Sophos achieves its best-ever results in the MITRE ATT&CK Enterprise 2025 Evaluation
A major milestone: Sophos XDR delivers 100% detection coverage in the latest ATT&CK Evaluation.
Similar Posts
Cryptojacking Campaign Exploits DevOps APIs Using Off-the-Shelf Tools from GitHub
Bys sCybersecurity researchers have discovered a new cryptojacking campaign that’s targeting publicly accessible DevOps web servers such as those associated with Docker, Gitea, and HashiCorp Consul and Nomad to illicitly mine cryptocurrencies. Cloud security firm Wiz, which is tracking the activity under the name JINX-0132, said the attackers are exploiting a wide range of known misconfigurations…
Huge Fines Imposed by Thailand’s PDPC: A Major Alert on Data Privacy Violations (Thailand)
Bys sShunsuke Minowa and Poonyisa Sornchangwat of Nagashima Ohno & Tsunematsu write: 1. Background On 1 August 2025, Thailand’s Personal Data Protection Committee (“PDPC”) announced the issuance of 8 fines totaling THB 14.5 million (approximately USD 448,000), which were levied against one government agency and other private entities for non-compliance with the Personal Data Protection Act of 2019 (“PDPA”)……
ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities
Bys sThe ShinyHunters extortion crew exploited an unpatched flaw in Oracle PeopleSoft to break into enterprise systems, steal data, and demand payment to keep it private. The campaign hit universities hardest. Google’s Mandiant attributes it to the group it tracks as UNC6240, and dates the activity between May 27 and June 9. Oracle did not publish…
The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm
Bys sA new analysis of The Gentlemen operation has revealed that the financially motivated threat group initially operated as an affiliate responsible for conducting double extortion attacks, while leveraging resources from various ransomware-as-a-service (RaaS) schemes like LockBit (aka Tenacious Mantis), Qilin (aka Pestilent Mantis), and Medusa (aka Venomous Mantis). According to a detailed report
Dell RecoverPoint for VMs Zero-Day CVE-2026-22769 Exploited Since Mid-2024
Bys sA maximum severity security vulnerability in Dell RecoverPoint for Virtual Machines has been exploited as a zero-day by a suspected China-nexus threat cluster dubbed UNC6201 since mid-2024, according to a new report from Google Mandiant and Google Threat Intelligence Group (GTIG). The activity involves the exploitation of CVE-2026-22769 (CVSS score: 10.0), a case of hard-coded…
Obligations under Canada’s data breach notification law
Bys sChiara Trinidad writes: What laws govern data breach in Canada? Data breach notification law is governed by the Personal Information and Electronic Documents Act (PIPEDA). This federal law regulates the handling of personal information during commercial transactions. This includes the collection, use, and disclosure of personal data. By extension, this also includes the storage of…