Sophos AI at Black Hat USA ’25: Anomaly detection betrayed us, so we gave it a new job
Following on from our preview, here’s Ben Gelman and Sean Bergeron’s research on enhancing command line classification with benign anomalous data
Similar Posts
Iranian Hackers Launch ‘SpearSpecter’ Spy Operation on Defense & Government Targets
Bys sThe Iranian state-sponsored threat actor known as APT42 has been observed targeting individuals and organizations that are of interest to the Islamic Revolutionary Guard Corps (IRGC) as part of a new espionage-focused campaign. The activity, detected in early September 2025 and assessed to be ongoing, has been codenamed SpearSpecter by the Israel National Digital Agency (INDA)….
Palo Alto Networks investigating ransomware threat related to SharePoint exploitation
Bys sDavid Jones reports: Researchers from Palo Alto Networks say they are investigating a ransomware attack related to the recently disclosed ToolShell vulnerabilities in Microsoft SharePoint. The hackers left the victim a ransom note on Sunday claiming they had encrypted files using the 4L4MD4R ransomware. The note warned that any attempt to decrypt the files would result in their…
New PHP-Based Interlock RAT Variant Uses FileFix Delivery Mechanism to Target Multiple Industries
Bys sThreat actors behind the Interlock ransomware group have unleashed a new PHP variant of its bespoke remote access trojan (RAT) as part of a widespread campaign using a variant of ClickFix called FileFix. “Since May 2025, activity related to the Interlock RAT has been observed in connection with the LandUpdate808 (aka KongTuke) web-inject threat clusters,”…
Health Share of Oregon and CareOregon notify members of data breach
Bys sA press release from Columbia Pacific CCO left me a bit puzzled. A statement from Columbia Pacific CCO relates to a breach affecting members of CareOregon and Health Share Oregon. Their notice is titled, “Alert: Some of your information was viewed without permission.” The notice states, “On October 27, 2025, we learned that one or more……
Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown
Bys sCybersecurity researchers have flagged a malicious package on the Python Package Index (PyPI) repository that claims to offer the ability to create a SOCKS5 proxy service, while also providing a stealthy backdoor-like functionality to drop additional payloads on Windows systems. The deceptive package, named soopsocks, attracted a total of 2,653 downloads before it was taken…
Cisco SD-WAN Zero-Day CVE-2026-20127 Exploited Since 2023 for Admin Access
Bys sA newly disclosed maximum-severity security flaw in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Catalyst SD-WAN Manager (formerly vManage) has come under active exploitation in the wild as part of malicious activity that dates back to 2023. The vulnerability, tracked as CVE-2026-20127 (CVSS score: 10.0), allows an unauthenticated remote attacker to bypass authentication and obtain