What happens when a cybersecurity company gets phished?
A Sophos employee was phished, but we countered the threat with an end-to-end defense process
A Sophos employee was phished, but we countered the threat with an end-to-end defense process
Related
OWASP Highlights Supply Chain Risks in New Top 10
Security misconfiguration jumped to second place while injection vulnerabilities dropped, as organizations improve defenses against traditional coding flaws.
Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access
The recently disclosed critical Microsoft SharePoint vulnerability has been under exploitation as early as July 7, 2025, according to findings from Check Point Research. The cybersecurity company said it observed first exploitation attempts targeting an unnamed major Western government, with the activity intensifying on July 18 and 19, spanning government, telecommunications, and software
Teleport Remote Authentication Bypass
What is the Vulnerability?Teleport security engineers have discovered a critical vulnerability affecting Teleport versions earlier than 17.5.2. This flaw allows remote attackers to bypass SSH authentication on servers running Teleport SSH agents, OpenSSH-integrated deployments, and Teleport Git proxy setups. Exploiting this vulnerability could enable unauthorized access to Teleport-managed systems by circumventing standard authentication controls. View…
Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution
Elastic has rolled out security updates to address a critical security flaw impacting the Kibana data visualization dashboard software for Elasticsearch that could result in arbitrary code execution. The vulnerability, tracked as CVE-2025-25012, carries a CVSS score of 9.9 out of a maximum of 10.0. It has been described as a case of prototype pollution….
Chinese APT Group Is Ransacking Japan’s Secrets
Since 2019, MirrorFace has been stealing information from myriad Japanese organizations to gain leverage over Japan in the event of hostilities between the two countries, experts said.
When Attacks Come Faster Than Patches: Why 2026 Will be the Year of Machine-Speed Security
The Race for Every New CVE Based on multiple 2025 industry reports: roughly 50 to 61 percent of newly disclosed vulnerabilities saw exploit code weaponized within 48 hours. Using the CISA Known Exploited Vulnerabilities Catalog as a reference, hundreds of software flaws are now confirmed as actively targeted within days of public disclosure. Each new…