News

Year in Review 2025: The major headlines and moments from Sophos this year

Bys s January 14, 2026

Categories: Sophos Insights

Tags: Year in Review, security news

News

Fraudsters, murderers, students: who the GRU assembled a team of hacker provocateurs from and why it failed
Bys s June 1, 2025

The Insider reports: In September 2024, the FBI published an indictment against a group of hackers working for GRU Unit 29155, the same military unit that became famous for poisoning Skripal in Salisbury. It has long been known that the GRU has hacker units, The Insider was the first to prove this back in 2017, and then it was…

Read More Fraudsters, murderers, students: who the GRU assembled a team of hacker provocateurs from and why it failed
News

Critical Commvault Command Center Flaw Enables Attackers to Execute Code Remotely
Bys s April 24, 2025

A critical security flaw has been disclosed in the Commvault Command Center that could allow arbitrary code execution on affected installations. The vulnerability, tracked as CVE-2025-34028, carries a CVSS score of 9.0 out of a maximum of 10.0. “A critical security vulnerability has been identified in the Command Center installation, allowing remote attackers to execute…

Read More Critical Commvault Command Center Flaw Enables Attackers to Execute Code Remotely
News

WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately
Bys s August 11, 2025

The maintainers of the WinRAR file archiving utility have released an update to address an actively exploited zero-day vulnerability. Tracked as CVE-2025-8088 (CVSS score: 8.8), the issue has been described as a case of path traversal affecting the Windows version of the tool that could be exploited to obtain arbitrary code execution by crafting malicious…

Read More WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately
News

“Louvre” as a password, outdated software, impossible updates… Ten years of IT security breaches at the world’s leading museum
Bys s November 4, 2025

The headline, and the text that follows, is a machine translation of an article by Brice Le Borgne that appeared in Liberation on November 1, 2025: “The museum’s security systems did not fail,” insisted Culture Minister Rachida Dati shortly after the spectacular burglary at the Louvre Museum on October 19. Ten days later, the tone had changed. On……

Read More “Louvre” as a password, outdated software, impossible updates… Ten years of IT security breaches at the world’s leading museum
News

Do We Really Need The OWASP NHI Top 10?
Bys s January 27, 2025

The Open Web Application Security Project has recently introduced a new Top 10 project – the Non-Human Identity (NHI) Top 10. For years, OWASP has provided security professionals and developers with essential guidance and actionable frameworks through its Top 10 projects, including the widely used API and Web Application security lists. Non-human identity security represents…

Read More Do We Really Need The OWASP NHI Top 10?
News

PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack
Bys s January 22, 2025

A previously undocumented China-aligned advanced persistent threat (APT) group named PlushDaemon has been linked to a supply chain attack targeting a South Korean virtual private network (VPN) provider in 2023, according to new findings from ESET. “The attackers replaced the legitimate installer with one that also deployed the group’s signature implant that we have named…

Read More PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack

Similar Posts