Sophos Firewall v21.5 early access is now available

Blog

Byadmblake April 8, 2025

Say hello to great new features and enhancements in v21.5.

Blog

Claude Code Security and Magecart: Getting the Threat Model Right

When a Magecart payload hides inside the EXIF data of a dynamically loaded third-party favicon, no repository scanner will catch it – because the malicious code never actually touches your repo. As teams adopt Claude Code Security for static analysis, this is the exact technical boundary where AI code scanning stops and client-side runtime execution…

Read More Claude Code Security and Magecart: Getting the Threat Model Right
Blog

Researchers Uncover NodeCordRAT Hidden in npm Bitcoin-Themed Packages

Cybersecurity researchers have discovered three malicious npm packages that are designed to deliver a previously undocumented malware called NodeCordRAT. The names of the packages, all of which were taken down as of November 2025, are listed below. They were uploaded by a user named “wenmoonx.” bitcoin-main-lib (2,300 Downloads) bitcoin-lib-js (193 Downloads) bip40 (970 Downloads) “The

Read More Researchers Uncover NodeCordRAT Hidden in npm Bitcoin-Themed Packages
Blog

Qilin affiliates spear-phish MSP ScreenConnect admin, targeting customers downstream

Attack matches three-year long pattern of ScreenConnect attacks tracked by Sophos MDR as STAC4365.

Read More Qilin affiliates spear-phish MSP ScreenConnect admin, targeting customers downstream
Blog

CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) to its Known Exploited Vulnerabilities (KEV) catalog, flagging it as actively exploited in attacks. The vulnerability, tracked as CVE-2025-40551 (CVSS score: 9.8), is a untrusted data deserialization vulnerability that could pave the way for…

Read More CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog
Blog

Sophos Intelix for Microsoft Copilot now brings threat intelligence directly into Copilot

World-class threat intelligence available directly where analysts work.

Read More Sophos Intelix for Microsoft Copilot now brings threat intelligence directly into Copilot
Blog

New Proof of Concept Combining CVE-2019-1322 and CVE-2019-1405 Developed

The FortiGuard SE Team is aware of a new proof of concept dubbed “COMahawk” disclosed on Nov 14 that incorporates CVE-2019-1405 and CVE-1322. The proof of concept combines two latest vulnerabilities in Microsoft Windows CVE-2019-1405 {Windows UPnP Service Elevation of Privilege Vulnerability) and CVE-2019-1322 (Microsoft Windows Elevation of Privilege Vulnerability) that allows for a full…

Read More New Proof of Concept Combining CVE-2019-1322 and CVE-2019-1405 Developed

Related