Introducing Sophos Advisory Services

This issue of the Counter Threat Unit’s high-level bimonthly report discusses noteworthy updates in the threat landscape during July and August

Apple has released security updates to address a security flaw impacting iOS, iPadOS, and macOS that it said has come under active exploitation in the wild. The zero-day out-of-bounds write vulnerability, tracked as CVE-2025-43300, resides in the ImageIO framework that could result in memory corruption when processing a malicious image. “Apple is aware of a…

Exposed database backups discovered and reported by researcher @JayelTee are now being reported in more mainstream news after OrthoMinds issued a press about the incident. Marianne Kolbasuk McGee reports: A vendor of cloud-based orthodontic practice software is notifying an undisclosed number of patients that their data was exposed to the internet for 10 days last…

Dom DiFurio reports: In October, four companies collectively paid nearly $7 million as part of a settlement with the Securities and Exchange Commission for allegedly failing to properly inform investors of a cyberbreach affecting their companies, a liability American businesses have not previously faced. The companies were compromised in a cyberattack targeting their IT software provider in…

Globes reports: A recent conference discussed Amendment 13 to Israel’s Privacy Protection Law and how organizations can address emerging risks associated with the deployment of advanced AI. During a recent privacy and data-security conference in Israel, industry leaders explored the implications of Amendment 13 to Israel’s Privacy Protection Law and discussed how organizations can address……

Ryan Price reports on The Manchester Evening News: The Post Office has agreed to pay compensation to hundreds of former subpostmasters whose names and addresses were accidentally leaked during a data breach last year. Last June, the personal details of 555 victims of the Horizon IT scandal were published on the Post Office’s website. What…