Sophos AI at Black Hat USA ’25: Anomaly detection betrayed us, so we gave it a new job
Following on from our preview, here’s Ben Gelman and Sean Bergeron’s research on enhancing command line classification with benign anomalous data
-
-
Air France and KLM Alert Authorities of Data Breach
While no sensitive financial data like credit card information was compromised, the threat actors were able to get away with names, email addresses, phone numbers, and more.
-
Privilege Escalation Issue in Amazon ECS Leads to IAM Hijacking
A software developer discovered a way to abuse an undocumented protocol in Amazon’s Elastic Container Service to escalate privileges, cross boundaries and gain access to other cloud resources.
-
‘Samourai’ Cryptomixer Founders Plead Guilty to Money Laundering
As part of their plea deal, the cybercriminal founders will also have to forfeit more than $200 million.
-
SocGholish Malware Spread via Ad Tools; Delivers Access to LockBit, Evil Corp, and Others
The threat actors behind the SocGholish malware have been observed leveraging Traffic Distribution Systems (TDSs) like Parrot TDS and Keitaro TDS to filter and redirect unsuspecting users to sketchy content. “The core of their operation is a sophisticated Malware-as-a-Service (MaaS) model, where infected systems are sold as initial access points to other cybercriminal organizations,” Silent…
-
Citizen Lab Founder Flags Rise of US Authoritarianism
Citizen Lab director and founder Ron Deibert explained how civil society is locked in “vicious cycle,” and human rights are being abused as a result, covering Israeli spyware, the Khashoggi killing, and an erosion of democratic norms in the US.
-
Payback: ‘ShinyHunters’ Clocks Google via Salesforce
In 2024, it was Snowflake. In 2025, it’s Salesforce. ShinyHunters is back, with low-tech hacks that nonetheless manage to bring down international megaliths like Google, Cisco, and Adidas.
-
The Critical Flaw in CVE Scoring
With informed decision-making, organizations can strengthen their overall resilience and maintain the agility needed to adapt to emerging threats, without sacrificing innovation or productivity.
-
Chanel Alerts Clients of Third-Party Breach
The fashion house is added to a list of other companies that have been impacted by similar breaches, including Tiffany & Co. and Louis Vuitton.
-
Malicious Go, npm Packages Deliver Cross-Platform Malware, Trigger Remote Data Wipes
Cybersecurity researchers have discovered a set of 11 malicious Go packages that are designed to download additional payloads from remote servers and execute them on both Windows and Linux systems. “At runtime the code silently spawns a shell, pulls a second-stage payload from an interchangeable set of .icu and .tech command-and-control (C2) endpoints, and executes…