The Sophos Annual Threat Report: Cybercrime on Main Street 2025
Ransomware remains the biggest threat, but old and misconfigured network devices are making it too easy
Similar Posts
Think Your IdP or CASB Covers Shadow IT? These 5 Risks Prove Otherwise
Bys sYou don’t need a rogue employee to suffer a breach. All it takes is a free trial that someone forgot to cancel. An AI-powered note-taker quietly syncing with your Google Drive. A personal Gmail account tied to a business-critical tool. That’s shadow IT. And today, it’s not just about unsanctioned apps, but also dormant accounts,…
Exploit Code Published for Potentially Dangerous Windows LDAP Vulnerability
Proof-of-concept (PoC) code was published for CVE-2024-49113, a denial-of-service (DoS) vulnerability in Windows LDAP. The post Exploit Code Published for Potentially Dangerous Windows LDAP Vulnerability appeared first on SecurityWeek.
Lightning AI Studio Vulnerability Allowed RCE via Hidden URL Parameter
Bys sCybersecurity researchers have disclosed a critical security flaw in the Lightning AI Studio development platform that, if successfully exploited, could allow for remote code execution. The vulnerability, rated a CVSS score of 9.4, enables “attackers to potentially execute arbitrary commands with root privileges” by exploiting a hidden URL parameter, application security firm Noma said in…
Uganda court charges senior finance officials with corruption over central bank hacking
Bys sSusmita Chaulagain reports: A Ugandan court on Wednesday charged nine senior officials from the Ministry of Finance, Planning, and Economic Development over their alleged involvement in corruption, electronic fraud, and money laundering in connection with a hacking incident that led to a financial loss of at least $21 million from the country’s central bank. The hacking occurred last year…
CISA Emergency Directive 25-03: Identify and Mitigate Potential Compromise of Cisco Devices
Bys sThis page contains a web-friendly version of the Cybersecurity and Infrastructure Security Agency’s Emergency Directive 25-03: Identify and Mitigate Potential Compromise of Cisco Devices. CISA is aware of an ongoing exploitation campaign by an advanced threat actor targeting Cisco Adaptive Security Appliances (ASA). The campaign is widespread and involves exploiting zero-day vulnerabilities to gain unauthenticated……
SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers
Bys sCybersecurity researchers have discovered two new malicious packages in the Python Package Index (PyPI) repository that are designed to deliver a remote access trojan called SilentSync on Windows systems. “SilentSync is capable of remote command execution, file exfiltration, and screen capturing,” Zscaler ThreatLabz’s Manisha Ramcharan Prajapati and Satyam Singh said. “SilentSync also extracts