Sophos’ Secure by Design 2025 Progress
We are pleased to openly share our pledges and the progress we are making in each of the seven core pillars of product security in the Secure by Design framework
Similar Posts
Maryland Man Pleads Guilty to Conspiracy to Commit Wire Fraud
Bys sMinh Phoung Ngoc Vong Participated in a Multi-Year Fraudulent Scheme to Obtain Remote Information Technology Work With U.S. Companies and Government Agencies for Persons Based in China Minh Phuong Ngoc Vong, 40, of Bowie, Maryland, pleaded guilty today to conspiracy to commit wire fraud in connection with a scheme whereby he conspired with unknown individuals,…
Google Fixed Cloud Run Vulnerability Allowing Unauthorized Image Access via IAM Misuse
Bys sCybersecurity researchers have disclosed details of a now-patched privilege escalation vulnerability in Google Cloud Platform (GCP) Cloud Run that could have allowed a malicious actor to access container images and even inject malicious code. “The vulnerability could have allowed such an identity to abuse its Google Cloud Run revision edit permissions in order to pull…
CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems
Bys sThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored threat actors from the People’s Republic of China (PRC) to maintain long-term persistence on compromised systems. “BRICKSTORM is a sophisticated backdoor for VMware vSphere and Windows environments,” the agency said….
North Korea Uses GitHub in Diplomat Cyber Attacks as IT Worker Scheme Hits 320+ Firms
Bys sNorth Korean threat actors have been attributed to a coordinated cyber espionage campaign targeting diplomatic missions in their southern counterpart between March and July 2025. The activity manifested in the form of at least 19 spear-phishing emails that impersonated trusted diplomatic contacts with the goal of luring embassy staff and foreign ministry personnel with convincing…
5 Threats That Reshaped Web Security This Year [2025]
Bys sAs 2025 draws to a close, security professionals face a sobering realization: the traditional playbook for web security has become dangerously obsolete. AI-powered attacks, evolving injection techniques, and supply chain compromises affecting hundreds of thousands of websites forced a fundamental rethink of defensive strategies. Here are the five threats that reshaped web security this year,…
What is Identity Dark Matter?
Bys sThe Invisible Half of the Identity Universe Identity used to live in one place – an LDAP directory, an HR system, a single IAM portal. Not anymore. Today, identity is fragmented across SaaS, on-prem, IaaS, PaaS, home-grown, and shadow applications. Each of these environments carries its own accounts, permissions, and authentication flows. Traditional IAM and…