Expanded management regions for Sophos DNS Protection

Blog

Byadmblake March 6, 2025

Get started for free.

Blog

Microsoft OneDrive File Picker Flaw Grants Apps Full Cloud Access — Even When Uploading Just One File

Cybersecurity researchers have discovered a security flaw in Microsoft’s OneDrive File Picker that, if successfully exploited, could allow websites to access a user’s entire cloud storage content, as opposed to just the files selected for upload via the tool. “This stems from overly broad OAuth scopes and misleading consent screens that fail to clearly explain…

Read More Microsoft OneDrive File Picker Flaw Grants Apps Full Cloud Access — Even When Uploading Just One File
Blog

When Brand Loyalty Trumps Data Security

Brand loyalty can act as a shield protecting organizations from the immediate impact of a breach, but that protection has a shelf life.

Read More When Brand Loyalty Trumps Data Security
Blog

Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign

Threat actors with suspected ties to Russia have been observed taking advantage of a Google account feature called application specific passwords (or app passwords) as part of a novel social engineering tactic designed to gain access to victims’ emails. Details of the highly targeted campaign were disclosed by Google Threat Intelligence Group (GTIG) and the…

Read More Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign
Blog

LangSmith Bug Could Expose OpenAI Keys and User Data via Malicious Agents

Cybersecurity researchers have disclosed a now-patched security flaw in LangChain’s LangSmith platform that could be exploited to capture sensitive data, including API keys and user prompts. The vulnerability, which carries a CVSS score of 8.8 out of a maximum of 10.0, has been codenamed AgentSmith by Noma Security. LangSmith is an observability and evaluation platform…

Read More LangSmith Bug Could Expose OpenAI Keys and User Data via Malicious Agents
Blog

XDigo Malware Exploits Windows LNK Flaw in Eastern European Government Attacks

Cybersecurity researchers have uncovered a Go-based malware called XDigo that has been used in attacks targeting Eastern European governmental entities in March 2025. The attack chains are said to have leveraged a collection of Windows shortcut (LNK) files as part of a multi-stage procedure to deploy the malware, French cybersecurity company HarfangLab said. XDSpy is…

Read More XDigo Malware Exploits Windows LNK Flaw in Eastern European Government Attacks
Blog

The Hidden Risks of SaaS: Why Built-In Protections Aren’t Enough for Modern Data Resilience

SaaS Adoption is Skyrocketing, Resilience Hasn’t Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn’t. These platforms weren’t built with full-scale data

Read More The Hidden Risks of SaaS: Why Built-In Protections Aren’t Enough for Modern Data Resilience

Related