Sophos Firewall v21.5 is now available

Hospital Español Auxilio Mutuo de Puerto Rico didn’t discover on their own that their systems had been compromised, and then, despite outside expert help, they were unable to determine with precise confidence whose data was exfiltrated or whether it has been misused, but the hospital has now started notifying patients potentially affected by a breach…

A proof-of-concept (PoC) exploit has been released for a now-patched security flaw impacting Windows Lightweight Directory Access Protocol (LDAP) that could trigger a denial-of-service (DoS) condition. The out-of-bounds reads vulnerability is tracked as CVE-2024-49113 (CVSS score: 7.5). It was addressed by Microsoft as part of Patch Tuesday updates for December 2024, alongside CVE-2024-49112 (

On June 1, 2025, the California Applicants’ Attorneys Association reported that Serviceaide, a provider of AI-powered healthcare software, had suffered a data breach that led to at least six federal class-action lawsuits.  The breach was caused by an unsecured database that exposed the protected health information of 483,000 patients of Catholic Health in Buffalo, New York…….

Brandon Harder provides this morning’s reminder of the insider threat: Without legal authority, a nurse who worked at Saskatoon’s Jim Pattison Children’s Hospital snooped on the private medical records of 314 patients, according to a recent report. The report, dated April 23 and signed by Saskatchewan Information and Privacy Commissioner Ronald J. Kruzeniski, states that…

The threat actors behind the Qilin ransomware-as-a-service (RaaS) scheme are now offering legal counsel for affiliates to put more pressure on victims to pay up, as the cybercrime group intensifies its activity and tries to fill the void left by its rivals. The new feature takes the form of a “Call Lawyer” feature on the…

Categories: Sophos Insights Tags: Year in Review, security news