Phake phishing: Phundamental or pholly?
Debates over the effectiveness of phishing simulations are widespread. Sophos X-Ops looks at the arguments for and against – and our own phishing philosophy
Similar Posts
Ukrainian National Sentenced to 5 Years in North Korea IT Worker Fraud Case
Bys sA 29-year-old Ukrainian national has been sentenced to five years in prison in the U.S. for his role in facilitating North Korea’s fraudulent information technology (IT) worker scheme. In November 2025, Oleksandr “Alexander” Didenko pleaded guilty to wire fraud conspiracy and aggravated identity theft for stealing the identities of U.S. citizens and selling them to…
How a noisy ransomware intrusion exposed a long-term espionage foothold
Bys sZeljka Zorz reports: Getting breached by two separate and likely unconnected cyber attack groups is a nightmare scenario for any organization, but can result in an unexpected silver lining: the noisier intrusion can draw attention to a far stealthier threat that might otherwise linger undetected for months. A double whammy In a recently published report,……
UK Cannabis Clinic CB1 Medical Investigating As Patients Affected By Major Data Leak
Bys sSarah Sinclair reports: A UK medical cannabis clinic is carrying out investigations after a substantial amount of patients’ information was leaked in a major data breach. In an email sent to patients on Monday 18 August, CB1 Medical confirmed it had identified a ‘data security incident’ when patients’ personal details, including prescription information, were found……
Over 60 Software Vendors Issue Security Fixes Across OS, Cloud, and Network Platforms
Bys sIt’s Patch Tuesday, which means a number of software vendors have released patches for various security vulnerabilities impacting their products and services. Microsoft issued fixes for 59 flaws, including six actively exploited zero-days in various Windows components that could be abused to bypass security features, escalate privileges, and trigger a denial-of-service (DoS) condition. Elsewhere
TARmageddon Flaw in Async-Tar Rust Library Could Enable Remote Code Execution
Bys sCybersecurity researchers have disclosed details of a high-severity flaw impacting the popular async-tar Rust library and its forks, including tokio-tar, that could result in remote code execution under certain conditions. The vulnerability, tracked as CVE-2025-62518 (CVSS score: 8.1), has been codenamed TARmageddon by Edera, which discovered the issue in late August 2025. It impacts several
MO: City of St. Joseph hit by cyberattack, data potentially acquired in breach
Bys sCameron Montemayor reports: Multiple sources and documents obtained via public records requests indicate the city suffered a significant cyberattack in early June, an incident that crippled network services for an extended period of time and potentially exposed the personal data of thousands of residents, city officials confirmed Monday. The City of St. Joseph has been……