Sophos Endpoint: Consistently AAA rated – Q2 2025 SE Labs Endpoint Protection Report

Cybersecurity researchers have flagged a malicious npm package that was generated using artificial intelligence (AI) and concealed a cryptocurrency wallet drainer. The package, @kodane/patch-manager, claims to offer “advanced license validation and registry optimization utilities for high-performance Node.js applications.” It was uploaded to npm by a user named “Kodane” on July 28, 2025. The

Does your organization suffer from a cybersecurity perception gap? Findings from the Bitdefender 2025 Cybersecurity Assessment suggest the answer is probably “yes” — and many leaders may not even realize it. This disconnect matters. Small differences in perception today can evolve into major blind spots tomorrow. After all, perception influences what organizations prioritize, where they

Amazon’s threat intelligence team on Wednesday disclosed that it observed an advanced threat actor exploiting two then-zero-day security flaws in Cisco Identity Service Engine (ISE) and Citrix NetScaler ADC products as part of attacks designed to deliver custom malware. “This discovery highlights the trend of threat actors focusing on critical identity and network access control…

An emerging threat actor that goes by “Zestix” used an assortment of infostealers to obtain credentials and breach file-sharing instances of approximately 50 enterprises.

The April/May zero-day exploitations of Ivanti’s mobile device management platform meant unprecedented pwning of thousands of orgs by a Chinese APT — and history will probably repeat itself.