May 21, 2025

DragonForce targets rivals in a play for dominance

Not content with attacking retailers, this aggressive group is fighting a turf war with other ransomware operators

Threat Research

May 20, 2025

A familiar playbook with a twist: 3AM ransomware actors dropped virtual machine with vishing and Quick Assist

Another adversary picks up the email bombing / vishing Storm-1811 playbook, doing thorough reconnaissance to target specific employees with fake help desk call—this time, over the phone.

Security OperationsThreat Research

May 15, 2025

Beyond the kill chain: What cybercriminals do with their money (Part 1)

Sophos X-Ops investigates what financially motivated threat actors invest their ill-gotten profits in, once the dust has settled

Threat Research

May 14, 2025

Microsoft primes 71 fixes for May Patch Tuesday

Five issues actively exploited in the wild, but the real excitement may have been handled in advance

Threat Research

May 13, 2025

Introducing the Sophos MSP Elevate program

Accelerating MSP business growth and elevating customers' defenses with differentiated cybersecurity products and services.

Products & Services

May 09, 2025

Lumma Stealer, coming and going

The high-profile information stealer switches up its TTPs, but keeps the CAPTCHA tactic; we take a deep dive

Security OperationsThreat Research

May 08, 2025

NICKEL TAPESTRY expands fraudulent worker operations

The North Korean IT worker scheme grows to include organizations in Europe and Asia and industries beyond the technology sector

Security OperationsThreat Research

May 01, 2025

Sophos Firewall v21.5: Entra ID SSO for Sophos Connect

How to make the most of the new features in Sophos Firewall v21.5.

Products & Services

April 17, 2025

Moving CVEs past one-nation control

A near-miss episode of attempted defunding spotlights a need for a better way

Security OperationsThreat Research