Sophos AI Agents: Accelerating MDR and Powering the Agentic SOC

Cybersecurity researchers have discovered two new malicious extensions on the Chrome Web Store that are designed to exfiltrate OpenAI ChatGPT and DeepSeek conversations alongside browsing data to servers under the attackers’ control. The names of the extensions, which collectively have over 900,000 users, are below – Chat GPT for Chrome with GPT-5, Claude Sonnet &…

Cybersecurity company CrowdStrike is alerting of a phishing campaign that exploits its own branding to distribute a cryptocurrency miner that’s disguised as an employee CRM application as part of a supposed recruitment process. “The attack begins with a phishing email impersonating CrowdStrike recruitment, directing recipients to a malicious website,” the company said. “Victims are prompted…

The high-profile information stealer switches up its TTPs, but keeps the CAPTCHA tactic; we take a deep dive

PA News Agency reports that as a result of the attack, more than 10,000 appointments were cancelled at the two London NHS trusts that were worst affected, and a significant number of GP practices in London were unable to order blood tests for their patients. Now the Health Service Journal (HSJ) [paywalled] has reported that…

The U.S. Department of Justice (DoJ) has announced charges against 12 Chinese nationals for their alleged participation in a wide-ranging scheme designed to steal data and suppress free speech and dissent globally. The individuals include two officers of the People’s Republic of China’s (PRC) Ministry of Public Security (MPS), eight employees of an ostensibly private…

Cameron Montemayor reports:  Multiple sources and documents obtained via public records requests indicate the city suffered a significant cyberattack in early June, an incident that crippled network services for an extended period of time and potentially exposed the personal data of thousands of residents, city officials confirmed Monday. The City of St. Joseph has been……