Phake phishing: Phundamental or pholly?
Debates over the effectiveness of phishing simulations are widespread. Sophos X-Ops looks at the arguments for and against – and our own phishing philosophy
Similar Posts
Hackers Deploy Malicious npm Packages to Steal Solana Wallet Keys via Gmail SMTP
Bys sCybersecurity researchers have identified three sets of malicious packages across the npm and Python Package Index (PyPI) repository that come with capabilities to steal data and even delete sensitive data from infected systems. The list of identified packages is below – @async-mutex/mutex, a typosquat of async-mute (npm) dexscreener, which masquerades as a library for accessing…
5 Ways Identity-based Attacks Are Breaching Retail
Bys sFrom overprivileged admin roles to long-forgotten vendor tokens, these attackers are slipping through the cracks of trust and access. Here’s how five retail breaches unfolded, and what they reveal about… In recent months, major retailers like Adidas, The North Face, Dior, Victoria’s Secret, Cartier, Marks & Spencer, and Co‑op have all been breached. These attacks weren’t sophisticated
Cyberattack on Israeli ‘kosher’ internet provider
Bys sKosher Israeli internet provider, Internet Rimon, which provides Internet filtering services for the religious and haredi sectors, was hacked by an Iranian cyberattack group. Moshe Lampert reports: On Saturday night Iranian hackers, known as the “Promised Revenge,” hacked the Rimon Internet Provider, which provides Internet filtering services for the religious and haredi sectors. The incident……
Cursor AI Code Editor Vulnerability Enables RCE via Malicious MCP File Swaps Post Approval
Bys sCybersecurity researchers have disclosed a high-severity security flaw in the artificial intelligence (AI)-powered code editor Cursor that could result in remote code execution. The vulnerability, tracked as CVE-2025-54136 (CVSS score: 7.2), has been codenamed MCPoison by Check Point Research, owing to the fact that it exploits a quirk in the way the software handles modifications…
Attorney General James Secures $14.2 Million from Car Insurance Companies Over Data Breaches
Bys sNEW YORK – New York Attorney General Letitia James today secured $14.2 million from eight car insurance companies for failing to protect the private information of more than 825,000 New Yorkers. The data breaches were part of a hacking campaign that targeted car insurance companies’ quoting tools and stole people’s personal information, including driver’s license……
Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability
Bys sCybersecurity researchers are warning that a critical zero-day vulnerability impacting Zyxel CPE Series devices is seeing active exploitation attempts in the wild. “Attackers can leverage this vulnerability to execute arbitrary commands on affected devices, leading to complete system compromise, data exfiltration, or network infiltration,” GreyNoise researcher Glenn Thorpe said in an alert