scale hack of a vendor whose compromise could expose sensitive customer data. The vendor, SitusAMC, has been deployed by hundreds of banks and other lenders to help originate and collect……

The China-linked advanced persistent threat (APT) group known as APT31 has been attributed to cyber attacks targeting the Russian information technology (IT) sector between 2024 and 2025 while staying undetected for extended periods of time. “In the period from 2024 to 2025, the Russian IT sector, especially companies working as contractors and integrators of solutions…