The Sophos Annual Threat Report: Cybercrime on Main Street 2025
Small enterprises are a key focus for cybercrime, as previously emphasized in our prior annual publication. Numerous criminal risks outlined...
threat—research
Absolutely strong April Patch Tuesday includes 135 CVEs
Microsoft has unveiled 135 patches impacting 19 product families today. Out of these, ten critical remote code execution problems are...
Robust April Security Update Tuesday addresses 135 Common Vulnerabilities and Exposures
On Tuesday, Microsoft rolled out a comprehensive set of 135 updates impacting 19 different product families. Among these, ten critical...
Robust April Security Patch Tuesday unveils 135 Common Vulnerabilities and Exposures (CVEs)
Microsoft dropped a total of 135 fixes across 19 product families on Tuesday. Out of these updates, ten deal with...
The 2025 Sophos Active Adversary Report: A Duo’s Journey
This year marks the fifth year of the celebrated fifth anniversary of the Sophos Active Adversary Report. A simple query...
Qilin partners target MSP ScreenConnect admin through spear-phishing, impacting downstream clients
In the final days of January 2025, an administrator of a Managed Service Provider (MSP) received a meticulously crafted phishing...
Swiping user login details using evilginx
Evilginx, a tool based on the authentic (and widely utilized) open-source nginx web server, can be utilized to grab usernames,...
PJobRAT reemerges, attempts once more at chat applications
Reported by researchers in the year 2021, PJobRAT – an Android RAT initially identified in 2019 – has been focusing...
The forthcoming destiny of MFA is apparent – but has it arrived already?
Throughout the years, the sector has entangled itself in complications in its efforts at enhancing (or elevating) the password, utilizing...
Insignificant blazes everywhere for March Patch Tuesday
Microsoft has released a total of 57 updates across 10 product families this Tuesday. Among these fixes, Microsoft has deemed...
February’s Patch Tuesday brings 57 bundles
Microsoft released 57 updates on Tuesday spanning 13 product families. Microsoft deems two of the issues addressed as Critical, with...
Extensible Vector Graphics files present a fresh phishing danger
Miscreants who engage in phishing activities via email have intensified their exploitation of a new deceptive method aimed at sidestepping...
Update: AI Skepticism Still Persists Among Cybercriminals
During November 2023, the research conducted by Sophos X-Ops shed light on the sentiments of threat actors towards generative AI....
Tracking of two ransomware campaigns by Sophos MDR utilizing “email flooding” and Microsoft Teams “vishing”
Sophos X-Ops’ Managed Detection and Response (MDR) team is actively engaging with incidents linked to two distinct groups of threat...
Gootloader from the Inside Out
The Gootloader malicious software family utilizes an identifiable form of social engineering to contaminate computers: The individuals behind it entice...
