What happens when a cybersecurity company gets phished?
A Sophos employee was phished, but we countered the threat with an end-to-end defense process
A Sophos employee was phished, but we countered the threat with an end-to-end defense process
Related
CISA Adds Five-Year-Old jQuery XSS Flaw to Exploited Vulnerabilities List
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday placed a now-patched security flaw impacting the popular jQuery JavaScript library to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The medium-severity vulnerability is CVE-2020-11023 (CVSS score: 6.1/6.9), a nearly five-year-old cross-site scripting (XSS) bug that could be
Hand CVE Over to the Private Sector
How MITRE has mismanaged the world’s vulnerability database for decades and wasted millions along the way.
Malicious Next.js Repos Target Developers Via Fake Job Interviews
Linked to North Korean fake job-recruitment campaigns, the poisoned repositories are aimed at establishing persistent access to infected machines.
Anthropic’s Mythos Has Landed: Here’s What Comes Next for Cyber
In this latest installment of the Reporters’ Notebook video series, we discuss how the new AI model threatens to completely upend cybersecurity, and what industry leaders are telling the press.
CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting NAKIVO Backup & Replication software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2024-48248 (CVSS score: 8.6), an absolute path traversal bug that could allow an unauthenticated attacker to
Sophos Named a 2025 Gartner® Peer Insights™ Customers’ Choice for both Endpoint Protection Platforms and Extended Detection and Response
Customers have recognized Sophos for the 4th consecutive time