Sweet 16: Sophos named a Leader (again) in the 2025 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

Ionut Arghire reports: Princeton University over the weekend disclosed a data breach impacting alumni, donors, faculty, students, parents, and other members of its community. On November 10, the university says, a threat actor accessed an Advancement database containing names, addresses, email addresses, and phone numbers, along with information on fundraising activities and donations to the……

The Trump administration has disbanded the Cyber Safety Review Board (CSRB), ending one of the few bright spots at CISA. The post DHS Disbands Cyber Safety Review Board, Ending One of CISA’s Few Bright Spots appeared first on SecurityWeek.

Chinese companies linked to the state-sponsored hacking group known as Silk Typhoon (aka Hafnium) have been identified as behind over a dozen technology patents, shedding light on the shadowy cyber contracting ecosystem and its offensive capabilities. The patents cover forensics and intrusion tools that enable encrypted endpoint data collection, Apple device forensics, and remote access…

A vulnerability in Google’s OAuth implementation allows takeover of old employee accounts when domain ownership changes. The post Google OAuth Flaw Leads to Account Takeover When Domain Ownership Changes appeared first on SecurityWeek.

A fake proof-of-concept (PoC) exploit for a recent LDAP vulnerability distributes information stealer malware. The post Infostealer Masquerades as PoC Code Targeting Recent LDAP Vulnerability appeared first on SecurityWeek.

SAP has released 14 security notes on January 2025 Patch Day, including two addressing critical vulnerabilities in NetWeaver. The post SAP Patches Critical Vulnerabilities in NetWeaver appeared first on SecurityWeek.