Sophos Firewall v21.5 early access is now available

Blog

Byadmblake April 8, 2025

Say hello to great new features and enhancements in v21.5.

Blog

Third-Party Risk Top Cybersecurity Claims

Data collected by cyber-insurers show that ransomware accounts for the majority of insurance claims, but that much of the losses stem from third-party breaches affecting policyholders.

Read More Third-Party Risk Top Cybersecurity Claims
Blog

US Comptroller Cyber ‘Incident’ Compromises Org’s Emails

A review of the emails involved in the breach is still ongoing, but what has been discovered is enough for the Treasury Department to label it a “major cyber incident.”

Read More US Comptroller Cyber ‘Incident’ Compromises Org’s Emails
Blog

Microsoft Patches 130 Vulnerabilities, Including Critical Flaws in SPNEGO and SQL Server

For the first time in 2025, Microsoft’s Patch Tuesday updates did not bundle fixes for exploited security vulnerabilities, but acknowledged one of the addressed flaws had been publicly known. The patches resolve a whopping 130 vulnerabilities, along with 10 other non-Microsoft CVEs that affect Visual Studio, AMD, and its Chromium-based Edge browser. Of these 10…

Read More Microsoft Patches 130 Vulnerabilities, Including Critical Flaws in SPNEGO and SQL Server
Blog

Active Exploitation Against Adobe Commerce and Magento Through CVE-2022-24086/CVE-2022-24087

UPDATE February 17: Added reference to CVE-2022-24087, which Adobe disclosed and issues an out-of-band patch for on February 17th, 2022.FortiGuard Labs is aware of reports that Magento Open Source and Adobe Commerce are actively being targeted and exploited through CVE-2022-24086. This vulnerability can lead to remote code execution (RCE) on an exploited server which means…

Read More Active Exploitation Against Adobe Commerce and Magento Through CVE-2022-24086/CVE-2022-24087
Blog

How Top CISOs Save Their SOCs from Alert Chaos to Never Miss Real Incidents

Why do SOC teams still drown in alerts even after spending big on security tools? False positives pile up, stealthy threats slip through, and critical incidents get buried in the noise. Top CISOs have realized the solution isn’t adding more and more tools to SOC workflows but giving analysts the speed and visibility they need…

Read More How Top CISOs Save Their SOCs from Alert Chaos to Never Miss Real Incidents
Blog

Microsoft Rushes Emergency Patch for Actively Exploited SharePoint ‘ToolShell’ Bug

Malicious actors already have already pounced on the zero-day vulnerability, tracked as CVE-2025-53770, to compromise US government agencies and other businesses in ongoing and widespread attacks.

Read More Microsoft Rushes Emergency Patch for Actively Exploited SharePoint ‘ToolShell’ Bug

Related