Strengthening cyber resilience: Introducing Internal Attack Surface Management (IASM) for Sophos Managed Risk
Enhanced vulnerability management delivered as a managed service.
Similar Posts
Alert: Scattered Spider has added North American airline and transportation organizations to their target list
Bys sCharles Carmakal posted the following alert on LinkedIn: ALERT: Scattered Spider has added North American airline and transportation organizations to their target list. 🚨 Mandiant (part of Google Cloud) is aware of multiple incidents in the airline and transportation sector which resemble the operations of UNC3944 or Scattered Spider. We recommend that the industry immediately…
Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation
Bys sMicrosoft has shed light on a now-patched security flaw impacting Apple macOS that, if successfully exploited, could have allowed an attacker running as “root” to bypass the operating system’s System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions. The vulnerability in question is CVE-2024-44243 (CVSS score: 5.5), a medium-severity bug
⚡ Weekly Recap: Zero-Day Exploits, Insider Threats, APT Targeting, Botnets and More
Bys sCybersecurity leaders aren’t just dealing with attacks—they’re also protecting trust, keeping systems running, and maintaining their organization’s reputation. This week’s developments highlight a bigger issue: as we rely more on digital tools, hidden weaknesses can quietly grow. Just fixing problems isn’t enough anymore—resilience needs to be built into everything from the ground up.
New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login
Bys sSAP has rolled out security fixes for 13 new security issues, including additional hardening for a maximum-severity bug in SAP NetWeaver AS Java that could result in arbitrary command execution. The vulnerability, tracked as CVE-2025-42944, carries a CVSS score of 10.0. It has been described as a case of insecure deserialization. “Due to a deserialization…
BlackBasta Ransomware Chatlogs Leaked Online
Bys sKevin Poireault reports: Netherlands-based threat intelligence firm Prodaft revealed on February 20 that internal chatlogs from the BlackBasta ransomware gang have been leaked online. BlackBasta is a ransomware strain that was first detected in April 2022. Early on, cyber threat intelligence experts assessed that the members of the group behind the ransomware were associated with other…
Employees Searching Payroll Portals on Google Tricked Into Sending Paychecks to Hackers
Bys sThreat hunters have exposed a novel campaign that makes use of search engine optimization (SEO) poisoning techniques to target employee mobile devices and facilitate payroll fraud. The activity, first detected by ReliaQuest in May 2025 targeting an unnamed customer in the manufacturing sector, is characterized by the use of fake login pages to access the…