Generative AI and cybersecurity: What Sophos experts expect in 2026

The U.S. Department of Justice (DoJ) said a Russian national has been sentenced to two years in prison for managing a botnet that was used to launch ransomware attacks against U.S. companies. Ilya Angelov, 40, of Tolyatti, Russia, was also fined $100,000. Angelov, who went by the online aliases “milan” and “okart,” is said to…

Giles Bruce reports: Microsoft has seized 338 phishing websites associated with a cybercrime service that targeted at least 20 U.S. healthcare organizations. Using a court order granted by the U.S. District Court for the Southern District of New York, the tech giant’s Digital Crimes Unit disrupted RaccoonO365, which offers subscription-based phishing kits allowing novices to mimic official……

TLDR Even if you take nothing else away from this piece, if your organization is evaluating passkey deployments, it is insecure to deploy synced passkeys. Synced passkeys inherit the risk of the cloud accounts and recovery processes that protect them, which creates material enterprise exposure. Adversary-in-the-middle (AiTM) kits can force authentication fallbacks that circumvent strong

Apple on Tuesday revealed a new security feature called Memory Integrity Enforcement (MIE) that’s built into its newly introduced iPhone models, including iPhone 17 and iPhone Air. MIE, per the tech giant, offers “always-on memory safety protection” across critical attack surfaces such as the kernel and over 70 userland processes without sacrificing device performance by…

Cybersecurity researchers are calling attention to a “large-scale campaign” that has been observed compromising legitimate websites with malicious JavaScript injections. According to Palo Alto Networks Unit 42, these malicious injects are obfuscated using JSFuck, which refers to an “esoteric and educational programming style” that uses only a limited set of characters to write and execute…

Thomas Mundy reports: Attorneys have sent a preservation notice to Radford University leaders to preserve all relevant evidence regarding a possible data breach involving former students. Former Michigan assistant football coach Matt Weiss has been federally indicted after prosecutors accused him of hacking into private accounts of student-athletes to access potentially compromising images. “When it…