From Security Operations to Security Leadership: Sophos CISO Advantage
Categories: Products & Services, Security Operations
Similar Posts
CISA orders federal agencies to patch Sitecore zero-day following hacking reports
Bys sJonathan Greig reports: Federal civilian agencies have until September 25 to patch a vulnerability in popular content management system Sitecore after incident responders said they disrupted a recent attack involving the bug. Sitecore published a bulletin on Wednesday about CVE-2025-53690, which affects several of the company’s products. A key issue with the bug is the use of……
Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks
Bys sGoogle has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that it said has been exploited in the wild as part of attacks targeting organizations in Russia. The vulnerability, tracked as CVE-2025-2783, has been described as a case of “incorrect handle provided in unspecified circumstances in Mojo on…
Furry hackers who leaked Project 2025 firm’s data fear leader raided by feds
Bys sMikael Thalen reports: Individuals with connections to SiegedSec, the now-defunct group of “gay furry hackers” who leaked data relating to the think tank behind Project 2025, believe their former leader may have been arrested in a raid by law enforcement. In remarks to X on Wednesday, @mewmrrpmeow, a former member of the group, stated that “vio,” who once…
CISA Releases Cybersecurity Performance Goals 2.0 for Critical Infrastructure
Bys sAshden Fein, Caleb Skeath, John Webster Leslie, and Krissy Chapman of Covington and Burling write: On December 11, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) released its Cybersecurity Performance Goals 2.0 (“CPG 2.0”), an update to its core set of recommended cybersecurity practices for critical infrastructure owners and operators, which we previously wrote about here. Established by the……
CISA Warns of Active Exploitation of Gogs Vulnerability Enabling Code Execution
Bys sThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of active exploitation of a high-severity security flaw impacting Gogs by adding it to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, tracked as CVE-2025-8110 (CVSS score: 8.7), relates to a case of path traversal in the repository file editor that could result in code…
Seven npm Packages Use Adspect Cloaking to Trick Victims Into Crypto Scam Pages
Bys sCybersecurity researchers have discovered a set of seven npm packages published by a single threat actor that leverages a cloaking service called Adspect to differentiate between real victims and security researchers to ultimately redirect them to sketchy crypto-themed sites. The malicious npm packages, published by a threat actor named “dino_reborn” between September and November 2025,…