Blog

Your blog category

Blog

Citrix NetScaler ADC and NetScaler RCE

What is the Vulnerability? FortiGuard Labs has observed active network telemetry relating to CVE-2025-7775, a memory overflow vulnerability in Citrix NetScaler ADC and Gateway that enables remote code execution (RCE) and denial of service (DoS) under certain pre-conditions. Exploitation on unpatched appliances has been confirmed, and CISA has added the vulnerability to its Known Exploited…

Read More Citrix NetScaler ADC and NetScaler RCE
Blog

North Korean Group Targets South With Military ID Deepfakes

The North Korea-linked group Kimsuky used ChatGPT to create deepfakes of military ID documents in an attempt to compromise South Korean targets.

Read More North Korean Group Targets South With Military ID Deepfakes
Blog

Ray Security Takes an Active Data Security Approach

A data security platform based on action is what the industry needs right now to protect enterprise data.

Read More Ray Security Takes an Active Data Security Approach
Blog

Critical Bugs in Chaos Mesh Enable Cluster Takeover

“Chaotic Deputy” is a set of four vulnerabilities in the chaos engineering platform that many organizations use to test the resilience of their Kubernetes environments.

Read More Critical Bugs in Chaos Mesh Enable Cluster Takeover
Blog

Self-Replicating ‘Shai-hulud’ Worm Targets NPM Packages

The newly emerged worm has spread across hundreds of open source software packages, stealing credentials and infecting other components without much direct attacker input.

Read More Self-Replicating ‘Shai-hulud’ Worm Targets NPM Packages
Blog

‘Vane Viper’ Threat Group Tied to PropellerAds, Commercial Entities

Researchers say the commercial adtech platform and several other companies form the infrastructure of a massive cybercrime operation.

Read More ‘Vane Viper’ Threat Group Tied to PropellerAds, Commercial Entities
Blog

Sophos supports Objective-See Foundation to advance macOS security and inclusive cybersecurity education

Dedicated to building a stronger, more inclusive Apple security community through open-source security tools Sophos is proud to be a gold friend of the Objective-See Foundation, supporting its mission to expand access to cybersecurity education and foster innovative community-driven macOS security research. As macOS becomes a bigger target for cybercriminals, organizations like Objective-See are critical…

Read More Sophos supports Objective-See Foundation to advance macOS security and inclusive cybersecurity education
Blog

Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover

Cybersecurity researchers have disclosed multiple critical security vulnerabilities in Chaos Mesh that, if successfully exploited, could lead to cluster takeover in Kubernetes environments. “Attackers need only minimal in-cluster network access to exploit these vulnerabilities, execute the platform’s fault injections (such as shutting down pods or disrupting network communications), and perform

Read More Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover
Blog

Not all Endpoint protection is created equal

When people ask us, “Aren’t all endpoint solutions the same these days?” — our answer is simple: No. They’re not.

Read More Not all Endpoint protection is created equal
Blog

SlopAds Fraud Ring Exploits 224 Android Apps to Drive 2.3 Billion Daily Ad Bids

A massive ad fraud and click fraud operation dubbed SlopAds ran a cluster of 224 apps, collectively attracting 38 million downloads across 228 countries and territories. “These apps deliver their fraud payload using steganography and create hidden WebViews to navigate to threat actor-owned cashout sites, generating fraudulent ad impressions and clicks,” HUMAN’s Satori Threat Intelligence…

Read More SlopAds Fraud Ring Exploits 224 Android Apps to Drive 2.3 Billion Daily Ad Bids