Moving CVEs past one-nation control

April 16, 2025

Sophos Annual Threat Report appendix: Most frequently encountered malware and abused software

These are the tools of the trade Sophos detected in use by cybercriminals over 2024

Security OperationsThreat Research

April 02, 2025

It takes two: The 2025 Sophos Active Adversary Report

The dawn of our fifth year deepens our understanding of the enemies at the gate, and some tensions inside it; plus, an anniversary gift from us to you

Security OperationsThreat Research

April 01, 2025

Qilin affiliates spear-phish MSP ScreenConnect admin, targeting customers downstream

Attack matches three-year long pattern of ScreenConnect attacks tracked by Sophos MDR as STAC4365.

Security OperationsThreat Research

March 28, 2025

Stealing user credentials with evilginx

A malevolent mutation of the widely used nginx web server facilitates Adversary-in-the-Middle action, but there’s hope

Security OperationsThreat Research

March 27, 2025

PJobRAT makes a comeback, takes another crack at chat apps

Sophos X-Ops uncovers a recent campaign from an Android RAT first seen in 2019 – now infecting users in Taiwan

Threat Research

March 20, 2025

The future of MFA is clear – but is it here yet?

Not all authentication is equal to the task in 2025, but there is a best choice within reach

Threat Research

March 12, 2025

Little fires everywhere for March Patch Tuesday

Just 57 CVEs to contend with (plus advisories), but six are already under exploit in the wild

Threat Research

February 11, 2025

February Patch Tuesday delivers 57 packages

After January’s deluge, a calmer update volume returns

Threat Research

February 05, 2025

Scalable Vector Graphics files pose a novel phishing threat

The SVG file format can harbor malicious HTML, scripts, and malware

Threat Research