Blog

McDonald’s hiring platform was using its original default credentials and inadvertently exposed information belonging to approximately 64 million job applicants.

Experts recommend enhanced AI literacy, training around the ethics of using AI, and verification protocols to maintain credibility in an increasingly AI-influenced courtroom.

Since surfacing on GitHub in 2019, AsyncRAT has become a poster child for how open source malware can democratize cybercrime, with a mazelike footprint of variants available across the spectrum of functionality.

For the 16th consecutive report, Sophos has been recognized by Gartner as a Leader in the Endpoint Protection Platforms (EPP) category.

The intelligence-gathering cyber campaign introduces the novel HazyBeacon backdoor and uses legitimate cloud communication channels for command-and-control (C2) and exfiltration to hide its malicious activities.

Cloudflare on Tuesday said it mitigated 7.3 million distributed denial-of-service (DDoS) attacks in the second quarter of 2025, a significant drop from 20.5 million DDoS attacks it fended off the previous quarter. “Overall, in Q2 2025, hyper-volumetric DDoS attacks skyrocketed,” Omer Yoachimik and Jorge Pacheco said. “Cloudflare blocked over 6,500 hyper-volumetric DDoS attacks, an average…

Cybersecurity researchers have shed light on a new ransomware-as-a-service (RaaS) operation called GLOBAL GROUP that has targeted a wide range of sectors in Australia, Brazil, Europe, and the United States since its emergence in early June 2025. GLOBAL GROUP was “promoted on the Ramp4u forum by the threat actor known as ‘$$$,’” EclecticIQ researcher Arda…

Criminal networks are adapting quickly, and they’re betting that companies won’t keep pace. Let’s prove them wrong.

The new framework is modeled after and meant to complement the MITRE ATT&CK framework, and it is aimed at detecting and responding to cyberattacks on cryptocurrency assets and other financial targets.

Governmental organizations in Southeast Asia are the target of a new campaign that aims to collect sensitive information by means of a previously undocumented Windows backdoor dubbed HazyBeacon. The activity is being tracked by Palo Alto Networks Unit 42 under the moniker CL-STA-1020, where “CL” stands for “cluster” and “STA” refers to “state-backed motivation.” “The…