Sophos named a Leader in the IDC MarketScape™: Worldwide Extended Detection and Response (XDR) Software 2025

A newly discovered campaign dubbed GreedyBear has leveraged over 150 malicious extensions to the Firefox marketplace that are designed to impersonate popular cryptocurrency wallets and steal more than $1 million in digital assets. The published browser add-ons masquerade as MetaMask, TronLink, Exodus, and Rabby Wallet, among others, Koi Security researcher Tuval Admoni said. What makes…

The CERT Coordination Center (CERT/CC) has disclosed details of an unpatched security flaw impacting TOTOLINK EX200 wireless range extender that could allow a remote authenticated attacker to gain full control of the device. The flaw, CVE-2025-65606 (CVSS score: N/A), has been characterized as a flaw in the firmware-upload error-handling logic, which could cause the device…

Attacks surged in July 2025 after the threat group updated its process to combine malicious LNK files and a recycled WebDAV technique

The U.S. Federal Bureau of Investigation (FBI) formally linked the record-breaking $1.5 billion Bybit hack to North Korean threat actors, as the company’s CEO Ben Zhou declared a “war against Lazarus.” The agency said the Democratic People’s Republic of Korea (North Korea) was responsible for the theft of the virtual assets from the cryptocurrency exchange,…

See how your networks, systems, and employees stand up to simulated attacks before an adversary strikes.

Arianna Prothero and Lauraine Langreo report: Schools stand to lose vital cybersecurity support from the federal government as the Trump administration takes dramatic steps to shrink its size, and the Education Department suspends a major cybersecurity support initiative. […] Education Week has confirmed that the U.S. Department of Education, at the behest of Homeland Security,…