Moving CVEs past one-nation control

April 29, 2025

Finding Minhook in a sideloading attack – and Sweden too

Multifaceted changes in TTPs illustrate what researchers see when they start digging

Threat Research

April 16, 2025

Sophos Annual Threat Report appendix: Most frequently encountered malware and abused software

These are the tools of the trade Sophos detected in use by cybercriminals over 2024

Security OperationsThreat Research

April 02, 2025

It takes two: The 2025 Sophos Active Adversary Report

The dawn of our fifth year deepens our understanding of the enemies at the gate, and some tensions inside it; plus, an anniversary gift from us to you

Security OperationsThreat Research

April 01, 2025

Qilin affiliates spear-phish MSP ScreenConnect admin, targeting customers downstream

Attack matches three-year long pattern of ScreenConnect attacks tracked by Sophos MDR as STAC4365.

Security OperationsThreat Research

March 28, 2025

Stealing user credentials with evilginx

A malevolent mutation of the widely used nginx web server facilitates Adversary-in-the-Middle action, but there’s hope

Security OperationsThreat Research

March 27, 2025

PJobRAT makes a comeback, takes another crack at chat apps

Sophos X-Ops uncovers a recent campaign from an Android RAT first seen in 2019 – now infecting users in Taiwan

Threat Research

March 20, 2025

The future of MFA is clear – but is it here yet?

Not all authentication is equal to the task in 2025, but there is a best choice within reach

Threat Research

March 12, 2025

Little fires everywhere for March Patch Tuesday

Just 57 CVEs to contend with (plus advisories), but six are already under exploit in the wild

Threat Research

February 11, 2025

February Patch Tuesday delivers 57 packages

After January’s deluge, a calmer update volume returns

Threat Research