Sophos tops G2 Fall 2025 Reports: #1 Overall in MDR and Firewall
#1 Ranked in 47 Global Reports
-
-
Phoenix RowHammer Attack Bypasses Advanced DDR5 Memory Protections in 109 Seconds
A team of academics from ETH Zürich and Google has discovered a new variant of a RowHammer attack targeting Double Data Rate 5 (DDR5) memory chips from South Korean semiconductor vendor SK Hynix. The RowHammer attack variant, codenamed Phoenix (CVE-2025-6202, CVSS score: 7.1), is capable of bypassing sophisticated protection mechanisms put in place to resist…
-
40 npm Packages Compromised in Supply Chain Attack Using bundle.js to Steal Credentials
Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages that belong to multiple maintainers. “The compromised versions include a function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json, injects a local script (bundle.js), repacks the archive, and republishes it, enabling
-
SecurityScorecard Buys AI Automation Capabilities, Boosts Vendor Risk Management
The company acquired HyperComply to help enterprises automate vendor security reviews and gain a real-time picture of the security of their entire supply chain.
-
‘HybridPetya’ Ransomware Bypasses Secure Boot
The malware, which has traits of Petya ransomware and the infamous NotPetya wiper, is designed to target UEFI-based systems, according to researchers.
-
KillSec Ransomware Hits Brazilian Healthcare Software Provider
The ransomware gang breached a “major element” of the healthcare technology supply chain and stole sensitive patient data, according to researchers.
-
FBI Warns of Threat Actors Hitting Salesforce Customers
The FBI’s IC3 recently warned of two threat actors, UNC6040 and UNC6395, targeting Salesforce customers, separately and in tandem.
-
Mustang Panda Deploys SnakeDisk USB Worm to Deliver Yokai Backdoor on Thailand IPs
The China-aligned threat actor known as Mustang Panda has been observed using an updated version of a backdoor called TONESHELL and a previously undocumented USB worm called SnakeDisk. “The worm only executes on devices with Thailand-based IP addresses and drops the Yokai backdoor,” IBM X-Force researchers Golo Mühr and Joshua Chung said in an analysis…
-
Building Resilient IT Infrastructure From the Start
CISA’s Secure by Design planted a flag. Now, it’s on those who care about safeguarding systems to pick up the torch and take action to secure systems throughout the enterprise.
-
6 Browser-Based Attacks Security Teams Need to Prepare For Right Now
Attacks that target users in their web browsers have seen an unprecedented rise in recent years. In this article, we’ll explore what a “browser-based attack” is, and why they’re proving to be so effective. What is a browser-based attack? First, it’s important to establish what a browser-based attack is. In most scenarios, attackers don’t think…