What happens when a cybersecurity company gets phished?
A Sophos employee was phished, but we countered the threat with an end-to-end defense process
Similar Posts
Over 1,000 SOHO Devices Hacked in China-linked LapDogs Cyber Espionage Campaign
Bys sThreat hunters have discovered a network of more than 1,000 compromised small office and home office (SOHO) devices that have been used to facilitate a prolonged cyber espionage infrastructure campaign for China-nexus hacking groups. The Operational Relay Box (ORB) network has been codenamed LapDogs by SecurityScorecard’s STRIKE team. “The LapDogs network has a high concentration…
CISA Retires 10 Emergency Cybersecurity Directives Issued Between 2019 and 2024
Bys sThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday said it’s retiring 10 emergency directives (Eds) that were issued between 2019 and 2024. The list of the directives now considered closed is as follows – ED 19-01: Mitigate DNS Infrastructure Tampering ED 20-02: Mitigate Windows Vulnerabilities from January 2020 Patch Tuesday ED 20-03: Mitigate…
CISA Releases Cybersecurity Performance Goals 2.0 for Critical Infrastructure
Bys sAshden Fein, Caleb Skeath, John Webster Leslie, and Krissy Chapman of Covington and Burling write: On December 11, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) released its Cybersecurity Performance Goals 2.0 (“CPG 2.0”), an update to its core set of recommended cybersecurity practices for critical infrastructure owners and operators, which we previously wrote about here. Established by the……
CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution
Bys sThe Cyber Security Agency of Singapore (CSA) has issued a bulletin warning of a maximum-severity security flaw in SmarterTools SmarterMail email software that could be exploited to achieve remote code execution. The vulnerability, tracked as CVE-2025-52691, carries a CVSS score of 10.0. It relates to a case of arbitrary file upload that could enable code…
Data Breach Lawsuits Against Chord Specialty Dental Partners Consolidated
Bys sKathryn Rattigan of Robinson + Cole writes: Pennsylvania-based Chord Specialty Dental Partners is under fire after a September 2024 data breach compromised the personal information of over 173,000 individuals. At least seven proposed class action lawsuits have been filed in federal courts in Tennessee and Pennsylvania, alleging the company failed to secure and protect patient…
SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass
Bys sSolarWinds has released security updates to address multiple security vulnerabilities impacting SolarWinds Web Help Desk, including four critical vulnerabilities that could result in authentication bypass and remote code execution (RCE). The list of vulnerabilities is as follows – CVE-2025-40536 (CVSS score: 8.1) – A security control bypass vulnerability that could allow an unauthenticated