The North Korean worker scheme has expanded into a global threat. Although it originally focused on U.S. technology companies, the scheme has spread to other regions and sectors, including finance, […]

Continue Reading

On paper, it sounds so simple: you prepare for the real thing by running simulations. After all, the same principle applies to countless disciplines: sports, the military, transport, crisis preparedness, […]

Continue Reading

In mid-2025, Counter Threat Unit™ (CTU) researchers observed a sophisticated BRONZE BUTLER campaign that exploited a zero-day vulnerability in Motex LANSCOPE Endpoint Manager to steal confidential information. The Chinese state-sponsored […]

Continue Reading

Ransomware remains one of today’s most disruptive cyber threats, but it is far from the only one.    Attackers are also exploiting unpatched systems, launching AI-driven phishing campaigns, and using stolen […]

Continue Reading

Counter Threat Unit™ (CTU) researchers are investigating exploitation of a remote code execution vulnerability (CVE-2025-59287) in Microsoft’s Windows Server Update Service (WSUS), a native IT management tool for Windows systems […]

Continue Reading

Many organizations are increasingly deploying large language models (LLMs) such as OpenAI’s GPT series, Anthropic’s Claude, Meta’s LLaMA, and various models from DeepSeek, with minimal customization. This widespread reuse leads […]

Continue Reading

Recent events with F5 and SonicWall underline a continuing issue: network infrastructure is constantly under attack, and the cybersecurity industry continues to grapple with deep product security challenges. Our adversaries […]

Continue Reading

Adversaries exploit compromised identities, infrastructure weaknesses, and misconfigurations to gain unauthorized access to sensitive data and systems, putting user-based access and controls at the frontline of modern IT and cybersecurity. […]

Continue Reading

Scientists from the SophosAI team will present their research at the upcoming Conference on Applied Machine Learning in Information Security (CAMLIS) in Arlington, Virginia. On October 23, Senior Data Scientist […]

Continue Reading

Today, we’ve announced significant enhancements to our Security Operations portfolio, already trusted by 75,000 organizations worldwide via Sophos XDR and Sophos MDR offerings. This marks a major milestone in our […]

Continue Reading

When people think of cyber threats today, ransomware tends to dominate the conversation. It’s flashy, destructive, and grabs headlines. But ransomware rarely arrives on its own. More often than not, […]

Continue Reading

The Counter Threat Unit™ (CTU) research team analyzes security threats to help organizations protect their systems. Based on observations in July and August, CTU™ researchers identified the following noteworthy issues […]

Continue Reading

Microsoft on Tuesday announced 170 patches affecting 21 product families. Eight of the addressed issues are considered by Microsoft to be of Critical severity, and 18 have a CVSS base […]

Continue Reading

On October 15, 2025, F5 reported that a nation-state threat actor had gained long-term access to some F5 systems and exfiltrated data, including source code and information about undisclosed product […]

Continue Reading

Counter Threat Unit™ (CTU) researchers are investigating multiple incidents in an ongoing campaign targeting users of the WhatsApp messaging platform. The campaign, which started on September 29, 2025, is focused […]

Continue Reading

Over the past year and a bit more, we’ve monitored a constellation of events that share a set of general attributes: Malware impersonating, subverting, and embedding itself in legitimate software […]

Continue Reading