What happens when a cybersecurity company gets phished?
A Sophos employee was phished, but we countered the threat with an end-to-end defense process
A Sophos employee was phished, but we countered the threat with an end-to-end defense process
Related
From the “Department of No” to a “Culture of Yes”: A Healthcare CISO’s Journey to Enabling Modern Care
Breaking Out of the Security Mosh Pit When Jason Elrod, CISO of MultiCare Health System, describes legacy healthcare IT environments, he doesn’t mince words: “Healthcare loves to walk backwards into the future. And this is how we got here, because there are a lot of things that we could have prepared for that we didn’t,…
Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches
Taiwanese company Moxa has released a security update to address a critical security flaw impacting its PT switches that could permit an attacker to bypass authentication guarantees. The vulnerability, tracked as CVE-2024-12297, has been assigned a CVSS v4 score of 9.2 out of a maximum of 10.0. “Multiple Moxa PT switches are vulnerable to an…
Fortra Releases Critical Patch for CVSS 10.0 GoAnywhere MFT Vulnerability
Fortra has disclosed details of a critical security flaw in GoAnywhere Managed File Transfer (MFT) software that could result in the execution of arbitrary commands. The vulnerability, tracked as CVE-2025-10035, carries a CVSS score of 10.0, indicating maximum severity. “A deserialization vulnerability in the License Servlet of Fortra’s GoAnywhere MFT allows an actor with a…
Active Exploitation Against Adobe Commerce and Magento Through CVE-2022-24086/CVE-2022-24087
UPDATE February 17: Added reference to CVE-2022-24087, which Adobe disclosed and issues an out-of-band patch for on February 17th, 2022.FortiGuard Labs is aware of reports that Magento Open Source and Adobe Commerce are actively being targeted and exploited through CVE-2022-24086. This vulnerability can lead to remote code execution (RCE) on an exploited server which means…
Critical Fortinet Vulnerability Draws Fresh Attention
CISA this week added CVE-2025-24472 to its catalog of known exploited vulnerabilities, citing ransomware activity targeting the authentication bypass flaw.
PUBLOAD and Pubshell Malware Used in Mustang Panda’s Tibet-Specific Attack
A China-linked threat actor known as Mustang Panda has been attributed to a new cyber espionage campaign directed against the Tibetan community. The spear-phishing attacks leveraged topics related to Tibet, such as the 9th World Parliamentarians’ Convention on Tibet (WPCT), China’s education policy in the Tibet Autonomous Region (TAR), and a recently published book by…